Running qmail-smtpd with chkuser via xinetd

When qmail-smtpd is enhanced with the chkuser patch (which is almost mandatory these days), as well as possibly in some other cases, it sends its logging messages to stderr. This assumes a typical setup with tcpserver (another tool by DJB, the author of qmail) and splogger (a part of qmail), such as:

/opt/ucspi-tcp/current/bin/tcpserver -v -H \
        -c 500 \
        -x /opt/vpopmail/config/relay/rules.cdb \
        -u $QMAILD_UID -g $NOFILES_GID \
        -D \
        127.0.0.1 smtp \
        /opt/netqmail/current/bin/qmail-smtpd \
                /opt/vpopmail/current/bin/vchkpw /bin/true 2>&1 | \
                        /opt/netqmail/current/bin/splogger smtpd 2 &

With such a setup, stderr is redirected to splogger in order to capture logging messages from tcpserver - but this also happens to capture logging messages from the (patched) qmail-smtpd.

In the case of xinetd, both stdout and stderr of a service are sent to the socket, and if we configure qmail-smtpd as an xinetd service in the obvious way, qmail-smtpd log messages and SMTP messages will create a mess-up. The solution is to redirect stderr to splogger leaving stdout unaffected. Such behavior can be implemented by the following wrapper script:

$ cat /opt/netqmail/current/bin/qmail-smtpd-inetd
#!/bin/sh
dir=`dirname "$0"`
exec 3>&1
$dir/qmail-smtpd 2>&1 1>&3 3>&-| $dir/splogger smtpd 2 3>&-
exec 3>&-

One of “our” shell tricks is used by this script.

A drawback of this approach is that one instance of splogger is started for every SMTP connection, as opposed to one instance per listening SMTP port with the tcpserver setup.

Then the portion of xinetd config might look as follows:

service smtp
{
        id              = smtp-remote
        socket_type     = stream
        protocol        = tcp
        user            = qmaild
        wait            = no
        server          = /opt/netqmail/current/bin/tcp-env
        server_args     = -R /opt/netqmail/current/bin/qmail-smtpd-inetd
        interface       = your.public.IP.address
        nice            = 10
        instances       = 310
        per_source      = 50
        cps             = 1000 1
        log_type        = SYSLOG mail
}

service smtp
{
        id              = smtp-local
        socket_type     = stream
        protocol        = tcp
        user            = qmaild
        wait            = no
        server          = /opt/netqmail/current/bin/tcp-env
        server_args     = -R /opt/netqmail/current/bin/qmail-smtpd-inetd
        env             = RELAYCLIENT=
        interface       = 127.0.0.1
        nice            = 10
        instances       = 250
        cps             = 1000 1
        log_type        = SYSLOG mail
}

Please note that this example is not exactly equivalent to the one with tcpserver above - they implement different setups as it relates to SMTP relaying policy. This xinetd example unconditionally denies relaying on the public IP address, but permits it from localhost. If the latter is not needed, then only one xinetd configuration file section should be used (not two) and the ”id = …” line may be omitted.

internal/email/qmail.txt · Last modified: 2008/09/20 00:16 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux