Plugin: SMTP Limiter

ClayRabbit

Verified User
Joined
Jan 3, 2004
Messages
260
Location
Russia
Here comes the plugin which allows admin to set message limit or completely (almost ;) disable SMTP for any user.

SMTP Limiter Plugin
Version 0.943

http://ruweb.net/DA/SMTP_Limiter.tar.gz

For now install/uninstall scripts is not completed, so you need to made some preparations manually.

Installation instructions:

1) Backup your current /etc/exim.conf and /etc/exim.pl
2) Upload and install plugin into DirectAdmin and activate it.
3) [...skipped...] Directories creation and adding cronjob handled by install/uninstall scripts since version 0.91.
4) You need to add some modifications to your exim.comf.
NOTE: APPLY THIS MODIFICATIONS AT YOUR OWN RISK. This plugin is beta. We need some testing, but it's not recommended to test this plugin on production servers. It can be incompatible with your exim configuration and modifications below can cause mail delivery problems on your SMTP-server. Luckily, you always can restore your original exim.conf and exim.pl from backup. :) Just don't forget to keep an eye on exim logs.
So if you want to continue, applly following modifications to your exim.conf:

4.1) Аfter
Code:
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
add
Code:
acl_not_smtp = check_not_smtp
4.2) Аfter
Code:
 begin acl
add
Code:
check_not_smtp:
    deny set acl_c0 = ${perl{find_user}}
        condition = ${if def:acl_c0{${if exists{/etc/virtual/.smtp_deny/$acl_c0} {yes}}}}
        message = User $acl_c0 is not allowed to use SMTP

    accept
4.3) Аfter
Code:
  accept  hosts = +auth_relay_hosts
          endpass
          message = authentication required
          authenticated = *
add
Code:
          set acl_c0 = ${perl{find_user}}
Note: If line "authenticated = *" appear more than once inside your exim.conf, then you probably should add "set acl_c0 = ${perl{find_user}}" after each ocurrence of this line.

4.4) Аfter
Code:
check_message:
add
Code:
  deny condition = ${if def:acl_c0{${if exists{/etc/virtual/.smtp_deny/$acl_c0} {yes}}}}
       message = User $acl_c0 is not allowed to use SMTP
4.5) Аfter
Code:
 begin routers
add
Code:
check_limits:
  driver = redirect
  domains = ! +local_domains
  condition = ${if def:acl_c0{${if first_delivery{${perl{check_limits}{$acl_c0}}}}}}
  allow_fail
  data = ":fail: You ($acl_c0) have reached your message limit"
4.6) If you have line
Code:
  condition = "${perl{check_limits}}"
(inside your lookuphost router) you should comment it:
Code:
#  condition = "${perl{check_limits}}"
4.7) After:
Code:
  accept  hosts = +relay_hosts
add:
Code:
      set acl_c0 = ${lookup{$sender_host_address}lsearch{/etc/virtual/pophosts_user}\
                             {${perl{find_user}{$value}}}}
5) Replace your exim.pl with exim.pl included in archive (It's inside 'scripts' folder. After installation (2) full path will be /usr/local/directadmin/plugins/SMTP_Limiter/scripts/exim.pl.) and make sure it has chmod 755.

6) Restart exim

7) All should work now (At least I hope so.)

Comments, suggestions, questions, and bug-reports are welcome! =)
 
Last edited:

RedHotRob

New member
Joined
May 25, 2005
Messages
1
Wow.... and to think I looked earlier for this exact thing, with no luck.....and here you are.
Will let you know how it goes.
 

ClayRabbit

Verified User
Joined
Jan 3, 2004
Messages
260
Location
Russia
The idea of course comes from DirectAdmin and plugin is based on DA's exim.pl functions.
When I saw DA included check_limits function in exim.conf and exim.pl, i started to think about this feature. I have made some experiments, and I have found that currently DirectAdmin's way of this feature railisation doesn't seem to be the best way.
I performed this plugin to show my vision of optimal implementation for that feature.

So, how we can control SMTP usage?
User can send messages in 3 ways:
1) Message sent locally from php or cgi program.
2) Message sent from remote over SMTP with SMTP-authentication.
3) Message is sent from remote over SMTP with POP3-before-SMTP authentication.

(By default with exim.conf that currently comes with DA we have folowing relay_hosts definition:
Code:
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
So it opens one more way to send a message - submit it locally not over sendmail but over SMTP. But this setting is not acceptable bacause there is no way to determine sender of messages submitted this way. So any your user can send tons of spam with his cgi over your SMTP and you can't even determine who is that spammer exactly. In our exim conf we use following:
Code:
hostlist relay_hosts = !127.0.0.1 : net-lsearch;/etc/virtual/pophosts
As you se, we also forced to exclude 127.0.0.1 from list because when any user is reading his mail via /webmail, 127.0.0.1 is appeared in /etc/virtual/pophosts.
This setting will not break squirrelmail - you need just enable smtp_auth in squirrelmail config:
perl -pi -e "s/smtp_auth_mech = 'none'/smtp_auth_mech = 'login'/" /var/www/html/squirrelmail/config/config.php
)

So there is 3 ways of sending message via our SMTP for user.

In first case we can determine sender (with find_user perl function) and check their ability to use SMTP inside acl_not_smtp ACL (see modifications (4.1) and (4.2) in first post).

In second case, we can do the same inside acl_smtp_rcpt ( see modifications (4.3)).

And in third case: For now we have no way to determine sender inside exim, because /etc/virtual/pophosts contains only IP's. We need to ask DA to modify da-popb4smtp - /etc/virtual/pophosts should look like
Code:
213.148.16.190: username1
217.107.24.101: username2
217.118.66.232: username3
62.69.8.86: username4
or maybe like
Code:
213.148.16.190: username1
217.107.24.101: [email]virtualuser1@domain1.com[/email]
217.118.66.232: [email]virtualuser2@domain2.com[/email]
62.69.8.86: username2
With that we'll become able to control messages submitted from remote with POP3-before-SMTP authentication.

(About (4.5) and (4.6) modifications:)
In DA's exim.conf check_limits was called in lookuphost router and that function trying to determine sender and check limits. I don't like this solution because:
1) lookuphost will perform that function call for every recipient, so if we have many recipients and perl will try to determine sender every time we'll got useless overhead there. In my implementation sender is determined only once per message - when this message is accepted by exim and value is stored in special variable.
2) We can't provide terse error message if check is performed inside lookuphost router (message will be bounced with "Unroutable address" error), so i added special router at the top of routers sections.
3) We should check for "first_delivery" condition otherwise check_limits will count message and bandwidth on every delivery retries.

That's almost all about exim.conf modifications.

Phew... Anyone need commens about exim.pl contents? Maybe I'll describe it later...
 
Last edited:

GNeRaL

Verified User
Joined
Mar 19, 2005
Messages
43
Location
TR
Warning: opendir(/etc/virtual/usage): failed to open dir: Permission denied in /usr/local/directadmin/plugins/SMTP_Limiter/admin/index.html on line 148 Warning: opendir(/etc/virtual/.smtp_deny): failed to open dir: No such file or directory in /usr/local/directadmin/plugins/SMTP_Limiter/admin/index.html on line 149 Warning: opendir(/etc/virtual/.smtp_limit): failed to open dir: No such file or directory in /usr/local/directadmin/plugins/SMTP_Limiter/admin/index.html on line 150

I activated SMTP Plugin and, this error ?

What must i do ?
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
ClayRabbit said:
NOTE: APPLY THIS MODIFICATIONS AT YOUR OWN RISK. This plugin is beta. We need some testing, but it's not recommended to test this plugin on production servers.
Please let me know if you'd like access to a testing server to test this plugin. I'd be happy to set one up for you.

Jeff
 

GNeRaL

Verified User
Joined
Mar 19, 2005
Messages
43
Location
TR
I did installed this plugin..

And now, I cant sending/receiving ANY mail...

Exim mail server crashed :|

I uninstalled this plugin, but problem same as old.!

Code:
2005-05-29 23:09:10 1DcU5s-0001YT-BJ => [email]delirtme@hotmail.com[/email] F=<diradmin@istanbul.fprot.gen.tr> R=lookuphost T=remote_smtp S=3708 H=mx2.hotmail.com [65.54.252.230] C="250 <E1DcU5s-0001YT-BJ@istanbul.fprot.gen.tr> Queued mail for delivery" 2005-05-29 23:09:10 1DcU5s-0001YT-BJ Completed
(main.log)

but, this mail not deliver to delirtme@hotmail.com...
 

jmstacey

Verified User
Joined
Feb 12, 2004
Messages
4,107
Location
Colorado
Did you do and/undo the changes from the instructions above?
Have you tried using the provided exim configuration for DirectAdmin when you "uninstalled" the plugin?
Have you tried reinstalling exim using DirectAdmin's installtion script.

If you answered no to any of the above, please complete them fully and then post as much information as you can regarding the problem.
 

GNeRaL

Verified User
Joined
Mar 19, 2005
Messages
43
Location
TR
jmstacey said:
mkdir -m2775 /etc/virtual/.smtp_deny
chown mail:admin /etc/virtual/.smtp_deny /etc/virtual/usage
mkdir /etc/virtual/.smtp_limit
chown admin:mail /etc/virtual/.smtp_limit /etc/virtual/limit
I removed /etc/virtual/.smtp_deny and /etc/virtual/.smtp_limit..

Still.. Problem same as old..

Now, i can send email via SquirrelMail.. But, i cant get email..
 
Last edited:

GNeRaL

Verified User
Joined
Mar 19, 2005
Messages
43
Location
TR
Code:
2005-05-29 21:53:36 1DcSum-0000Sg-Cs <= [email]destek@elm.web.tr[/email] H=yeniserver-main.hostingim.net (yeni.hostingim.net) [66.197.185.*$
P=esmtps X=TLSv
1:AES256-SHA:256 S=2518 id=429A1033.5000808@elm.web.tr T="Re: Merhabalar." from <destek@elm.web.tr> for [email]manager@fprot.gen.tr[/email]

2005-05-29 21:53:36 1DcSum-0000Sg-Cs == [email]manager@fprot.gen.tr[/email] R=domain_filter defer (-1): bad mod
e (0100777) for /etc/virtual/fprot.gen.tr/filter: 022 bit(s) unexpected

Bad mod error ? What must i do ?
 

GNeRaL

Verified User
Joined
Mar 19, 2005
Messages
43
Location
TR
Problem resolved..

I did:
chmod 755 /etc/virtual/fprot.gen.tr/filter


But, i need my old messages.
My all old messages saved in WHICH file ?
 

ClayRabbit

Verified User
Joined
Jan 3, 2004
Messages
260
Location
Russia
GNeRaL said:
I did installed this plugin..

And now, I cant sending/receiving ANY mail...

Exim mail server crashed :|

I uninstalled this plugin, but problem same as old.!
I can't see any relation between your log entries and our plugin.
Lines about message 1DcU5s-0001YT-BJ shows it was sucessfully delivered to remote server. So any futher roblems with this message is mostly related to that remote server.

Lines about message 1DcSum-0000Sg-Cs shows you had wrong permissions on /etc/virtual/fprot.gen.tr/filter . That permissions wasn't setted up by our plugin.

Only exim.conf and exim.pl is affecting mail delivery process. If you setted up your old exim.conf and exim.pl - then mail delivery is completely unaffected by our plugin. (Existence of additional dirs in /etc/virtual/, or plugin presence in DirectAdmin interface doesn't makes any sence.)
 
Last edited:

ClayRabbit

Verified User
Joined
Jan 3, 2004
Messages
260
Location
Russia
Re: Re: Plugin: SMTP Limiter

jlasman said:
Please let me know if you'd like access to a testing server to test this plugin. I'd be happy to set one up for you.
Thanks, Jeff. Yes, I'd like to test it somewhere besides our servers. I'd be glad if you will give me such possibility.
 

ClayRabbit

Verified User
Joined
Jan 3, 2004
Messages
260
Location
Russia
Version 0.91 released.
Now installation step 3 (creating directories) will be handled by install script.
Also one cronjob will be added automatically to /etc/contab during script installation/upgrade.
Installation step 4.5 modified - ("domains = ! +local_domains" added).
exim.pl also modified a little. You'll need to replace your current one manually.
 

RosT

Verified User
Joined
Jul 4, 2004
Messages
73
What to do for SMTP Limiter only count mesages but not block any messages?
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
The official one is found here.

Don't forget to change each appearance of "example.com" and the email address for spamblocked emails.

And to change the settings for SpamAssassin if required.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Just what is a nice page in DA that does nothing?

What page are you on?

What's the URL?

Jeff
 
Top