Topic: smtp-auth (ESMTP)

[Durval Luis Henke]

Dear friends , first of all sorry for my english i speak portuguese.

Wat i have done to make things work on a e-smith distro..
I have erased the two obtuse-smtp packages of e-smith
instaled rpms for developping on e-smith
rebuild the e-smith qmail rpm packages with smtp.auth patches
if you want them please ask i will send to you or send to this list or to
the owner of list

then I rpm -Uvh --force /usr/src/redhat/RPMS/i386/qmail-1.03.i386.rpm
in my hosts.allow i put
#------------------------------------------------------------
# DO NOT MODIFY THIS FILE! It is updated automatically by the
# e-smith server and gateway software. Instead, modify the source
# template in the /etc/e-smith/templates-custom directory. For more
# information, see http://www.e-smith.org.
#
# copyright (C) 1999-2001 e-smith, inc.
#------------------------------------------------------------


# appletalk services
afpd : 127.0.0.1, 192.168.0.0/255.255.255.0
papd : 127.0.0.1, 192.168.0.0/255.255.255.0

in.identd: 127.0.0.1 ALL

# IMAP server
imapd : ALL

# LDAP servers
slapd : ALL
# ftp is disabled entirely by FTP access limits

# pop3 server
qmail-popup : ALL

#smtp-auth server
tcp-env : ALL

# sshd daemon
sshd: ALL
# telnet access is currently disabled

#------------------------------------------------------------
# TEMPLATE END
#------------------------------------------------------------
############################################################################
##############################
my hosts.deny
#------------------------------------------------------------
# DO NOT MODIFY THIS FILE! It is updated automatically by the
# e-smith server and gateway software. Instead, modify the source
# template in the /etc/e-smith/templates directory. For more
# information, see http://www.e-smith.org.
#
# copyright (C) 1999, 2000 e-smith, inc.
#------------------------------------------------------------

ALL: ALL

#------------------------------------------------------------
# TEMPLATE END
#------------------------------------------------------------


############################################################################
#################################

#------------------------------------------------------------
 # DO NOT MODIFY THIS FILE! It is updated automatically by the
 # e-smith server and gateway software. Instead, modify the source
 # template in the /etc/e-smith/templates directory. For more
 # information, see http://www.e-smith.org.
 #
 # copyright (C) 1999, 2000 e-smith, inc.
 #------------------------------------------------------------

 # Files in the xinetd.d directory are not used by e-smith

 defaults
 {
         instances               = 60
         log_type                = SYSLOG authpriv
         log_on_success          = HOST PID USERID EXIT DURATION
         log_on_failure          = HOST RECORD USERID
 }
 service auth
 {
     socket_type                 = stream
     wait                        = no
     user                        = nobody
     server                      = /usr/sbin/in.identd
     server_args                 = -l -e -o -q
 }


 # ftp access limits has been set to 'disabled entirely'
 # in the e-smith services database.


 # telnet has been flagged as 'disabled'
 # in the e-smith services database.

 service imap
 {
     socket_type         = stream
     wait                        = no
     user                        = root
     server                      = /usr/sbin/imapd
     log_on_success              += DURATION USERID
     log_on_failure              += USERID
 }

 service pop-3
 {
     socket_type = stream
     user                = root
     wait                = no
     server              = /var/qmail/bin/qmail-popup
     server_args = localhost /bin/checkpassword /var/qmail/bin/qmail-pop3d
 Maildir
 }

service smtp
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
#qmaild
        server          = /var/qmail/bin/tcp-env
        server_args     = -r /var/qmail/bin/qmail-smtpd gw.sol.henke.com.br
/bin/checkpassword /bin/true
        log_type        = FILE /var/log/maillog
#       env             = NODNSCHECK=""               ! Disables DNS Checks
for envelope's sender
#       env             = RELAYCLIENT="12.34.56.78"   ! not to be applied
with relayclients/relaydomains!
        log_on_success          = HOST PID USERID EXIT DURATION
        log_on_failure          = HOST RECORD USERID
#        log_on_success  = HOST
#        log_on_failure  = HOST RECORD
}



############################################################################
 #################################
 the only thing that is not working is when i setup on xinetd.conf  the user
 qmaild to use smtp
 the user is not authenticated even i chmod 0777 /bin/checkpassword
 i do not know if this is a security hole but if it is please help me to
make
 things work with security.

 my new step is to put rbl , odeiavir  to work
 I hope this work to you guys
 i need some templates to the /etc/e-smith/templates
 Thanks
 Durval Luis Henke

[ehud gavron]

I've set up Qmail-1.03 with SMTP AUTH and TLS
on an E-smith 5.12 server.  It only took about
an hour, 8 downloads (make, compiler, qmail, patch.)

The key download:
http://www.arctic.org/~dean/patches/qmail-1.03-arctic-1.patch

Make:
ftp://ftp.rpmfind.net/linux/redhat/7.2/en/os/i386/RedHat/RPMS/make-3.79.1-8.i386.rpm

The gcc, cpp, glibc-devel, binutils, kernel-headers from:
http://kde.uk.themoes.org/pub/kde/stable/2.2/RedHat/7.x/non-kde/i386/

And the Qmail source files from:
http://cr.yp.to/software/qmail-1.03.tar.gz

Unrelatedly I also have a patch to qmail-smtpd.c which only allows RCPT TO local users.  You might think of it as an INCLUSIVE implementation of BADRCPTTO.  

Ehud
new E-smith user

[Tom Carroll]

Ehud, you may want to post this to the devinfo list.  There has been some recent traffic about SMTP AUTH and how folks are implementing it.  Your contribution could be looked over by folks who are intimately familiar with SME and either offer suggestions or possibly incorporate your ideas/contribution into a future release.

If anything they may be able to assist you in creating a contributor RPM so others can painlessly install your modifications.

You can subscribe to the devinfo mailing list by sending an e-mail to devinfo-subscribe@lists.e-smith.org.

You can find out more about the developers list by going to http://www.e-smith.org/content/developers/

Thanks for the information!

Tom Carroll

[ehud gavron]

Sounds good.  I'll check it out in spare time.

For now I've created a SortOf Howto
ftp://ftp.login.com/pub/software/qmail-patches/mail.html

That directory also contains a patched qmail-smtpd.c,
as well as the other referenced patches.

Ehud

[ehud gavron]

I had a similar problem, documented as part of
ftp://ftp.login.com/pub/software/qmail-patches/mail.html
(qmail AUTH + TLS)

Here's my comment from there:
Unfortunately /bin/checkpassword wants root, and sticky to work. (If you don’t do this, you’ll get a 421 out of memory error from the SMTP server).
% chown root /bin/checkpassword
% chmod 4755 /bin/checkpassword
% chmod a+s /bin/checkpassword

[ehud gavron]

I keep sending half-thoughts instead of complete ones.

The problem with the requirement for SUID is documented
in the zach white patch.

Ehud