Topic: Pop-before-SMTP

[Nathan Fowler]

Is the router doing port forwarding on 25 to the E-Smith box?

[David Stanton]

Yep, If I force the email address in to the config file:

allow:192.168.1.1:remoteuser@mydomain.xxx:ALL

The remoteuser@mydomain.com can use smtpd from outside the trusted network. I set the IP to ensure that the daemon thinks the mail is coming from 192.168.1.1

The default setup by e-smith is

allow:192.168.1.1:ALL:*@mydomain.com
noto:192.168.1.1

so it will allow incoming for all your virtual domains then disallow anything else from the router.

Nathan Fowler wrote:
>
> Is the router doing port forwarding on 25 to the E-Smith box?

[Nathan Fowler]

David, I was going to address this outside of the forum but your mailer daemon bounced the message.  Your configuration offers several severe security concerns.

First of all, by forwarding 192.168.1.1 and setting the smtpd_check_rules
to default allow smtp relay access you are defeating the purpose of
smtpd_check_rules and opening yourself to become a public relay.  You will
soon be abused by spammers.

Secondly, why use a router to begin with.  E-Smith acts as a rather robust,
efficient, and secure router.  The use of another hardware router isn't
really necessary nor is it any more secure.  Most embedded routers are
actually less secure (Cisco IOS, NetGear, LinkSys, etc).

If you are truly going to be a production server or e-mail server it's
really in your best interest to use E-Smith as your primary interface.  There really is no advantage to using a router as a front-end and in this case is actually making your network less secure.  If it's a wireless router you could always place it behind the E-Smith box and retain the same functionality.

Hope this helped.  The flaw isn't in the configuration of E-Smith or the
script itself but rather your network configuration.

Nathan

[Jim Gonzales]

I don't know if this has been covered already - I searched and couldn't find any references to it...

It looks like the imap-before-smtp (maybe even pop-before-smtp, but I don't use it) is storing the wrong time in the imap-before-smtpd.log file.  It's tagging each entry with the time the daemon originally started.

I think things will work as expected if you change line 67 from

$time = $date;

to

$time = localtime();

It looks like $date was being initialized once outside of the driving while loop, and therefore never got updated in realtime.

[Nathan Fowler]

Yeah, I found that on 5/02/2002 and updated it in the new version.  Also added some other features, make sure you update.

Nathan

[Nathan Fowler]

Hah, Jim nevermind.  I thought I fixed it but I never did.  You are exactly correct.  I'll take care of updating it now, thanks!

[Nathan Fowler]

Thankfully, Jim Gonzales reported a stupid mistake on my end that caused the Time/Date stamping of the events to be the time/date the daemon itself was spawned.  I have corrected these issues and published a new version of the code on http://www.stickit.nu/pop-before-smtp , it is strongly recommended that you update at this time.  Jim, if I didn't say it before, thank you for reporting these issues.  I'm supprized I never noticed it but I very rarely check the logs.

If you guys have any issues updating let me know.  Basically all you need to do is kill the pop-before-XXX processes, downoad and overwrite the new binaries.

If you have any problems let me know.  You know an RPM sure would be nice, perhaps I'll have to look into creating one.

[Jim Gonzales]

Nathan - I'm glad to help, and thank *YOU* for providing the script.

Jim

[dsweet]

Nathan,
I am rather new to additions to the server, however I am looking to provide external email from my e-smith box. Is there an instruction on "how to" install the script to a current 5.12 e smith box. Thank you D.Sweet

[Nathan Fowler]

Installation Instructions:
Login to your E-Smith box as root from the console. If you are not familar with the way you should do this, simply do the following:

Hit [Alt]-[F2]
Login as root.
Enter the root password.

Do the following steps in exact order:
cd /root
wget --tries=3 -nc -c -nd -r --level=1 "http://www.stickit.nu/pop-before-smtp/install.sh"
chmod 700 install.sh
pico -w install.sh 'Note that you must edit this file and save your changes!
./install.sh

After running the install script you should verify that the installation was successful. At the console type:

ps -aux --cols=900|grep before-smtp
ps -aux --cols=900|grep smtp-cleanup

You should see some running instances of the program...if you do not the installation failed to spawn the daemons, are you root?

Also type:

ls /var/pop-before-smtp

You should see the following files:
pop-before-smtp
popSSL-before-smtp
imap-before-smtp
smtp-cleanup

If you do not the installation failed, were you root?

Also,
cat /etc/rc.d/rc.local |grep /var/pop-before-smtp

You should see some declarations for calling the daemons you selected, if you do not, chances are you were not root when you logged in.
To kill the processes, simply kill the PID's. It is not recommended that you kill -9 them, but gracefully kill the, doing a -9 (SIGHUP I believe) can cause the smtpd_check_rules to become corrupted. If they do, don't panic, they are very eays to recover from template. If they corrupt let me know and I'll give you the command.

To view your log files simply cat out the contents located in /var/pop-before-smtp


Uninstallation Instructions (Not recommended ;o )
To uninstall the program simply run the following as root:

#Kill the PID's of the pop-before-smtp programs:
kill ps -aux --cols=900|grep before-smtp|awk '{print $2}' > /dev/null
kill ps -aux --cols=900|grep smtp-cleanup|awk '{print $2}' > /dev/null

#Remove the pop-before-smtp directory:
rm -rf /var/pop-before-smtp

#Remove the bottom lines in rc.local that call the /var/pop-before-smtp programs
# and save the file:
pico -w /etc/rc.d/rc.local

That's it

If you have any questions let me know,

Nathan Fowler
evilghost@stickit.nu

[dsweet]

below is what happened in doing the install - it appears to have run correctly - but I have not been outside the LAN to check mail yet. I will advise if it does not work and see what corrections need to be done.
Thank you for the help,
Dsweet


login: root
Password:
   UW PICO(tm) 4.0                File: install.sh                   Modified
   UW PICO(tm) 4.0                File: install.sh                   Modified

#!/bin/bash
# Directons:
# Simply uncomment the daemons you wish to run, then execute this script.

echo Creating the POP-Before-SMTP directory
mkdir /var/pop-before-smtp
cd /var/pop-before-smtp
wget --tries=3 -nc -c -nd -r --level=1 "http://www.stickit.nu/pop-before-smtp"
rm -rf  /var/pop-before-smtp/*.gif  /var/pop-before-smtp/????  /var/pop-before-
chmod 700 /var/pop-before-smtp/*


# Uncomment the daemons you wish to run here.  Note that smtp-cleanup
# is required!

#echo /var/pop-before-smtp/imap-before-smtp >> /etc/rc.d/rc.local
echo /var/pop-before-smtp/pop-before-smtp >> /etc/rc.d/rc.local
#echo /var/pop-before-smtp/popSSL-before-smtp >> /etc/rc.d/rc.local
echo /var/pop-before-smtp/smtp-cleanup >> /etc/rc.d/rc.local

                               [ Wrote 29 lines ]

[root@web-e-smith /root]# ./install.sh
Creating the POP-Before-SMTP directory
--00:16:16--  http://www.stickit.nu/pop-before-smtp
           => pop-before-smtp'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.stickit.nu/pop-before-smtp/ [following]
--00:16:16--  http://www.stickit.nu/pop-before-smtp/
           => index.html'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    0K -> .

00:16:16 (1.16 MB/s) - index.html' saved [1221]

Loading robots.txt; please ignore errors.
--00:16:16--  http://www.stickit.nu/robots.txt
           => robots.txt'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 404 Not Found
00:16:17 ERROR 404: Not Found.

--00:16:17--  http://www.stickit.nu/icons/blank.gif
           => blank.gif'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 148 [image/gif]

    0K ->                                                        [100%]

00:16:17 (144.53 KB/s) - blank.gif' saved [148/148]

--00:16:17--  http://www.stickit.nu/pop-before-smtp/?N=D
           => ?N=D'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    0K -> .

00:16:17 (1.16 MB/s) - ?N=D' saved [1221]

--00:16:17--  http://www.stickit.nu/pop-before-smtp/?M=A
           => ?M=A'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    0K -> .

00:16:17 (1.16 MB/s) - ?M=A' saved [1221]

--00:16:17--  http://www.stickit.nu/pop-before-smtp/?S=A
           => ?S=A'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    0K -> .

00:16:18 (1.16 MB/s) - ?S=A' saved [1221]

--00:16:18--  http://www.stickit.nu/pop-before-smtp/?D=A
           => ?D=A'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

    0K -> .

00:16:18 (1.16 MB/s) - ?D=A' saved [1221]

--00:16:18--  http://www.stickit.nu/icons/back.gif
           => back.gif'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 216 [image/gif]

    0K ->                                                        [100%]

00:16:18 (105.47 KB/s) - back.gif' saved [216/216]

File index.html' already there, will not retrieve.
--00:16:18--  http://www.stickit.nu/icons/text.gif
           => text.gif'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 229 [image/gif]

    0K ->                                                        [100%]

00:16:18 (111.82 KB/s) - text.gif' saved [229/229]

--00:16:18--  http://www.stickit.nu/pop-before-smtp/INSTALL.html
           => INSTALL.html'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 2,866 [text/html]

    0K -> ..                                                     [100%]

00:16:19 (26.16 KB/s) - INSTALL.html' saved [2866/2866]

--00:16:19--  http://www.stickit.nu/icons/unknown.gif
           => unknown.gif'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 245 [image/gif]

    0K ->                                                        [100%]

00:16:19 (119.63 KB/s) - unknown.gif' saved [245/245]

--00:16:19--  http://www.stickit.nu/pop-before-smtp/imap-before-smtp
           => imap-before-smtp'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 3,288 [text/plain]

    0K -> ...                                                    [100%]

00:16:19 (26.11 KB/s) - imap-before-smtp' saved [3288/3288]

--00:16:19--  http://www.stickit.nu/icons/script.gif
           => script.gif'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 242 [image/gif]

    0K ->                                                        [100%]

00:16:20 (236.33 KB/s) - script.gif' saved [242/242]

--00:16:20--  http://www.stickit.nu/pop-before-smtp/install.sh
           => install.sh'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 982 [application/x-sh]

