֤ۤξפ POP before SMTP

1. Ϥ

̾ POP before SMTP ϡSMTP Ѥβݤ POP ˻Ȥ줿 
IP ɥ쥹ǤΤȽǤƤ뤿ᡢNAT ȤäƤĶ POP 
ȡ֤¾ͤ SMTP ѤĤƤޤᡢ
³ IP ɥ쥹Ǥʤ POP 桼̾å褦ˤơ
POP ƤĤ줿᡼륢ɥ쥹ǤʤǤʤ褦ˤ
ۤΤäȤ POP before SMTP Ȥ褦ˤ뤿μ¸Ūʼ

SMTP AUTH ȤĶʤСȤä˾ޤΤϸޤǤʤ


2. ɬפʤ

SMTPd: postfix 2.1 ʹ
POP3d: qmail-pop3d
¾: SQLite, PHP

postfix  qmail Ϥѥåפǡ̵¤Τޤ޻Ѥ롣
PHP  SQLite ĥ⥸塼뤬Ȥ߹ޤƤꡢPear DB 饹
Ȥ褦ˤʤäƤ뤳ȡ

ʹʪϰʲΤȤ
pbsinsert:	ǡ١Ͽ(qmail-pop3d 鵯ư)
pbsselect:	ǡ١䤤碌(postfix 鵯ư)
pbsdelete:	Ťʤä쥳ɤ(դϻȤʤ)
createtbl.sql:	ǡ١ SQL
qmail/*:	qmail ưץȥץ
postfix/*"	postfix ե륵ץ
util/*: 	ƼϿѥץ

ޤưǧϤäƤʤΤդΤȡ


3. 󥹥ȡ

3.1 ץȤ DB ν
(1) Makefile ˵Ҥ줿ͤʬδĶ˹碌ƽ񤭴롣
    EXPIRE  POP ѤĤƤ()
    ʳͤϸФ狼Ȼפ

(2) 󥹥ȡ

    % make
    # make install
    # make install-db

(3) ǥ󥹥ȡ뤷ǡ١POP ̾ȡΥ̾
    Ĥԥ᡼륢ɥ쥹Ȥ߹碌Ͽ롣
    桼 hoge  hoge@example.com Ȥ᡼륢ɥ쥹Ǥ
    ĤˤϡʲΤ褦 SQL ¹Ԥ롣

    # sqlite /var/db/pbs/pbs.dat
    sqlite> insert into USERMAP values ('hoge', 'hoge@example.com', 1);

    Ǹ夬 1 ǤΤͭ0 ϿƤƤ̵뤵롣
    select κݤˤ like 黻ҤϻȤʤΤǡפǵҤ뤳ȡ

(4) ưǧʲΤ褦˼¹ԤơIP ɥ쥹桼̾ॹפ
    | Ƕڤäɽ뤳ȡ

    # echo login, user=hoge, client=127.0.0.1 | /usr/local/libexec/pbsinsert
    # sqlite /var/db/pbs/pbs.dat
    sqlite> select * from PBS;
    127.0.0.1|hoge|1103600395

    ˡ桼̾᡼륢ɥ쥹Ѵ V_PBS Ǹ뤳ȡ

    sqlite> select * from V_PBS;
    127.0.0.1|hoge@example.com|1103600395

3.2 qmail-pop3d 
(1) ưץȤ񤭴롣ܺ٤ qmail/* ʲγƥե
    ȤΤȡݥȤϡ桼̾³Ϥ뤿ˡ
    ̾ qmail-pop3d Maildir ȤʤäƤʬ
    sh -c 'echo login, user=$USER, client=$TCPREMOTEIP >&5; qmail-pop3d Maildir'
    Ȥơե뵭һ5ǤФȡӡ
    ǡ١˽񤭹िˡ̾ tcpserver ... 
    ƵưƤʬ
    ( tcpserver ... ) 5>&1 | /usr/local/libexec/pbsinsert
    Ȥơե뵭һ5 pbsinsert ˿碌뤳ȡ

(2) ưǧץȤ񤭴 qmail-pop3d 򤤤äߤ
    Ƶư᡼顼ޤ telnet  POP 󤷤Ƥߤ롣PBS ơ֥
    select ʸ¹Ԥƥǡ١Ƥ뤳Ȥǧ롣

