Sendmail support - auth no milter

Author

auth no milter

John Kelly

2006-02-22, 6:09 pm

sid-milter is my first try at using a milter, works great.

But users who authenticate with smtp-auth, I don't want them subjected
to the milter, and that seems to be happening, according to my tests.

I don't understand, at least not yet, the architecture of the milters
and callbacks and such, too see how to make this work.

I can do some things for myself, but I'm no sendmail guru. Any hints
appreciated, I'm ready to hack my .cf and/or source.

Jose Marcio Martins da Cruz

2006-02-22, 6:09 pm

John Kelly wrote:
> sid-milter is my first try at using a milter, works great.
>
> But users who authenticate with smtp-auth, I don't want them subjected
> to the milter, and that seems to be happening, according to my tests.
....
> I can do some things for myself, but I'm no sendmail guru. Any hints
> appreciated, I'm ready to hack my .cf and/or source.

What you want is usually managed by the milter itself. The milter can check the
content of some macros (mainly {auth_...}) to decide how to handle that
message/connection.

Contact sid-milter author, if not explained at its documentation.

John Kelly

2006-02-22, 6:09 pm

John Kelly

2006-02-26, 9:29 am

On Wed, 22 Feb 2006 11:17:33 +0100, Jose Marcio Martins da Cruz
<Jose-Marcio.Martins@ensmp.fr> wrote:

>John Kelly wrote:

[vbcol=seagreen]
>What you want is usually managed by the milter itself. The milter can check the
>content of some macros (mainly {auth_...}) to decide how to handle that
>message/connection.

Thanks for pointing me in the right direction.

I made a patch for sid-milter which exempts smpt-auth users from the
sid/spf checks.

I also patched it to fail on spf only. There are too many problems
with sid/pra. The results still show in the log, but any sid failure
is ignored.

--- sid-filter.c 2005-12-08 16:47:15.000000000 -0500
+++ sid-filter.c 2006-02-23 02:48:34.000000000 -0500
@@ -1569,6 +1569,7 @@
int err;
char *user;
char *domain;
+ char *auth_authen;
Context sic;

#ifndef DEBUG
@@ -1586,6 +1587,13 @@
sid_msgcleanup(ctx);

/*
+ ** Accept auth users.
+ */
+
+ if (auth_authen = smfi_getsymval(ctx, "{auth_authen}"))
+ return SMFIS_ACCEPT;
+
+ /*
** Don't fail on the RFC2821 bounce address.
*/

@@ -1969,7 +1977,7 @@
break;

case 2: /* need both !FAIL */
- if (sid_result == SM_MARID_FAIL || spf_result == SM_MARID_FAIL)
+ if (spf_result == SM_MARID_FAIL)
ret = SMFIS_REJECT;
break;

@@ -2004,7 +2012,7 @@

snprintf(errmsg, sizeof errmsg,
"Rejected due to %s policy for sender %s",
- (sid_result == SM_MARID_FAIL ? "Sender-ID" : "SPF"),
+ (sid_result == SM_MARID_FAIL ? "SPF" : "SPF"),
badaddr);

if (smfi_setreply(ctx, "550", "5.7.1", errmsg) != MI_SUCCESS &&

jmaimon@ttec.com

2006-02-26, 9:29 am

John Kelly wrote:
> On Wed, 22 Feb 2006 11:17:33 +0100, Jose Marcio Martins da Cruz
> <Jose-Marcio.Martins@ensmp.fr> wrote:

>
> I imagined there was some way of using rulesets to make milter
> execution conditional, but if I understand correctly, you are saying
> every message is handed off to the active milters.
>
> It would be nice if milter execution was conditional, on the basis of
> rulesets, to avoid unnecessary handoffs to the milters.

There is and it does.

milter-rrres

http://www.jmaimon.com/sendmail