README smtp-poplock v2.06 A package to allow only users who have authenticated via the POP3/IMAP server to relay mail using qmail-smtpd by David Harris Offered under the LGPL (Lesser General Public License) or Artistic license (your choice). See the LICENSE file for details. Overview -------- Smtp-poplock is a simple system to only allow hosts who have authenticated via the POP3 or IMAP server to relay mail using qmail. Smtp-poplock does not require patching the POP3/IMAP server or qmail. It is based on two programs: First, a daemon which monitors POP3/IMAP logins and maintains an authorized users database. Second, a wrapper for qmail-smtp which sets the RELAYCLIENT environment variable based on the authorized hosts database. Setting this environment variable per-request, in tandem with the control/rcpthosts file, only allows authorized hosts to relay mail. Smtp-poplock was designed to monitor POP3/IMAP logins by monitoring the syslog for log lines. (I first started with the RH Linux 5.1 server.) Porting to work with other POP3/IMAP servers which note user anuthentication in the syslog should be easy. The qmail-pop3d system does not log user authentication to the syslog. However, this package details a way to easily add this functionality in without having to patch any source code. Latest copy of everything will be at: http://www.davideous.com/smtp-poplock/ Theory of Operation ------------------- Whenever someone authenticates through POP3 a log message is sent to the system logger (syslogd) or a file by the POP3 daemon. There is a background daemon process called "readlog" which is reading this log information either through a named pipe written to by the system logger or a "tail -f" process monitoring the log file directly. Whenever reads a POP3/IMAP authentication from the named fifo, it records the accessing IP address and the time in the database file /var/smtp-poplock/dbfile. This database is continually maintained by readlog. When anyone connects via SMTP the wrapper program "relaylock" is run before qmail-smtpd. Relaylock compares the accessing IP address with the database of allowed hosts maintained by readlog. If the connecting host is allowed to relay, then the environment variable "RELAYCLIENT" is set which is a flag to qmail-smtpd that this connection is allowed to relay mail. After relaylock has checked with the database and possibly set "RELAYCLIENT" it runs qmail-smtpd which carries on the smtp chat with the accessing user. For qmail-smtpd to require the "RELAYCLIENT" environment variable before relaying mail, the file control/rcpthosts must exist and have the domain/host names which this server will accept mail for. ( For more information on the qmail-smtpd side of the mechanism see http://qmail-docs.surfdirect.com.au/docs/qmail-antirelay.html ) There is a utility program called "showallowed" will list the allowed hosts from the /var/smtp-poplock/dbfile file. If one is using a named pipe to pass POP authentication information to readlog, then there is another little program which should be run in the background as a safety measure. It is called "fifo-safety" and it monitors the fifo to keep it from filling up if readlog fails for some reason. You see, if readlog stops reading from the named pipe, the pipe will fill up and block when syslogd writes. Which then blocks syslogd and anything which tries to use it, including login(1) and tcpd(8). This is what's called a total system meltdown and it happened to me. Working with other OS's and POP/IMAP servers -------------------------------------------- Smtp-poplock was first designed to work on Red Hat Linux with their POP3/IMAP server (IMAP4 rev1/c-client by Mark Crispin), but has been and can be easily made to work with other systems. All source code is in Perl. This was for ease of programming and for portability. (Long live the kingdom!) The only real requirement is that the POP3/IMAP server log user authentication to some place (file or syslog service) where the readlog daemon can get at it. The current matching code has some default parsers which will work out-of-box for a number of servers and for the qmail-pop3d logging. Minor perl regular expression knowledge may be required to modify the regular expression matching code to detect your particular POP3/IMAP server. This code is an anonymous subroutine in a configuration file. See the INSTALL file for more details. If you get this running on another system or run into any system dependent quirks that other people should know, send me an e-mail at dharris@drh.net, and I'll add it to the README or INSTALL file. Thanks to... ------------ First of all Dan Bernstein for creating such a high quality, extensible Mail Transport Agent. Thanks to the following (in alphabetical order) for their help, feedback, and patches: Adam Aijaz A. Ansari Bryan T. Schmidt Clemens Gutweiler Derek C. Florian Dembeck Mark Conway Wirt Michael Holzt Mike Schroll Nir Yeffet Peter Conrad Sebastiaan van Erk Steve Atkins Steve Valliere Timothy Lorenc Disclaimer of Warranty ---------------------- THIS SOFTWARE IS PROVIDED BY DAVID R. HARRIS "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID R. HARRIS OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Copyright --------- Copyright (c) 1999-2002 David R. Harris All Rights Reserved. See the LICENSE file for license details.