5 messages in net.sourceforge.lists.courier-usersRe: [courier-users] timeouts and ptr ...
FromSent OnAttachments
Lindsay HaisleyAug 24, 2007 9:52 am 
Sam VarshavchikAug 24, 2007 2:58 pm 
Lindsay HaisleyAug 24, 2007 6:42 pm 
Sam VarshavchikAug 24, 2007 6:53 pm 
Lindsay HaisleyAug 25, 2007 8:18 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] timeouts and ptr recordsActions...
From:Sam Varshavchik (mrs@courier-mta.com)
Date:Aug 24, 2007 6:53:20 pm
List:net.sourceforge.lists.courier-users

Lindsay Haisley writes:

On Fri, 2007-08-24 at 17:58 -0400, Sam Varshavchik wrote:

I'd also like to have the option to drop SMTP connections outside of the LAN for which the IP address of the connecting host has no PTR record and won't reverse resolve to a name. Is there any way to do this in Courier?

No, not directly. The only thing you can do is to take the qmail approach, and have couriertcpd invoke your wrapper, that checks TCPREMOTEIP and TCPREMOTEHOST, and the invokes courieresmtpd itself.

In Gentoo's build of courier, the stock invocation of courieresmtpd looks like this.

/usr/sbin/couriertcpd [logger, pid and other options] [block options] -access=/etc/courier/smtpaccess.dat -address=0 465 /usr/bin/couriertls -server -tcpd /usr/sbin/courieresmtpd

Do I need to insert a wrapper of some sort in here? Are there any instructions, examples or prototypes available?

There are no specific examples, but it works just like similar qmail-based setups. After parsing couriertcpd's options, the remaining arguments form the command courietcpd runs after establishing a connection, specifically: "/usr/bin/couriertls -server -tcpd /usr/sbin/courieresmtpd". When couriertls starts, after parsing its options the remaining argument forms the command couriertls runs, specifically "/usr/sbin/courieresmtpd".

You would want to replace the last argument with your own wrapper: /usr/local/sbin/esmtpdwrapper, an executable shell script, that might do something like this:

#! /bin/sh

if test "$TCPREMOTEHOST" = "" then exit 0 fi

exec /usr/sbin/courieresmtpd

So, connections without a hostname in TCPREMOTEHOST get dropped right away, everyone else runs courieresmtpd, as usual. Read "ENVIRONMENT VARIABLES" in couriertcpd's man page for a list of environment variables you can use. Your wrapper inherits the environment all the way from couriertcpd. You said you don't want to require valid reverse DNS from some IP address ranges, so you'll need to tweak this logic.