[LINUX] Changes in qmail-remote.c to always use "email address specified in smtproutes" in RCPT TO: of qmail with smtp-auth patch.

Preface

It has been more than 15 years since the OB25 countermeasures started at the provider, but about two years ago, the mail server of the SMTP-AUTH compatible SUBMISSION port prepared with the OB25 countermeasures at the provider I am using "SMTP-AUTH A new measure has been silently introduced that says "If you specify a mail address other than the authenticated provider's mail address in MAIL FROM :, mail relay will be rejected."

There is no problem if you use it normally (?), But if you get your own domain and operate a mail server (qmail) using dynamic dns, you can send mail from inside with your own domain name. It will be gone.

Recently, I've been playing with qmail and I haven't seen this kind of information, so I think it's a niche. I would like to share the changes in qmail-remote.c to use "address".

Prerequisites

You are operating a qmail server with your own domain and the following patches are applied

• qmail-smtpd-auth-0.31.tar.gz
• qmail-smtpd-auth-close3.patch
• qmail-remote-auth.patch

As shown below, smtproutes is used to request mail delivery to the mail server of the provider, and smtp-auth is performed with the mail address as a client.

touch /var/qmail/control/smtproutes
chown qmailr.root /var/qmail/control/smtproutes
chmod 640 /var/qmail/control/smtproutes
cat > /var/qmail/control/smtproutes << EOF
:Provider mail server FQDN:587 Provider Email Address Provider Email Password
EOF

How to check if the provider's mail server has the same measures as the preamble

#Create SMTP AUTH string
printf "%s\0%s\0%s"Provider Email Address Provider Email Address Email Password| openssl base64 -e | tr -d '\n'; echo 
#The following base64ized SMTP AUTH character string will be displayed, so copy the displayed characters.
Zm9vQGV4YW1wbGUuY29tAGZvb0BleGFtcGxlLmNvbQBwYXNzd29yZA==

#Connection method when encryption is required
openssl s_client -quiet -ign_eof -connect provider mail server:port number-tls1_2
#Connection method when plain text is acceptable
telnet provider mail server port number

__ When you can connect, the following display will be displayed, so enter only the gray part (the display content will differ slightly depending on the server) __

IP address of Trying mail server ... Connected to mail server name Escape character is '^]'. 220 Mail server name ESMTP Service ready EHLO localhost 250-mail server name 250-DSN 250-8BITMIME 250-PIPELINING 250-AUTH=LOGIN 250-AUTH LOGIN CRAM-MD5 PLAIN 250 SIZE 20971520 ʻAUTH PLAIN Pre-created SMTP AUTH string 235 PLAIN authentication successful MAIL FROM: [email protected]***… Acceptance is rejected if MAIL FROM is different from the SMTP-AUTH address *** 553 MAIL FROM:<[email protected]> does not match authenticated user name MAIL FROM: Provider's email account***… Accepted if MAIL FROM is the same as the SMTP AUTH username *** 250 MAIL FROM: <provider email account> OKQUIT`

Qmail changes

If it is not accepted, change the area around line 264 of qmail-remote.c so that the SMTP-AUTH email address is specified in MAIL FROM :. (Commented out is the code before the change)

qmail-remote.c

substdio_put(&smtpto,auth_smtp_user,auth_smtp_user.len);    // substdio_put(&smtpto,sender.s,sender.len);

After that, as usual (please stop qmail if necessary)

make setup check

Thank you for your hard work