[Greylist-users] qmail implementation - correct this time, I hope

Tony Arcieri tarcieri at atmos.colostate.edu
Fri Jun 27 13:50:30 PDT 2003

On Fri, 27 Jun 2003, Eirik Oeverby wrote:

> Hi,
> I've implemented your patch and a envelope-scanner script successfully,
> though it still won't apply cleanly to the freebsd port. I have tried
> before and after the freebsd patches were applied.

That's very odd, because I have no problems here:

# cd /usr/ports/mail/qmail/
# make patch
===>  Extracting for qmail-1.03_1
>> Checksum OK for qmail-1.03.tar.gz.
>> Checksum OK for qmail-103.patch.
===>  Patching for qmail-1.03_1
===>  Applying distribution patches for qmail-1.03_1
===>  Applying FreeBSD patches for qmail-1.03_1
# cd work/qmail-1.03/
# patch -p1 < ~tarcieri/qmail-envelope-scanner.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
|--- qmail-1.03/qmail-smtpd.c   Mon Jun 15 04:53:16 1998
|+++ qmail-1.03-scanenv/qmail-smtpd.c   Thu Jun 26 16:16:24 2003
Patching file qmail-smtpd.c using Plan A...
Hunk #1 succeeded at 19.
Hunk #2 succeeded at 47.
Hunk #3 succeeded at 226.
Hunk #4 succeeded at 298.

> There is one big disadvantage with the way you have implemented this,
> though I don't see how you could have done it differently: It leaves no
> room for delaying the check until *after* the DATA phase.

As soon as I can set up a test system I will begin investigating this.

> As described in the original greylisting document, this can be necessary
> in some cases, for example when an exim (or other) MTA issues a callback
> to verify the sender. This will fail if we issue a temporary failure
> immediately following the RCPT TO command. As described in the document,
> the MTAs doing this will simply await a positive response to the RCPT_TO
> and then abort the SMTP connection. In the case of a spammer or whatever
> trying to imitate this to get through, we need to be able to issue a
> tempfail AFTER the DATA phase.
> Do you have any ideas as to how to implement this? One way would be to
> create another function in qmail-smtpd to be called after the DATA
> phase, if the envelope scanner returns an exit code commanding this (The
> envelope check will determine if another check after the DATA phase is
> necessary, and return accordingly, letting qmail-smtpd know if it should
> run the next check aswell - this would make sure the additional load is
> not too high).

The qmail code is simple enough that making these sort of modifications is
relatively trivial.  I really need a test system to do these modifications
on though.  As can be inferred from me posting the patch repeatedly as I
catch bugs by auditing the code, I have nothing to do testing on for the
time being.  Hopefully I can get a machine together for those purposes
some time next week.

Tony Arcieri

More information about the Greylist-users mailing list