CHKUSER

 

前回のspam mailの対策?としてQmailにChkuserとか他のものをinstallする。
今回は CHKUSER を導入してみます。
1.CENTOS 5.5
2.qmail-1.03                                                  ←qmail本体
3.patch:qmail-date-localtime       ← 日本時間のpatch
4.patch:qmail-smtpd-auth-0.51     ← smtp-auth patch
6.checkpassword-0.90           ← パスワードチェック
7.ucspi-tcp-0.88                ← SSL
8.dot-forward-0.71               ← dotdoward
9.fastforward-0.51               ← fastfoward
10.maildrop-2.5.0               ← maildrop
11.patch:qmailqueue            ← qmailqueue
12.setuidgid                  ← uidgid
13.vpopmail-5.4.30             ← vpopmail

一応ここまでは、installしてあり、qmail-smtpdが正常動作しているのが条件?
再度qmailを makeするので、qmail dirを削除する。

# rm -rf qmail-1.03
# tar zxvf qmail-1.03.gz
#cd qmail-1.03qmail-1.03]# wget http://www.itheart.com/phpgw/qmail-date-localtime.patch
qmail-1.03]# wget http://qmail.mirrors.summersault.com/qmail-smtpd-relay-rejectqmail-1.03]# wget http://www.qmail.org/qmailqueue-patch   qmail-1.03]# wget http://www.interazioni.it/opensource/chkuser/download/archives/chkuser-2.0.9-release.tar.gz 

qmail-1.03]# wget http://www.fehcom.de/qmail/auth/qmail-smtpd-auth-0510_tgz.bin  ← tar fileが壊れているので windowsにdownloadして、解凍し、qmail-1.03 dirにcopyする。(このサイトのdownloadにおいてあります)

patchの順番を間違わないように

qmail-1.03]# patch < qmail-date-localtime.patch     ← 日本標準時間対応パッチ施行

patching file date822fmt.c

qmail-1.03]# patch < qmail-smtpd-relay-reject       ← 不正中継拒否対応パッチ施行
patching file qmail-smtpd.c

qmail-1.03]# patch < qmailqueue-patch      ←qmailqueue
patching file Makefile
patching file qmail.c

qmail-1.03]# ./install_smtpd-auth.sh           ← SMTP-Auth対応パッチ施行

Installing qmail-smtpd AUTH 0510 (Build 20100208232205) at 2010年  8月  4日 水曜日 19:26:53 JST <<<
Targeting file TARGETS …
–> TARGETS copied to TARGETS.0510
–> Patching qmail source file TARGETS  ….
patching file TARGETS
Targeting file Makefile …
–> Makefile copied to Makefile.0510
–> Patching qmail source file Makefile  ….
patching file Makefile
Targeting file qmail-smtpd.c …
–> qmail-smtpd.c copied to qmail-smtpd.c.0510
–> Patching qmail source file qmail-smtpd.c  ….
patching file qmail-smtpd.c
Hunk #3 succeeded at 66 (offset 1 line).
Hunk #5 succeeded at 130 (offset 1 line).
Hunk #7 succeeded at 256 with fuzz 1 (offset 16 lines).
Hunk #9 succeeded at 348 (offset 16 lines).
Hunk #10 succeeded at 477 (offset 1 line).
Hunk #11 succeeded at 502 (offset 16 lines).
Hunk #12 succeeded at 732 (offset 1 line).
Targeting file qmail-smtpd.8 …
–> qmail-smtpd.8 copied to qmail-smtpd.8.0510
–> Patching qmail source file qmail-smtpd.8  ….
patching file qmail-smtpd.8
Copying documentation and samples to /var/qmail/doc/ …

If you dont wont CRAM-MD5 suport disable ‘#define CRAM_MD5’ in qmail-smtpd !
Installation of qmail-smtpd AUTH 0510 (Build 20100208232205) finished at 2010年  8月  4日 水曜日 19:26:53 JST <<<

qmail-1.03]# patch < chkuser-2.0.9-release.patch   ← chkuser patch

patching file CHKUSER.automatic_patching
patching file CHKUSER.changelog
patching file CHKUSER.copyright
patching file CHKUSER.log_format
patching file CHKUSER.manual_patching
patching file CHKUSER.readme
patching file CHKUSER.running
patching file Makefile
Hunk #2 succeeded at 308 (offset 4 lines).
Hunk #3 FAILED at 1548.
1 out of 3 hunks FAILED — saving rejects to file Makefile.rej ←pacth適応不可なのでrej fileをcheck
patching file TARGETS
Hunk #1 succeeded at 386 (offset 1 line).
patching file chkuser.c
patching file chkuser.h
patching file chkuser_settings.h
patching file conf-cc
patching file qmail-smtpd.c
Hunk #2 succeeded at 39 with fuzz 2 (offset 5 lines).
Hunk #3 FAILED at 259.
Hunk #4 succeeded at 378 with fuzz 2 (offset 110 lines).
Hunk #5 succeeded at 284 (offset 5 lines).
1 out of 5 hunks FAILED — saving rejects to file qmail-smtpd.c.rej ←pacth適応不可なのでrej fileをcheck  し修正する。
qmail-1.03]# vi Makefile

# Don’t edit Makefile! Use conf-* for configuration.

VPOPMAIL_HOME=/home/vpopmail
SMTPD_CHKUSER_OBJ=chkuser.o dns.o
VPOPMAIL_LIBS=`head -1 $(VPOPMAIL_HOME)/etc/lib_deps` `cat dns.lib`

