ofmipd-plus
On this page: • Introduction • License • Status/Warranty • Documentation • Pre-requisites • Download • Installation • Setup / Configuration • Security • Troubleshooting • Programming Notes • Archives
Introduction
ofmipd is an alternative to qmail-smtpd for email submission in the mess822 package.
ofmipd-plus adds authentication and logging to ofmipd. The authentication is provided by John Levine's auth patch which is included in ofmipd-plus. The logging additions are similar to qmail-logmsg, logging details of the session (commands, results, errors) as well as the username used to authenticate the connection.
make clean and errno tweaks are also included in this patch, no need to apply them separately.
TLS support is provided for installations using sslserver from ucspi-tls. A non-TLS version is also available here.
Pre-requisites
This patch applies cleanly to mess822-0.58.
If you wish to use TLS functionality, you will require the ucspi-tls TLS-patched sslserver.
Download
Download the patch here (v2.1).
Installation
Change into your mess822 source directory and type,
patch < path_to_patch/ofmipd-plus-v2.1.patch
and compile/install mess822 as normal. You'll probably want to be logging using multilog to get the most benefit from this patch.
Setup
Assuming you're using daemontools, in your run file you'll need to redirect file descriptor 7 (unfortunately checkpassword gets in the way of using stderr for logging). Thus you might have something like this,
#!/bin/sh
exec env - PATH="/var/qmail/bin:/usr/local/bin:$PATH" \
softlimit -m 50000000 -f 50000000 \
tcpserver -v -HR -l0 -c50 0 587 \
ofmipd "" your.domain.here checkpassword true 2>&1 7>&1
Make sure to adjust the above to suit your particular system, taking particular care with your flavour of checkpassword which may take additional arguments.
If you wish to offer TLS, you will need to use the TLS-patched sslserver from the ucspi-tls package instead, so the above example would look like this instead (you also need to add -e and -n flags, see here for more details,
#!/bin/sh
exec env - PATH="/var/qmail/bin:/usr/local/bin:$PATH" \
softlimit -m 50000000 -f 50000000 \
sslserver -e -n -v -HR -l0 -c50 0 587 \
ofmipd "" your.domain.here checkpassword true 2>&1 7>&1
As well as ofmipd now providing authentication, your ofmipd logs will now be richer in information about incoming connections.
Status / Warranty
No warranty, express or implied is given - USE THIS SOFTWARE ENTIRELY AT YOUR OWN RISK. You will need to satisfy yourself as to the suitability of this software before deploying it in a production environment.
Troubleshooting
Only one item here so far: If it doesn't work following the instructions above, you may find you need to specify the full path to true, typically /bin/true.
Programming Notes
ofmipd-plus includes the following enhancements to ofmipd:
- John Levine's ofmipd authentication patch.
- Logging each session, using code from the qmail-logmsg patch adjusted for ofmipd.
- Tweak to conf-cc to enable compilation on Linux using Dan Bernstein's suggested fix (addresses errno.h problem during compilation on Linux).
- TARGETS updated to include additional object files created by this patch.
- Makefile updated to include a 'clean' target as well as other targets needed by this patch.
- TLS functionality added - basically the equivalent of that for qmail-smtpd in ....netqmail-1.05-ucspitls-0.3.patch but adapted for ofmipd instead.
- Some files copied over from qmail for new features (incl. env.c, envread.c, fmt_ulong.c, str_cpy.c)
Archives
This link will take you to the newest version (or the top of this page if you're already there).
Version 2.0 includes a logging bug in smtp_rcpt() so should be upgraded to this version. This logging bug was also found in the non-TLS version 1.1 (fixed in version 1.2); version 1.1 also included a completely redundant unused file envset.c, an exact duplicate of env.c; this is removed in later versions.
This page last updated: AR, 19th February 2016.