Can mailfront cvm-validate use plain cvm-vmailmgr

Graham Miller

2006-12-28 09:29:48 UTC

Post by Graham Miller
I have been trying to get mailfront running on this centos4.2 box for
a couple of days now. And I have achieved running programs but I have
not been able to get it to reject for non-existing email addresses.
The problem seems to be in the cvm software I think because the
cvm-testclient works properly without a cvm daemon in local socket
mode, but always answers with a ? in log (#7 on stdout) and thus
allows all addresses when it talks to the daemon but only valid
addresses when not using the daemon.

This has turned out to be a simple CVM_LOOKUP_SECRET issue. I had that set
in the environment for the daemon, but did not have it in the environment
for the cvm-testclient. Once I fixed that, correct answers came every time.

Mailfront seems to be happy now. Below is the testing procedure and setup
files.

So here is the setup...
CVM 0.82
Mailfront 1.10

Daemon invoked thus:
# File: /etc/cvm/cvm-vmailmgr/run
#!/bin/sh

prog="/usr/local/bin/cvm-vmailmgr-local /tmp/.cvm-vmailmgr"
echo -n $"Starting $prog: "
exec /usr/local/bin/envdir /etc/cvm/cvm-vmailmgr/env/ \
/usr/local/bin/softlimit -m 9000000 \
$prog 2>&1
#EOF

----
[]# grep ^ /etc/cvm/cvm-vmailmgr/env/*
/etc/cvm/cvm-vmailmgr/env/CVM_LOOKUP_SECRET:cvmpass
/etc/cvm/cvm-vmailmgr/env/CVM_SOCKET:/tmp/.cvm-vmailmgr
/etc/cvm/cvm-vmailmgr/env/DEBUG:3

## Then tested as below....
# Copied the above files to ~graham/test directory

[]$ sudo envdir . cvm-testclient cvm-local:/tmp/.cvm-vmailmgr nonexisting
gmcs.com.au
cvm-testclient: Fatal: Authentication failed, error #100 (Credentials
rejected)

# exactly as it should. There are no accounts called nonexisting in any
virtual domain or /etc/passwd

[]$ sudo envdir . cvm-testclient cvm-local:/tmp/.cvm-vmailmgr graham
gmcs.com.au
user name: graham
user ID: 514
group ID: 502
real name: (null)
directory: /home//gmcs/users/graham
shell: (null)
group name: (null)
system user name: gmcs
system directory: /home//gmcs
domain: gmcs.com.au
mailbox path: /home//gmcs/users/graham

# and an strace of the daemon process showed the lookup happening as it
should. Previously, without the LOOKUP_SECRET for the cvm-testclient, I had
to use the passwd for the graham user in the virtual domain to get the facts
returned. Otherwise I got a error #7 for a existing account and #100 for a
nonexisting one.

So now to mailfront....
# In the directory where I am testing mailfront the following files exist:
[***@jenshen3 betasmtp-env]# grep ^ *
CVM_LOOKUP:cvm-local:/tmp/.cvm-vmailmgr
CVM_LOOKUP_SECRET:cvmpass
CVM_SASL_PLAIN:cvm-local:/tmp/.cvm-vmailmgr
CVM_SOCKET:/tmp/.cvm-vmailmgr
DEBUG:3
LOOKUP_SECRET:cvmpass
PLUGINS:check-fqdn:counters:mailrules:relayclient:cvm-validate:qmail-validat
e:add-received:patterns:accept-sender

# Some of the above environment vars may not be needed.

# I then invoked mailfront in the same directory as below: (/ulb/ is slink
to /usr/local/bin/)
[]# envdir . strace -fffo ~graham/straces/cvm8test-smtpfront-cvmlocal.log
/ulb/mailfront11/smtpfront-qmail
220 unknown mailfront ESMTP
mail from ***@example.com
mailfront[6299]: MAIL from ***@example.com
250 2.1.0 Sender accepted.
rcpt to ***@example.com
mailfront[6299]: RCPT to ***@example.com
mailfront[6299]: 553 5.1.1 Sorry, that recipient does not exist.
553 5.1.1 Sorry, that recipient does not exist.
rcpt to ***@gmcs.com.au
mailfront[6299]: RCPT to ***@gmcs.com.au
250 2.1.5 Recipient accepted.

quit
221 2.0.0 Good bye.
mailfront[5603]: bytes in: 32 bytes out: 78

# So we seem to good now.

I noticed some intersting things in the strace about the order in which this
system looks for shared libraries. Seems to be inefficient. But more on that
later.

I'll put this working one on the beta test IP address and see how it goes.

Thanks
Graham