SHELL=/bin/sh

default: it

↓省略

qmail-smtpd: \
load qmail-smtpd.o rcpthosts.o commands.o timeoutread.o \
timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o received.o \
date822fmt.o now.o qmail.o cdb.a fd.a wait.a datetime.a getln.a \
open.a sig.a case.a env.a stralloc.a alloc.a substdio.a error.a str.a \
fs.a auto_qmail.o base64.o socket.lib $(SMTPD_CHKUSER_OBJ)  ←追加
./load qmail-smtpd $(SMTPD_CHKUSER_OBJ) rcpthosts.o commands.o timeoutread.o \
timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
datetime.a getln.a open.a sig.a case.a env.a stralloc.a \
alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o \
$(VPOPMAIL_LIBS) \
`cat socket.lib`
↑上記緑文字部分 追加変更

qmail-1.03]# wq

qmail-1.03]# vi qmail-smtpd.c

/*
*
* includes chkuser v.2.0.8
* for qmail/netqmail > 1.0.3 and vpopmail > 5.3.x
*
* Author: Antonio Nati tonixinterazioni.it
* www.interazioni.it/opensource
*
*/

#include “sig.h”
#include “readwrite.h”
#include “stralloc.h”
#include “substdio.h”
#include “alloc.h”
#include “auto_qmail.h”
#include “control.h”
#include “received.h”
#include “constmap.h”
#include “error.h”
#include “ipme.h”
#include “ip.h”
#include “qmail.h”
#include “str.h”
#include “fmt.h”
#include “scan.h”
#include “byte.h”
#include “case.h”
#include “env.h”
#include “now.h”
#include “exit.h”
#include “rcpthosts.h”
#include “timeoutread.h”
#include “timeoutwrite.h”
#include “commands.h”
#include “wait.h”

#define CRAM_MD5
#define AUTHSLEEP 5
#define SUBMISSION “587”

/* start chkuser code */
#include “chkuser.h”
/* end chkuser code */

#define MAXHOPS 100

↓ 省略

void smtp_mail(arg) char *arg;
{
if (str_equal(localport,submission))
if (!flagauth) { err_submission(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
if (chkuser_sender (&addr) != CHKUSER_OK) { return; }  ← 追加

flagsize = 0;
mailfrom_parms(arg);
if (flagsize) { err_size(); return; }
flagbarf = bmfcheck();
seenmail = 1;
if (!stralloc_copys(&rcptto,””)) die_nomem();
if (!stralloc_copys(&mailfrom,addr.s)) die_nomem();
if (!stralloc_0(&mailfrom)) die_nomem();
out(“250 ok\r\n”);
}
void smtp_rcpt(arg) char *arg; {
if (!seenmail) { err_wantmail(); return; }
if (!addrparse(arg)) { err_syntax(); return; }
if (addrrelay()) { err_relay(); return; }
if (flagbarf) { err_bmf(); return; }

 

qmail-1.03]# wq

qmail-1.03]# vi error.h

extern int errno;

#include<errno.h> ← 変更

qmail-1.03]# make

*

*

*

qmail-smtpd.c: In function ‘main’:
./compile base64.c
./compile chkuser.c
./load qmail-smtpd chkuser.o dns.o rcpthosts.o commands.o timeoutread.o \
timeoutwrite.o ip.o ipme.o ipalloc.o control.o constmap.o \
received.o date822fmt.o now.o qmail.o cdb.a fd.a wait.a \
datetime.a getln.a open.a sig.a case.a env.a stralloc.a \
alloc.a substdio.a error.a str.a fs.a auto_qmail.o base64.o \
`head -1 /home/vpopmail/etc/lib_deps` `cat dns.lib` \
`cat socket.lib`
./compile sendmail.c
sendmail.c: In function ‘main’:

*

*

chmod 755 binm3
cat binm3+df.sh \
| sed s}QMAIL}”`head -1 conf-qmail`”}g \
> binm3+df
chmod 755 binm3+df

qmail-1.03]# mv /var/qmail/bin/qmail-smtpd  /var/qmail/bin/qmail-smtpd.bak   ←旧qmail-smtpdを保存

qmail-1.03]# cp qmail-smtpd /var/qmail/bin/

qmail-1.03]# cd

# vi /etc/rc.d/init.d/qmail                 ←qmail の起動スクリプトが下記になっていること

start() {
# Start daemons.
if [ -z $(/sbin/pidof qmail-send) ] ;  then
echo -n “Starting qmail”

# qmail
csh -cf ‘/var/qmail/rc &’ 2>&1 > /dev/null

# SMTP
tcpserver -qv -l0 -HR -u `id -u vpopmail` -g `id -g vpopmail` \
-x /home/vpopmail/etc/tcp.smtp.cdb 0 smtp \
fixcrio qmail-smtpd `hostname` /home/vpopmail/bin/vchkpw /bin/true 2>&1|\
splogger smtp &

# SMTPS
tcpserver -qvs -l0 -HR -u `id -u vpopmail` -g `id -g vpopmail` \
-n /var/qmail/cert.pem -x /home/vpopmail/etc/tcp.smtp.cdb 0 smtps \
fixcrio qmail-smtpd `hostname` /home/vpopmail/bin/vchkpw /bin/true 2>&1|\
splogger smtps &

RETVAL=$?
echo

# cd /etc/qmail/bin

#./qmail-smtpd

起動して、checkするけど smtp-auth とか入っているので、outlook等でmail 送信、受信して

system Logを 確認すること。

最後に環境に応じて chkuser.setting.h を編集すること

説明は,doc参照。

 

一応動作すると思うけど・・

TLS、SSL とかは,checkしてね^^