Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Diff to update table_sqlite(5) #54

Open
wants to merge 43 commits into
base: master
Choose a base branch
from
Open

Diff to update table_sqlite(5) #54

wants to merge 43 commits into from

Conversation

ghost
Copy link

@ghost ghost commented Sep 4, 2018

Change table_sqlite(5) to reflect the new OpenBSD use of actions and matches. Add explanations and examples of query_userinfo, query_addrname, and query_mailaddr. Hoping to have a future update for the remaining two query types, query_netaddr and query_source, soon.

--- table-sqlite.5	Mon Sep  3 12:00:13 2018
+++ table-sqlite.5   Mon Sep  3 11:54:22 2018
@@ -98,6 +98,37 @@
 is replaced with the appropriate data. For the domain it would be the
 right hand side of the SMTP address. This expects one VARCHAR to be returned
 with a matching domain name.
+.Pp
+
+.It Xo
+.Ic query_userinfo
+.Ar SQL statement
+.Xc
+This is used to provide a query for looking up users listed in a userbase
+table. The question mark is replaced with the appropriate data. For userinfo,
+the left hand side is the virtual user name. The query expects that there are
+three VARCHARS returned: a uid, a gid, and a home directory.
+.Pp
+
+.It Xo
+.Ic query_addrname
+.Ar SQL statement
+.Xc
+This is used to provide a query for looking up a hostname associated with an
+IP address. The question mark is replaced with the appropriate data. For
+addrname, the left hand side is the IP address. This expects one VARCHAR to
+be returned with the host name that the IP address resolves to.
+.Pp
+
+.It Xo
+.Ic query_mailaddr
+.Ar SQL statement
+.Xc
+This is used to provide a query for looking up a complete email address or the
+domain part, i.e. @example.org. The question mark is replaced with the 
+appropriate data. This expects one VARCHAR to be returned with a matching
+email address or the domain part of the email address.
+.Pp
 .El
 
 A generic SQL statement would be something like:
@@ -106,16 +137,16 @@
 .Ed
 
 .Sh EXAMPLES
-Example based on the OpenSMTPD FAQ: Building a Mail Server
-The filtering part is excluded in this example.
 
-The configuration below is for a medium-size mail server which handles
+The configuration below is for a server which can handle
 multiple domains with multiple virtual users and is based on several
 assumptions. One is that a single system user named vmail is used for all
-virtual users. This user needs to be created:
+virtual users and the vmail gid and uid are 2000. The rejects table is used
+to just flat out deny spam domains. 
+This user needs to be created:
 
 .Bd -literal
-# useradd -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
+# useradd -u 2000 -g =uid -c "Virtual Mail" -d /var/vmail -s /sbin/nologin vmail
 # mkdir /var/vmail
 # chown vmail:vmail /var/vmail
 .Ed
@@ -136,6 +167,23 @@
     id INTEGER PRIMARY KEY AUTOINCREMENT,
     domain VARCHAR(255) NOT NULL
 );
+CREATE TABLE userinfo (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user VARCHAR(255) NOT NULL,
+    uid VARCHAR(255) NOT NULL,
+    gid VARCHAR(255) NOT NULL,
+    home VARCHAR(255) NOT NULL
+);
+CREATE TABLE addrnames (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    ip VARCHAR(255) NOT NULL,
+    host VARCHAR(255) NOT NULL
+);
+CREATE TABLE rejects (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    address VARCHAR(255) NOT NULL
+);
+
 INSERT INTO domains VALUES (1, "example.com");
 INSERT INTO domains VALUES (2, "example.net");
 INSERT INTO domains VALUES (3, "example.org");
@@ -143,14 +191,22 @@
 INSERT INTO virtuals VALUES (1, "[email protected]", "[email protected]");
 INSERT INTO virtuals VALUES (2, "[email protected]", "[email protected]");
 INSERT INTO virtuals VALUES (3, "[email protected]", "[email protected]");
-INSERT INTO virtuals VALUES (4, "[email protected]", "vmail");
+INSERT INTO virtuals VALUES (4, "[email protected]", "bob");
 INSERT INTO virtuals VALUES (5, "[email protected]", "[email protected]");
 INSERT INTO virtuals VALUES (6, "[email protected]", "[email protected]");
 INSERT INTO virtuals VALUES (7, "[email protected]", "[email protected]");
-INSERT INTO virtuals VALUES (8, "[email protected]", "vmail");
+INSERT INTO virtuals VALUES (8, "[email protected]", "alice");
 
+INSERT INTO userinfo VALUES (1, "bob", "2000", "2000", "/var/vmail");
+INSERT INTO userinfo VALUES (2, "alice", "2000", "2000", "/var/vmail");
+
 INSERT INTO credentials VALUES (1, "[email protected]", "$2b$08$ANGFKBL.BnDLL0bUl7I6aumTCLRJSQluSQLuueWRG.xceworWrUIu");
 INSERT INTO credentials VALUES (2, "[email protected]", "$2b$08$AkHdB37kaj2NEoTcISHSYOCEBA5vyW1RcD8H1HG.XX0P/G1KIYwii");
+
+INSERT INTO addrnames VALUES (1, "192.0.2.1", "mail.example.org");
+
+INSERT INTO rejects VALUES (1, "@tencent.com");
+INSERT INTO rejects VALUES (2, "@qq.com");
 .Ed
 
