[Greylist-users] qmail implementation - correct this time, I
hope
Tony Arcieri
tarcieri at atmos.colostate.edu
Fri Jun 27 13:50:30 PDT 2003
On Fri, 27 Jun 2003, Eirik Oeverby wrote:
> Hi,
>
> I've implemented your patch and a envelope-scanner script successfully,
> though it still won't apply cleanly to the freebsd port. I have tried
> before and after the freebsd patches were applied.
That's very odd, because I have no problems here:
# cd /usr/ports/mail/qmail/
# make patch
...
===> Extracting for qmail-1.03_1
>> Checksum OK for qmail-1.03.tar.gz.
>> Checksum OK for qmail-103.patch.
===> Patching for qmail-1.03_1
===> Applying distribution patches for qmail-1.03_1
===> Applying FreeBSD patches for qmail-1.03_1
# cd work/qmail-1.03/
# patch -p1 < ~tarcieri/qmail-envelope-scanner.patch
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- qmail-1.03/qmail-smtpd.c Mon Jun 15 04:53:16 1998
|+++ qmail-1.03-scanenv/qmail-smtpd.c Thu Jun 26 16:16:24 2003
--------------------------
Patching file qmail-smtpd.c using Plan A...
Hunk #1 succeeded at 19.
Hunk #2 succeeded at 47.
Hunk #3 succeeded at 226.
Hunk #4 succeeded at 298.
done
> There is one big disadvantage with the way you have implemented this,
> though I don't see how you could have done it differently: It leaves no
> room for delaying the check until *after* the DATA phase.
As soon as I can set up a test system I will begin investigating this.
> As described in the original greylisting document, this can be necessary
> in some cases, for example when an exim (or other) MTA issues a callback
> to verify the sender. This will fail if we issue a temporary failure
> immediately following the RCPT TO command. As described in the document,
> the MTAs doing this will simply await a positive response to the RCPT_TO
> and then abort the SMTP connection. In the case of a spammer or whatever
> trying to imitate this to get through, we need to be able to issue a
> tempfail AFTER the DATA phase.
>
> Do you have any ideas as to how to implement this? One way would be to
> create another function in qmail-smtpd to be called after the DATA
> phase, if the envelope scanner returns an exit code commanding this (The
> envelope check will determine if another check after the DATA phase is
> necessary, and return accordingly, letting qmail-smtpd know if it should
> run the next check aswell - this would make sure the additional load is
> not too high).
The qmail code is simple enough that making these sort of modifications is
relatively trivial. I really need a test system to do these modifications
on though. As can be inferred from me posting the patch repeatedly as I
catch bugs by auditing the code, I have nothing to do testing on for the
time being. Hopefully I can get a machine together for those purposes
some time next week.
Tony Arcieri
More information about the Greylist-users
mailing list