[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qmail
Subject:    Re: SMTP Authentication
From:       Scott Gifford <sgifford () suspectclass ! com>
Date:       2005-04-29 22:05:27
Message-ID: lyoebxxmqg.fsf () gfn ! org
[Download RAW message or body]

Charles Cazabon <qmail@discworld.dyndns.org> writes:

> Payal Rathod <payal-dated-050509-c68@scriptkitchen.com> wrote:
>> 
>> > One involves changing the rule your POP-before-SMTP agent puts in the
>> > tcprules to include RBLSMTPD=""; the other involves a small shellscript
>> > run in-between tcpserver and rblsmtpd that sets RBLSMTPD to "" if
>> > RELAYCLIENT is set.  The latter will work with SMTP AUTH as well.
>
> Thinko: of course that won't work with rblsmtpd and SMTP AUTH.  It does still
> work for POP/IMAP-before-SMTP, of course.

I have some code I've used for this here:

    http://www.suspectclass.com/~sgifford/smtp_auth/

Payal, this doesn't really answer your question of what other ISPs are
doing, since AFAIK nobody uses this code but me, and I don't even use
it much anymore, but it does solve the problem.  :)

It uses an "smtp_auth" frontend, which will handle SMTP AUTH if it's
the first command sent (setting RELAYCLIENT), then fire up the rest of
the command-line.

So one possibility is to use something like:

   tcpserver ... smtp_auth checkpassword_nosu \
                 setuidgid qmaild \
                 smtpproxy \
                 rblsmtpd \
                 qmail-smtpd

By the time rblsmtpd is run, RELAYCLIENT is set if SMTP AUTH has been
done, so it will do The Right Thing.

Unfortunately, performance on this is quite bad.  It's possible to
optimize it a lot, but I haven't really taken the time to do this.

Enjoy!  :)

---ScottG.
[prev in list] [next in list] [prev in thread] [next in thread]