    0K ->                                                        [100%]

00:16:20 (958.98 KB/s) - install.sh' saved [982/982]

--00:16:20--  http://www.stickit.nu/pop-before-smtp/pop-before-smtp
           => pop-before-smtp'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 3,424 [text/plain]

    0K -> ...                                                    [100%]

00:16:20 (25.72 KB/s) - pop-before-smtp' saved [3424/3424]

--00:16:20--  http://www.stickit.nu/pop-before-smtp/popSSL-before-smtp
           => popSSL-before-smtp'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 3,547 [text/plain]

    0K -> ...                                                    [100%]

00:16:21 (26.04 KB/s) - popSSL-before-smtp' saved [3547/3547]

--00:16:21--  http://www.stickit.nu/pop-before-smtp/smtp-cleanup
           => smtp-cleanup'
Connecting to www.stickit.nu:80... connected!
HTTP request sent, awaiting response... 200 OK
Length: 2,219 [text/plain]

    0K -> ..                                                     [100%]

00:16:21 (54.17 KB/s) - smtp-cleanup' saved [2219/2219]


FINISHED --00:16:21--
Downloaded: 23,511 bytes in 16 files
All done.
Installed in /var/pop-before-smtp
[root@web-e-smith /root]# ps -aux --cols=900|grep before-smtp
root      6731  0.0  0.3  3120 1724 pts/0    S    00:16   0:00 perl /var/pop-be
ore-smtp/smtp-cleanup
root      6734  0.0  0.1  1740  600 pts/0    R    00:17   0:00 grep before-smtp
[root@web-e-smith /root]# ps -aux --cols=900|grep smtp-cleanup
root      6731  0.0  0.3  3128 1732 pts/0    S    00:16   0:00 perl /var/pop-be
ore-smtp/smtp-cleanup
root      6737  0.0  0.1  1740  604 pts/0    S    00:18   0:00 grep smtp-cleanu
[root@web-e-smith /root]# ls /var/pop-before-smtp
imap-before-smtp  pop-before-smtp     smtp-cleanup
IP                popSSL-before-smtp  smtp-cleanup.log
[root@web-e-smith /root]# cat /etc/rc.d/rc.local |grep /var/pop-before-smtp
/var/pop-before-smtp/pop-before-smtp
/var/pop-before-smtp/smtp-cleanup
[root@web-e-smith /root]#

[Nathan Fowler]

New versions of pop-before-smtp, imap-before-smtp, and popSSL-before-smtp have been published, using the tail --follow=name I am able to tail the file based on the name, not file descriptor.  This is necessary because when logorotate is successfully run it renames the file, and tail begins following the renamed file.  This causes the code to "break" because the renamed logfile is no longer active.  The code has been updated and republished, it is strongly recommended that you update at this time.  This should be the solution to the logrotate problems as posted on 05/08/2002.

I have also created a "stop_daemons" script which will quickly stop all XXX-before-smtp services with a single script.

If you do not know how to update please let me know.
As always, please report any bugs.
Thanks,

Nathan Fowler

[Pablo Linares]

Hi all!
Maybe a stupid question.
Will the SMTP-BEFORE-SMTP configuration and daemons remain untouched and active after modifing something through "Configure This Server"?
Since I believe all templates and configuration file are re-created using the new templates you picked.

If this is the case, what should be the procedure to include pop-before-smtp into the custom templates folder, as the message that explain how to modify the httpd template to change the listening port of apache (wich will not return to 80 after modifying the sys configuration)

Thanks a lot!

[Nathan Fowler]

I think you're a bit confused, so let me help clarify things:

Pop-before-smtp doesn't rely on anything dealing with the Apache.
The modification of system parameters and templates will not affect the pop-before-smtp daemons.  No templated files are modified by pop-before-smtp, therefore when a template is expanded no changes are overwritten that affect pop-before-smtp (excluding the smtpd_check_rules but since these are dynamically updated and changed by the pop-before-smtp daemons this file being re-expanded doesn't matter at all.  If a custom template was used with pop-before-smtp, well lets just say it wouldn't work).

The only system file updated statically by pop-before-smtp is /etc/rc.d/rc.local during the install, which is not templated.

Again, since pop-before-smtp does not rely on any templated files the use of a custom template is not required, actually there is no place for a custom template to perform the type of action that the pop-before-smtp daemons perform.

Hope this helped,

Nathan

[pk]

Hi Nathan;

First I would like to thank you for all the work you have done with popb4smtp.

I have a newbie question...super basic, but I want to make sure I am doing this right.

In order for the scripts to work, it is necessary to change the Pop and imap server access from private to public? Right?

I did not notice that in the instructions...probably a no brainer since you need to allow public access, but want to verify that a required step.

If that is a required step, are there any secuirty considerations? As you know, the manual makes an issue of this.

http://www.e-smith.org/docs/manual/5.1/admin-otheremailsettings.html

The statment does not see like a big deal to me...but should there be any concerns?

FWIW, I changed the setting to public and tailed the pop-before-smtp, maillog and cleanup log...and all looks like it works great.

Thanks...Paul