Mailing List CGatePro@mail.stalker.com Message #100957
From: John Souvestre <johns@sstar.com>
Subject: RE: authBackupChecker2.pl helper timeout
Date: Tue, 26 Oct 2010 13:36:55 -0500
To: 'CommuniGate Pro Discussions' <CGatePro@mail.stalker.com>
X-Mailer: Microsoft Outlook 14.0

Hi Nicholas.

 

Sounds great!  Two suggestions.

 

1)      Make it an option to reject if the domain isn’t listed in the database.  We do some forwarding automatically, using the CGP option which checks DNS.  Also, some we forward for don’t allow verifications or they rate limit them so much that we won’t get replies.

2)      Allow setting the caching time separately for “found” and “not found”.  In the latter case I would use a short value (10 min?) to avoid reject mail for a new user account.

 

Regards,

 

John

    John Souvestre - New Orleans LA

From: CommuniGate Pro Discussions [mailto:CGatePro@mail.stalker.com] On Behalf Of Nicolas Hatier
Sent: Tuesday, October 26, 2010 12:14 PM
To: CommuniGate Pro Discussions
Subject: Re: authBackupChecker2.pl helper timeout

 

Ok, here's a summary.

The current version takes a domain list from the sqlite database, this is the list of domains that has to be relayed, including IPs, port and the desired order if there is many IPs for one domain. There is also a domain alias table to avoid repeating entries.

The filter obviously works as an external authenticator. When it receives a request, it first rejects anything which is not [MAIL], doesn't have a fully qualified email address, or for which the domain part does not match an entry in the alias or the domain table. CGP then processes the things the filter rejected normally, either passing them to another authenticator or using its own routing table.

The filter then retrieves the connection data for this domain, including a previously opened socket if any (the filter caches connection for as long as it can). It checks in its account_cache database for the presence of a previous positive or negative result that is not yet expired (default: 24 hours), to avoid querying the target server for things it already knows. If found, it returns the answer to CGP, whether or not this is a known account.

If nothing is found in the cache or entries are expired, the filter tries an SMTP connection, reusing the previous connection if any, and issues a simple Mail From <>, RCPT TO: target email, to see if the target server would accept the email. This should work with most SMTP servers, providing it is configured to give an immediate valid answer to this query to your relay server. This is of course not intended to relay mail to servers not under your (at least indirect) control.

The filter finally caches the information and returns the final answer to CGP.

This should probably match most of the functions present in the other authBackupChecker filters.

There is a few command line switches, to clear the account cache on startup, to be more verbose, and to set the cache expire delay.

The domain list setup, however, has to be done by hand using an sqlite tool. The filter is started to create the database, and the administrator then connects to it using an sqlite command line tool or another such as the SQLite Manager extension for Firefox to populate the domain and domain_alias tables, which are pretty self-explanatory.

I'm not sure exactly if this is enough or if a better domain list management tool has to be created, be it from a config file or something else.

A trial license will be available. The filter is stable and reliable, mostly ready for production use after a few final tests, and is available for the 10 OS/platform combination we usually support - Linux (32/64), FreeBSD (32/64), Solaris (386/sparc), OSX (Intel/PPC) and Windows (XP and up, 32/64). The *nix platform support requires glibc 2.5 and up.

What remain to be done is some documentation, in fact a more verbose version of what's described here...

Regards
Nicolas Hatier


On 2010-10-26 10:37, John Souvestre wrote:

Hello Nicolas.

 

Fantastic!  I’m certainly interested.

 

John

    John Souvestre - New Orleans LA

 

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster