projects.standblue.net - Software

projects.standblue.net -> software -> quser

quser

quser is a small package of tools for working with qmail and maildirs. It used to be know as qblue, until I was asked to rename qblue by qblue.com.

The latest version of the quser package is quser-0.8.tar.gz.

The following programs are part of quser:

cmaildir
validate-sender
validate-recipient
mybadmailfrom
mybadrcptto

To install quser just unpack the tarball, cd into the quser src directory, and do the normal make and make install routine.


  tar xzf quser-0.8.tar.gz
  cd quser-0.8
  make
  make test (optional tests)
  sudo make install

cmaildir will be installed in /usr/local/bin/ while validate-sender, validate-recipient, mybadmailfrom and mybadrcptto will be installed in /var/qmail/bin/ . If you dont like this then just change the Makefile, but I feel that these are the best places for these programs. In a future release I will probably try to use slashpackage.

I have only tested the install on Linux and FreeBSD. These are basically the only two types of systems that I have access to, so I would be very interested to hear what type of system you have installed quser on. Please email me and let me know at cwright@standblue.net

cmaildir

cmaildir is a short C program for checking Maildir's for new mail. If run with no arguments cmaildir checks ~/Maildir/ for new mail and also reports messages in the inbox. If arguments are passed to cmaildir then it expects them to be paths to Maildir style directories, but do not include the /cur/ and /new/ portions, the Maildir is the set together. I wrote cmaildir because I have my list addresses setup to go straight into special Maildirs, so with cmaildir I can run the following to get a status of some of my folders:


  shell$ cmaildir ~/Maildir/.Lists.qmail/ ~/Maildir/.Lists.djbdns/ ~/Maildir/.Lists.moto/
  You have 6 new messages, 37 saved

While this may not be that convenient to type at a command line, its most useful in a .bash_profile file or as a bash alias. I have the following in my .bash_profile:


  cmaildir ~/Maildir/ ~/Maildir/.Lists.moto/

This gives me a quick status of my new messages each time I login.

validate-sender

validate-sender is a little C program I wrote because I needed to check a sender against a list before allowing it to post to an address. I had setup an address for people to add addresses to badmailfrom but only wanted certain users to be able to have this ability. validate-sender is designed to be called from a .qmail file after bouncesaying or condredirect. It takes the filename of the list file as an argument. The list file should contain a list of addresses or domains, one per line. Domain entries can either be in the form @site.dom or site.dom. For example:


  |bouncesaying "You are not in my list of allowed senders" validate-sender /etc/badmailadders
  |/usr/local/bin/addtobadmailfrom

Or, with condredirect to alert me when somebody tries to submit:


  |condredirect myemailaddress validate-sender /etc/badmailadders
  |/usr/local/bin/addtobadmailfrom

validate-sender returns 1 if a match is found, and 0 if no match is found. 111 is returned if there is an error.
I stick validate-sender in /var/qmail/bin since the only place it will probably ever be used is with qmail.
Please note that no method is fool proof against forgeries, just see what djb has to say. In other words, dont trust your system to anything like this, it should only be used for trivial checks.

validate-recipient

The validate-recipient program is very similar to the validate-sender program, except it checks against the value of the envelope recipient address. This is mainly for use in .qmail-default files. For example, if all of your mail passes through a mail gateway that forwards mail using smtproutes then you probably use a .qmail-default file for this. If you know in advance the complete list of addresses that should be forwarded then you can block anything else from being forwarded.


  |bouncesaying "No mailbox by that name." validate-recipient /path/to/addresses.txt
  |forward "$DEFAULT"@someotherserver.example.com

validate-recipient uses the same exit codes as validate-sender.

mybadmailfrom

mybadmailfrom is a program that allows individual users to manage their own badmailfrom lists. If a user is sick of getting mail from a certain address or domain then all they need to do is add it to their personal badmailfrom list. Once the list is ready the user can add a line to their .qmail file before all the rest:


  |mybadmailfrom ~/Maildir/mybadmailfrom
  ./Maildir/

Although messages from addresses listed in ~/Maildir/mybadmailfrom will bounce, I should note that this works in a very different way from the badmailfrom file that qmail-smtpd uses. Addresses listed in /var/qmail/control/badmailfrom are blocked at the SMTP connection. Addresses listed in mybadmailfrom must first be accepted into the system so that qmail-local can run the .qmail file.

mybadrcptto

mybadrcptto is useful for blocking certain recipient addresses in a .qmail-default file. For example, if you have a qmail gateway that scans all mail for spam or viruses and forwards accepted mail onto another server, you may want to block certain invalid or expired addresses. The mybadrcptto program will allow you to maintain a list of addresses that you dont want to pass through:


  |mybadrcptto ~/ex-employees.txt
  |forward "$DEFAULT"@internal.example.com

With this setup any mail sent to an address thats listed in the ~/ex-employees.txt file will bounce. All other mail will pass through and be forwarded to the internal server. There is a patch available for qmail that will block certain RCPT TO: addresses at the SMTP conversation. The advantage to using mybadrcptto is that 1) you do not need to patch qmail, and 2) individual users can implement their own badrcptto lists. The disadvantage to using the mybadrcptto program as opposed to the patch is that all email must first be accepted into the system, and only then can qmail-local run the mybadrcptto program to check the recipient.

Changes

0.8: Added the badrcptto program, combined code.; Added a few more tests to "make test".
0.6: Combined code for validate-sender and validate-recipient into one file.; Added a SECURITY file to warn users on trusting validate-sender too much.
0.4: Added the validate-recipient program. Many code cleanups, added a test for validate-recipient.
0.2: Added INSTALL and REAME files
0.1: Put cmaildir and validate-sender into the quser package.; Introduced the mybadmailfrom program.; Updated cmaildir so that when you pass parameters it doesnt check ~/Maildir/ unless told to.; Updated validate-sender to be able to match on domains as well as single addresses.