|
|
|
|
|
|
| Author |
Message |
Kyle Wheeler
*nix forums Guru Wannabe
Joined: 07 Jan 2005
Posts: 208
|
 Posted: Thu Jul 20, 2006 1:40 am Post subject:
Re: relayclients control file patch advice
|
|
|
On Wednesday, July 19 at 08:55 PM, quoth Tim O'Donovan:
| Quote: | The easiest solution is still using tcpserver's rules database
feature.
I will more than likely pursue this, although it would mean merging our
internal server and xDSL relayclients into one database. Although this
isn't a problem, I would have preferred them separated in a more
organised manner.
|
You can keep them separate. For example:
cat /etc/tcp.smtp.internalservers /etc/tcp.smtp.xDSL | tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp
Unless you plan on editing /etc/tcp.smtp.cdb by hand (ummm…?), you’ll
never have to view them as a single database.
~Kyle
--
The test of our progress is not whether we add more to the abundance
of those who have much; it is whether we provide enough for those who
have too little.
-- Franklin D. Roosevelt |
|
| Back to top |
|
 |
Tim O'Donovan
*nix forums beginner
Joined: 19 Jul 2006
Posts: 4
|
| Posted: Wed Jul 19, 2006 7:55 pm Post subject:
Re: relayclients control file patch advice
|
|
|
| Quote: | You're forking and invoking a Perl interpreter on each RCPT command
|
Actually it is called via execv(), but either way, the fact that it's
Perl is the underlying factor when the resource usage (and completion
time) is concerned. I've been putting off rewriting it in C...
| Quote: | running SpamAssassin during the SMTP conversation
|
Not that it has any bearing on this, but it is called after the SMTP
conversation.
| Quote: | You won't even notice this overhead.
|
Thanks, that was my main concern.
| Quote: | The easiest solution is still using tcpserver's rules database feature.
|
I will more than likely pursue this, although it would mean merging our
internal server and xDSL relayclients into one database. Although this
isn't a problem, I would have preferred them separated in a more
organised manner.
Thanks again for the input, it has been most useful.
Kind regards,
Tim O'Donovan |
|
| Back to top |
|
|
Charles Cazabon
*nix forums Guru
Joined: 08 Jan 2005
Posts: 805
|
| Posted: Wed Jul 19, 2006 7:09 pm Post subject:
Re: relayclients control file patch advice
|
|
|
Tim O'Donovan <tim@icukhosting.co.uk> wrote:
| Quote: | Write a tiny program that gets the IP to look up from TCPREMOTEIP, does the
lookup in whatever fashion you want (from your data file, etc) and
conditionally sets RELAYCLIENT, then execs the balance of its commandline
[...]
This sounds like a good idea, that I will probably experiment with, but
won't there be additional overheads involved with executing an external
program, rather than being carried out within qmail-smtpd (or tcpserver)
itself? Or will the extra resource usage be negligible? We're already
using the rcptcheck patch that calls a Perl script each time a 'rcpt to'
is received
|
You're forking and invoking a Perl interpreter on each RCPT command, *and*
running SpamAssassin during the SMTP conversation, and you're worried about
the overhead involved in one additional exec() (*not* fork()) call per SMTP
connection?
You won't even notice this overhead.
| Quote: | This method is more than likely the easiest to carry out, but it
accomplishes exactly the same, programmatically, as what I had originally
intended. But the question is whether the advantage of it's ease of
implementation outweighs any disadvantage it may carry,
|
It should be far easier, and require far less debugging, than patching
qmail-smtpd to do the equivalent.
The easiest solution is still using tcpserver's rules database feature.
Charles
--
--------------------------------------------------------------------------
Charles Cazabon <qmail@discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for details.
-------------------------------------------------------------------------- |
|
| Back to top |
|
|
Tim O'Donovan
*nix forums beginner
Joined: 19 Jul 2006
Posts: 4
|
| Posted: Wed Jul 19, 2006 6:52 pm Post subject:
Re: relayclients control file patch advice
|
|
|
| Quote: | If you absolutely want to do it this way, you don't actually need a patch.
Write a tiny program that gets the IP to look up from TCPREMOTEIP, does the
lookup in whatever fashion you want (from your data file, etc) and
conditionally sets RELAYCLIENT, then execs the balance of its commandline
(just like rblsmtpd, for example). Then insert this custom program in your
SMTP service script between tcpserver and qmail-smtpd.
|
This sounds like a good idea, that I will probably experiment with, but
won't there be additional overheads involved with executing an external
program, rather than being carried out within qmail-smtpd (or tcpserver)
itself? Or will the extra resource usage be negligible? We're already
using the rcptcheck patch that calls a Perl script each time a 'rcpt to'
is received by qmail-smtpd (which is fairly expensive when compared to
vanilla qmail), as well as SpamAssassin checks via QMAILQUEUE, so
keeping resource usage to a minimum is paramount.
