relaying only for localhost

This forum contains features that has been archived. This section contains implemented features, duplicate requests, and requests which we have decided not to implement.
Post Reply
chow
New user
New user
Posts: 18
Joined: 2004-02-04 18:59

relaying only for localhost

Post by chow » 2004-02-04 19:12

First, this is a great application. I was very happy to donate. I am using v2.0.2

Relaying only from a specific host, I discovered that I could use IP Ranges to do so:

0.0.0.0-255.255.255.255 pri=0 smtprelay=no
127.0.0.1-127.0.0.1 pri=100 smtprelay =yes

However, it looks like the smtp security relaying setting overrides the ip range, so I had to set it to "always alow relay". So far so good.

Problem is, with the above settings, I cant relay at all, even through a local mail account if I am using say, outlook on another machine. If I open the 0.0.0.0-255.255.255.255 range to be smtprelay=yes, then anyone can use the server to spam mail.

If I go the other route and set smtp security to "Relay mail for local users", then I loose the ability to relay on the localhost.

Is there a way to make this work with v2.0.2?

chow
New user
New user
Posts: 18
Joined: 2004-02-04 18:59

poking through the code

Post by chow » 2004-02-04 19:52

In smtpconnection.cpp, right about the middle of the file, I see the check for relay type first, followed by the ip-range check. If I can figure out how to assemble all the source, I would add a config option to ip-ranges to override smtp relay setting to allow open relay, and put that check ahead of both existing checks.

This would let me have trust users on an iprange(inside firewall perhaps) to use hMailServer for delivery of any outgoing mail, but preserving security for all others (outside firewall users maybe).

Also this would let me trust my webserver which is running a webmail application(using IlohaMail) that can manage multiple outside domains, but send all mail through hMailServer.

Brian

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-02-05 00:21

So what you want to do is to _always_ allow all relaying from 127.0.0.1. For all other IP's the "normal security" should be preserved. Correct?
Sounds like a good idéa. I'm afraid it's not possible in the current version..

In the code, this should mean that the

Code: Select all

bool bAllowRelay = HIS_CheckIPAgainstRange::SMTPRelayIsAllowed(m_ClientInfo->GetLongIP());
if (bAllowRelay == false)
{...}
should be replaced with something like

Code: Select all

bool bAllowRelay = HIS_CheckIPAgainstRange::SMTPRelayIsAllowed(m_ClientInfo->GetLongIP());
if (bAllowRelay)
{ 
   if (bOverrideAllOtherChecks)
   {
      add recipient to email even if the sender is a user without an local account
   }
   else
   {
      use normal security (only add recipient to mail if the sender  
      is has a local account etc)
   }
}
else 
{
   do not add recipient to email
}

Sounds like a quite standard feature that most users would want. I'll be sure to add this in 3.0 :-)

Martin

ps.
Tomorrow, i'll set up a tutorial on how to download and build hMailServer locally..

chow
New user
New user
Posts: 18
Joined: 2004-02-04 18:59

woo hoo!

Post by chow » 2004-02-05 00:36

Precisely what Im trying to do.

Danke!

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-02-05 01:11

Take a look under hmailserver.com -> misc -> Run in debug.

I had a look at PayPal and felt that I could just as well write the tutorial on how to download and compile the source today ;-)

The time is quite much here in sweden and I haven't had time to read through it more than once, but I hope it's correct.

The tutorial is for version 2.0. The only new feature in 3.0 so far is the IMAP support and that doesn't work that great yet, so there's really no need downloading it. Version 3.0 probably won't start on your computer anyway.....

chow
New user
New user
Posts: 18
Joined: 2004-02-04 18:59

got the code

Post by chow » 2004-02-05 17:52

Your instructions worked great. I got CVS to work properly and everything was going great except that my development environment is in desperate need of a wipe and rebuild. Ill be able to get working in a day or two.

One thing to add to the instructions is that you need to have Microsoft Platform SDK: CORE + Internet Development inorder to compile and link. If you get a compile error "missing windns.h", then this is the issue.

the Platform SDK can be gotten from Microsoft @ http://www.microsoft.com/msdownload/pla ... sdkupdate/

Also, I started poking around with SpamBayes @ http://spambayes.sourceforge.net/ to see if there was an easy way to add some more spam-fighting capabilities.

chow
New user
New user
Posts: 18
Joined: 2004-02-04 18:59

got the code

Post by chow » 2004-02-05 18:45

The instructions worked great. I was able to get everything d/led and almost compiled. One bit that people might not know is that you need to have Microsoft Platform SDK installed, CORE + Internet Development. This can be obtained @ http://www.microsoft.com/msdownload/pla ... sdkupdate/
If you see "cannot find windns.h" errors during compile, then you need the SDK.

Unfortunately for me, my development environment needed a complete wipe and rebuild so it will be a day or two until I can get everything working.

Also, I have been poking around with opensource spam filters and came across this one. http://spambayes.sourceforge.net/ Im hoping that it might be simple to make use of it, but it will have to wait till next week before Ill have time to d/l and look it over.

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2004-02-05 19:08

Alright. I'll add the platform sdk to the tutorial.
Thank's for writing the message twice btw. :-)

Post Reply