 .Ic Pa /etc/mail/sqlite.conf
@@ -159,6 +215,9 @@
 query_alias SELECT destination FROM virtuals WHERE email=?;
 query_credentials SELECT email, password FROM credentials WHERE email=?;
 query_domain SELECT domain FROM domains WHERE domain=?;
+query_userinfo SELECT uid, gid, home FROM userinfo WHERE user=?;
+query_addrname SELECT host FROM addrnames WHERE ip=?;
+query_mailaddr SELECT address FROM rejects WHERE address=?
 .Ed
 
 .Ic Pa /etc/mail/smtpd.conf
@@ -166,9 +225,16 @@
 table domains sqlite:/etc/mail/sqlite.conf
 table virtuals sqlite:/etc/mail/sqlite.conf
 table credentials sqlite:/etc/mail/sqlite.conf
-listen on egress port 25 tls pki mail.example.com
-listen on egress port 587 tls-require pki mail.example.com auth <credentials>
-accept from any for domain <domains> virtual <virtuals> deliver to mbox
+table userinfo sqlite:/etc/mail/sqlite.conf
+table addrnames sqlite:/etc/mail/sqlite.conf
+table rejects sqlite:/etc/mail/sqlite.conf
+
+listen on egress port 25 tls pki mail.example.com hostnames <addrnames>
+listen on egress port 587 tls-require pki mail.example.com auth <credentials> hostnames <addrnames>
+
+action "action01" mbox userbase <userinfo> virtual <virtuals>
+match from any mail-from <rejects> for any reject
+match from any for domain <domains> action "action01"
 .Ed
 
 .Sh FILES
@@ -187,10 +253,7 @@
 Documenting the following query options:
 .Bd -literal -offset indent -compact
 .Ic query_netaddr
-.Ic query_userinfo
 .Ic query_source
-.Ic query_mailaddr
-.Ic query_addrname
 .Ed
 
 .Sh SEE ALSO

poolpOrg and others added 30 commits May 15, 2017 09:39
@poolpOrg
skeleton for smtpfd
3136fbb
@snimmagadda
Let the default conf location be /etc/mail.
2820310
@snimmagadda
s/newd_conf/smtpfd_conf.
b290b1a
@snimmagadda
s/newd_process/smtpfd_process.
e2c574d
@snimmagadda
Replace remaining 'newd' with 'smtpfd'.
29158c8
@snimmagadda
Fix mandoc lint warnings.
ffb8bf4
@snimmagadda
unlink(2) requires cpath in pledge.
715fb90 
Fixes a crash on SIGINT.
@ericfaurot
remove sample implementation for process info
50e5fe7
@ericfaurot
introduce a helper layer for imsg process management.
b12ed3b 
make the frontend process use it.
@ericfaurot
convert engine.c to use the procimsg abstraction
2eae71f
@ericfaurot
use imsgproc abstraction for main process.
ae02db5
@ericfaurot
use imsgproc abstraction for control clients
410d861
@ericfaurot
revert change that was not supposed to be commited
602e5ab
@ericfaurot
remove unused imsgev-related code
26d2baf
@ericfaurot
replace config parser and get rid of config handling in the
bbb466b 
child processes for now.
@ericfaurot
simplify engine and frontend code:
3aa74a7 
- remove unncessary signal handlers
- simpler exit path
- use static functions where possible
@ericfaurot
set procname earlier and get rid of the log_procnames indirection
1121fc2
@ericfaurot
declare p_* as external globals in smtpfd.h and put them in smtpfd.c
112f687
@ericfaurot
use proc_compose() directly everywhere
e2c3f59
@ericfaurot
make ctl_conn and control_state internal to contol.c
07834ee
@ericfaurot
move mostly empty engine.h and frontend.h to smtpfd.h
e5ad1bd
@ericfaurot
implement the -D option and tweak manpage
f5ff470
@ericfaurot
mark static funciotns as static
a64a73f
@ericfaurot
tweak includes
96e5d22
@ericfaurot
use fatalx() instead of errx()
e95fb1e
@ericfaurot
get rid of ctl_conn structure and use imsgproc directly
d6d8f1e
@ericfaurot
- use static where appropriate
3e3f654 
- properly set up child imsgproc
@ericfaurot
tweak the condig parser a bit.
b1e1128 
make the main process fork external filters as found in the config file
and pass the imsg handle to the engine.
@ericfaurot
pass the filter processes and flattened chains to the engine
2381969
@ericfaurot
remove unused showinfo code
6823d6c
@alenmeister
Copy link

Thumbs up for this to be commited!

@poolpOrg
Copy link
Member

you have based your diff on a separate branch, bringing your change implies bringing 43 commits :-|

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alenmeister @poolpOrg @snimmagadda @ericfaurot