This method is more than likely the easiest to carry out, but it
accomplishes exactly the same, programmatically, as what I had
originally intended. But the question is whether the advantage of it's
ease of implementation outweighs any disadvantage it may carry, and
similarly with the original method I had planned.
Thanks for the input, much appreciated.
Kind regards,
Tim O'Donovan |
|
| Back to top |
|
|
Tim O'Donovan
*nix forums beginner
Joined: 19 Jul 2006
Posts: 4
|
| Posted: Wed Jul 19, 2006 6:47 pm Post subject:
Re: relayclients control file patch advice
|
|
|
The reason I decided on this wasn't because it was the easiest method,
but rather because it was the most convenient method to fit into our
existing setup. All our internal servers are setup as relayclients
within the tcp.smtp rules, and I would have preferred to have kept them
separate from the xDSL relayclients. But given the responses to this
post so far, I will probably be considering another method.
| Quote: | just try to convince us it's cool!
|
I'm not sure that it's possible! I think the coolest thing (well, most
fun at least) would have been the coding itself, rather than it's
functionality.  And then the functionality may only be useful for
ourselves anyway.
Thanks for your input, much appreciated.
Kind regards,
Tim O'Donovan |
|
| Back to top |
|
|
Payal Rathod
*nix forums addict
Joined: 12 Jan 2005
Posts: 62
|
| Posted: Wed Jul 19, 2006 4:34 pm Post subject:
Re: relayclients control file patch advice
|
|
|
On Wed, Jul 19, 2006 at 05:57:32PM +0200, Fabio Busatto wrote:
| Quote: | You must execute the rest of the commandline, for example:
|
Thanks a lot. It works.
With warm regards,
-Payal |
|
| Back to top |
|
|
Fabio Busatto
*nix forums beginner
Joined: 02 Feb 2006
Posts: 24
|
| Posted: Wed Jul 19, 2006 3:57 pm Post subject:
Re: relayclients control file patch advice
|
|
|
On Wed, Jul 19, 2006 at 11:48:17AM -0400, Payal Rathod wrote:
| Quote: | It works right but I am not able to exec the rest of commandline because
as soon as I connect to port 25 my scipt runs and connection is
terminated.
|
You must execute the rest of the commandline, for example:
yourprog qmail-smtpd parameters
Something like:
shift
exec $*
can be a solution.
-fabio |
|
| Back to top |
|
|
Payal Rathod
*nix forums addict
Joined: 12 Jan 2005
Posts: 62
|
| Posted: Wed Jul 19, 2006 3:48 pm Post subject:
Re: relayclients control file patch advice
|
|
|
On Wed, Jul 19, 2006 at 08:44:19AM -0600, Charles Cazabon wrote:
| Quote: | If you absolutely want to do it this way, you don't actually need a
patch.
Write a tiny program that gets the IP to look up from TCPREMOTEIP, does the
|
Well, I wrote a simple script 1.sh which contained only a line
#!/bin/sh
echo $TCPREMOTEIP >> /tmp/1.log
I placed it just as one would place recordio.
It works right but I am not able to exec the rest of commandline because
as soon as I connect to port 25 my scipt runs and connection is
terminated.
With warm regards,
-Payal |
|
| Back to top |
|
|
Charles Cazabon
*nix forums Guru
Joined: 08 Jan 2005
Posts: 805
|
| Posted: Wed Jul 19, 2006 2:44 pm Post subject:
Re: relayclients control file patch advice
|
|
|
Tim O'Donovan <tim@icukhosting.co.uk> wrote:
| Quote: |
I'm about to embark on writing a small patch for qmail so that it will
check a relayclient control file for the TCPREMOTEIP environment
variable (if the RELAYCLIENT environment variable is not already set),
and thought I'd seek any advice the list may have first.
|
Eh.
| Quote: | We'd like our xDSL customers to be able to send through some of our
servers unauthenticated but the problem we have is that as we have many
small blocks of IPs (128-256 in each), adding all the IP ranges to
tcp.stmp will become cumbersome; especially when more IPs are allocated
to us through RIPE.
|
There are better solutions. For instance, you can keep track of your
allocated blocks in some other fashion and generate the tcprules data file
automatically.
| Quote: | I don't anticipate that writing the patch itself will be a problem, but
wanted to know of any shortcomings/problems that using such a method may
incur.
|
If you absolutely want to do it this way, you don't actually need a patch.
