LDAP and whoson support for SolidPOP3d

Tue May 8 01:56:19 CEST 2001

I ran into one issue running popb4smtp.  And anyone out there conquored 
this yet?

Running sendmail-8.11 and I ran into the issue with it massivly crapping 
when the /etc/mail/access file get's too big.  I'm running (or rather.. was 
running) popb4smtp where it just basicaly tail's the messages and steals 
the ips from successful POP connections from spop3d.  The problem, with the 
large database, sendmail starts rejecting everything and acts as if it's 
ignoring the access database.  A rebuild (makemap) seems to stunt the 
errors for a few seconds, and then it starts again.  A sendmail restart 
will usually stunt the Relaying denied errors for about a minute.

Anyone have suggestions?

btw:  my access database grew to about 8500 lines in 1 day.  sendmail seems 
to die at about 5000 lines.

Apologies beforehand, I know this is not a sendmail list, but I know a lot 
of us are running sendmail and spop3d.  The combo of sendmail, spop3d, and 
popb4smtp seems to be very powerful, it'd just be nice if it worked better! =)

At 07:28 PM 5/7/2001 -0300, you wrote:
>Apparently, attachments don't make it through the list... I guess Jerzy
>or someone else can make it available to the rest... otherwise I can
>repost the sources one in each message within the body or send them in
>private to anyone who ask me for... suggestions?
>
>El 7 May 2001, a las 19:22, Mariano Absatz escribió:
>
> > Hi,
> >
> > We have been using solidpop3d for a few months with a couple of
> > modifications we had to do.
> >
> > We pulished them now so you are able to use it and, if you want to,
> > incorporate them in future versions.
> >
> > Our mail server is ZMailer (see http://zmailer.org).
> >
> > First, we added support for LDAP authentication (since we have our users
> > in an LDAP DIT).
> >
> > Second, we added support for POP before SMTP. For this, we are using a
> > small contributed-to-zmailer protocol called "whoson".
> >
> > This protocol allows remote "login", "logout" and "verify" of IP
> > addressess with username information to a small "on line users database"
> > indexed by IP address with username and timestamp info in it.
> >
> > It can be used from, say, a radius server, to allow to asociate smtp
> > messages coming from an IP address with a radius user.
> >
> > In our case, as we only provide e-mail (and, in fact, we don't have
> > trustable IP addresses), we use it to asociate smtp messages coming from
> > an IP address with a POP or IMAP user.
> >
> > Since, in the case of POP the user is not logged into de POP server while
> > he/she is sending the mail, and rather, logs to POP, downloads, exits POP
> > and THEN he/she connects to SMTP, we only use the "login" and our SMTP
> > server verifies using a predefined timeout.
> >
> > That is, the SMTP does the following (simplified):
> >
> > -if the message is inbound, allow it.
> > -if the message is oubound:
> >     -verify the IP of the client in the whoson database
> >         -if you don't find it, reject it.
> >         -if you find it:
> >             -if the time elapsed since the timestamp is greater
> >                 than your predefined timeout, reject it.
> >             -else, allow the realying and put the username in the
> >                Received: header generated.
> >
> > For this to work, and taking into account that we could have relatively
> > short timeouts and maybe long POP download times, we do a "whoson login"
> > with the user authentication AND with the user's POP logout.
> >
> > So, in POP, we do this "whoson login" right after the authentication and
> > right after the client send the QUIT (obviously, having had a correct
> > authentication :-)
> >
> >
> > ======================================================================
> >
> > In order to implement this stuff, we modified four files, and added two
> > more.
> >
> > Modified files:
> >
> > configure.in
> > acconfig.h
> > src/main.c
> > src/Makefile.in
> >
> > new files:
> >
> > src/auth_ldap.h
> > src/auth_ldap.c
> >
> > The new files, along with "diff -u"s of the modified versions (relative
> > to the 0.15 tarball, no CVS) are attached.
> >
> > ======================================================================
> >
> > To enable the use of this options you have to use the following configure
> > options:
> >
> >   --enable-whoson=PATH
> > compile server with whoson support where PATH is the PATH you have whoson
> > installed (defaults to /usr/local/whoson)
> >
> >   --enable-ldap=PATH
> > compile server with ldap authentication support where PATH is the PATH
> > you have LDAP installed (defaults to /usr/local/ldap)
> >
> >   --with-ldapconfigfile
> > define ldap config file (default is /etc/ldap.conf)
> >
> >   --with-uidmaildir
> > define owner of the maildir directory (default nobody). This is the Unix
> > user which will read and write to the maildirs... it has to have
> > read/write permissions on the maildirs.
> >
> > =======================================================================
> >
> > #
> > # Example /etc/ldap.conf file
> > #
> > # You must at least define "base", "ldaphost", "filter" & "attr".
> > #
> > base            ou=mailUsers,o=exampleOrganization
> > ldaphost        ldap.example.com
> > ldapport        389
> > binddn          cn=ReadOnlyUser, o=exampleOrganization
> > passwd          secret
> > filter          (&(objectclass=mailUser)(uid=%s))
> > passattr        userPassword
> > attr            maildirFileName
> > scope           sub
> >
> > =======================================================================
> >
> > We added a -n option to solidpop3d to handle a base path from where
> > maildirFileName is relative. You can use it from /etc/inetd with:
> >
> > pop-3   stream  tcp     nowait  root    /usr/sbin/tcpd \
> >            /usr/local/sbin/spop3d -n /maildir-base/%s -t maildir
> >
> > if in the maildirFileName attribute you have "/x/y/somebody", it will
> > look for the maildir in /maildir-base/x/y/somebody.
> >
> > ==========================================================================
> > Acknowledgements:
> >
> > This stuff wasn't made by me... I am only the "guy who better writes in
> > English" :-)
> >
> > The author is Edgardo Szulsztein <edgardosz at yahoo.com>.
> >
> > The LDAP code was taken from the ZMailer LDAP code made (as stated in the
> > source code) by:
> >
> > Lai Yiu Fai                       |  Tel.:       (852) 2358-6202
> > Centre of Computing Services      |  Fax.:       (852) 2358-0967
> >  & Telecommunications             |  E-mail:     ccyflai at ust.hk
> >                                   |
> > The Hong Kong University of       |  Clear Water Bay,
> > Science & Technology              |  Kowloon, Hong Kong.
> >
> >
> > --
> > Mariano Absatz - El Baby
> > mailto:baby at baby.com.ar
> > http://www.baby.com.ar/
> >     PGP KEYS: http://www.baby.com.ar/datos/personales.html#claves_pgp
> >   |\  _
> >   _\\/'>     Powered by Pegasus Mail
> >  /|__)       http://www.pmail.com
> >   ) )\
> > -----------------------------------------------------------
> > Programming is an art form that fights back.
> >
> >
> >
>
>
>--
>Mariano Absatz - El Baby
>mailto:baby at baby.com.ar
>http://www.baby.com.ar/
>     PGP KEYS: http://www.baby.com.ar/datos/personales.html#claves_pgp
>   |\  _
>   _\\/'>     Powered by Pegasus Mail
>  /|__)       http://www.pmail.com
>   ) )\
>-----------------------------------------------------------
>Allow me to introduce my selves.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: solidpop3d-list-unsubscribe at lists.pld.org.pl
>For additional commands, e-mail: solidpop3d-list-help at lists.pld.org.pl

----------------------------------
Visp Systems Administration
Voice:  541-476-5352 ext. 4
Support Board: http://support.visp.net/bb