Write a tiny program that gets the IP to look up from TCPREMOTEIP, does the
lookup in whatever fashion you want (from your data file, etc) and
conditionally sets RELAYCLIENT, then execs the balance of its commandline
(just like rblsmtpd, for example). Then insert this custom program in your
SMTP service script between tcpserver and qmail-smtpd.
| Quote: | I have searched for an existing patch that will do this but haven't
found anything as of yet
|
That's because what you're asking can be done purely with tcpserver, or with
no patch if you don't want tcpserver to do it.
Charles
--
--------------------------------------------------------------------------
Charles Cazabon <qmail@discworld.dyndns.org>
Read http://pyropus.ca/personal/writings/12-steps-to-qmail-list-bliss.html
My services include qmail consulting. See http://pyropus.ca/ for details.
-------------------------------------------------------------------------- |
|
| Back to top |
|
|
Fabio Busatto
*nix forums beginner
Joined: 02 Feb 2006
Posts: 24
|
| Posted: Wed Jul 19, 2006 1:38 pm Post subject:
Re: relayclients control file patch advice
|
|
|
On Wed, Jul 19, 2006 at 02:11:47PM +0100, Tim O'Donovan wrote:
| Quote: | We'd like our xDSL customers to be able to send through some of our
servers unauthenticated but the problem we have is that as we have many
small blocks of IPs (128-256 in each), adding all the IP ranges to
tcp.stmp will become cumbersome;
|
Why? I think this should not be a problem.. tcp.smtp will contain 100 lines?
I don't think it's too much.. especially when more IPs are allocated
And how do you think to manage your control file? Do you think to a more compact
way to aggregate ip addresses? Maybe I don't understand how your control file
can be smaller than the tcp.smtp.. please explain :)
| Quote: | to us through RIPE. It would also make it harder to block single IPs
from sending through the servers if they have virally infected machines
that are pumping out spam/viruses etc, for instance.
|
you can just put it in the tcp.smtp file with a deny rule, and check with
tcprulescheck if it matches the ip address instead of the more generic one.
| Quote: | I don't anticipate that writing the patch itself will be a problem, but
wanted to know of any shortcomings/problems that using such a method may
incur.
|
Uhm, as I can understand your idea, it's not much more than a clone of the
tcp.smtp file, but maybe I need more information about which are the benefits
of your patch. By the way, I'm not saying that your patch will be useless,
just show us more :)
| Quote: | I have searched for an existing patch that will do this but haven't
found anything as of yet, as well as searching previous posts on this list.
|
Uhm, if you need more flexibility in the tcp.smtp file, why don't you write
this patch for tcpserver instead of qmail? For example to support network
masks in address definition (now it's done on a dotted decimal mask only).
Don't misunderstand this answer, just try to convince us it's cool! :)
Fabio |
|
| Back to top |
|
|
Tim O'Donovan
*nix forums beginner
Joined: 19 Jul 2006
Posts: 4
|
| Posted: Wed Jul 19, 2006 1:11 pm Post subject:
relayclients control file patch advice
|
|
|
Hi,
I'm about to embark on writing a small patch for qmail so that it will
check a relayclient control file for the TCPREMOTEIP environment
variable (if the RELAYCLIENT environment variable is not already set),
and thought I'd seek any advice the list may have first.
We'd like our xDSL customers to be able to send through some of our
servers unauthenticated but the problem we have is that as we have many
small blocks of IPs (128-256 in each), adding all the IP ranges to
tcp.stmp will become cumbersome; especially when more IPs are allocated
to us through RIPE. It would also make it harder to block single IPs
from sending through the servers if they have virally infected machines
that are pumping out spam/viruses etc, for instance.
I don't anticipate that writing the patch itself will be a problem, but
wanted to know of any shortcomings/problems that using such a method may
incur.
I have searched for an existing patch that will do this but haven't
found anything as of yet, as well as searching previous posts on this list.
Any advice would be greatly appreciated.
Kind regards,
Tim O'Donovan |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Thu Dec 04, 2008 4:43 am | All times are GMT
|
|
Current Accounts | Mortgage Calculator | Houses for Sale | Buy Anything On eBay | Big Brother 9
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Apps
»
Qmail