3.3 postfix 
    main.cf, master.cf 񤭴롣ޤ master.cf ˰ʲɵ
    policy ӥ spawn 뤳ȡ

policy    unix  -       n       n       -       -       spawn
  user=nobody argv=/usr/local/libexec/pbsselect

    ˡmain.cf  smtpd_recipient_restriction Ǥ policy ӥ
    䤤碌褦ˤ뤳ȡreject_unauth_destination ľ˵Ҥ롣

smtpd_recipient_restrictions =
        permit_mynetworks
        ...
        check_policy_service unix:private/policy
        reject_unauth_destination

    Solaris Ǥ UNIX ɥᥤ󥽥åȤǤϤʤ TCP åȤȤ
    ܺ٤ Postfix ° SMTPD_POLICY_README 򻲾ȤΤȡ

ʾˤꡢ³ IP ɥ쥹ˤ POP before SMTP ǽˤʤäϤǤ롣
USERMAP ơ֥ hoge  hoge@example.com бϿƤ硢
10.1.2.3  hoge  POP :
10.1.2.3  hoge@example.com   
10.1.2.3  hoge@example.net   
10.1.2.4  hoge@example.com   
ȤʤϤǤ롣2ܤΥѥϰŪ POP before SMTP Ǥ
ĤƤΡIP ɥ쥹ȥ᡼륢ɥ쥹Ȥ߹碌åˤꡢ
μǤϵݤ롣


4. ٤

USERMAP ơ֥ POP ̾ȥ᡼륢ɥ쥹Ȥ߹碌
ˡȤʤ褦ơ֥äƤ롣ΤᡢҤȤΥ桼
ʣΥ᡼륢ɥ쥹ĤꡢҤȤĤΥ᡼륢ɥ쥹ʣ
桼Ƕͭǽ

IP ɥ쥹 POP ̾Ȥ߹碌å򤻤IP ɥ쥹
ȤŤ̾ΡPOP before SMTP ǽPOP ̾åʤ
IP ɥ쥹 ACCESSMAP ơ֥Ͽ롣

insert into ACCESSMAP values ('10.1.2.3', NULL, 1);

LIKE 黻Ϥʤ褦ˤ虜ȺäƤΤǡ桼̾Υå򤷤ʤ
IP ɥ쥹򤹤٤ ACCESSMAP ơ֥Ͽɬפ롣/24 ʤɤ
ϰϻɲä util/accessmap.php Ȥ
ɤ桼̾åʤ IP ɥ쥹ΤߤǵĤˤϡ
ΥץȤȤɬפϤʤľ¾ POP before SMTP μȤ٤

Ť Zaurus ¢᡼顼Τ褦ˡPOP θɬ PPP å
ǤƤޤ SMTP  IP ɥ쥹ɬ POP Ȱפʤ
饤ȤΤˡ󤷤ΤȤϰۤʤʣ IP ɥ쥹
ѵĤ뤳ȤǤ롣ȤСhoge  POP 󤷤
θ֤ 10.1.2.0/24 ϰϤ٤Ƥ hoge ˤ᡼
Ĥˤϡ

insert into ACCESSMAP values ('10.1.2.0', 'hoge@example.com', 2);
insert into ACCESSMAP values ('10.1.2.1', 'hoge@example.com', 2);
...
insert into ACCESSMAP values ('10.1.2.255', 'hoge@example.com', 2);

Ȥ롣Ϥ LIKE 黻ϤʤΤǡϿ뤳ȡˤʤ
ǽΤǻѤˤϽʬդ뤳ȡʤ
util/accessmap.php ǰϿǤ롣POP ̾ǤϤʤ᡼
ɥ쥹ǤϿȤʤ뤬USERMAP  STATUS  0 Υɥ쥹Ǥ
ͭˤʤΤաѤ⡣


5. ޤޤȤ

Ťʤä pbsselect ư줿Ȥ1롣
pbsselect ϵưƤ main.cf  policy_time_limit ǻꤷ֤
в᤹ȼưŪ˽λΤǡ cron ʤɤǻŹޤʤƤ
ٰʾŤϼưŪ˾ä롣餫ͳ̤
郎 PBS ơ֥ insert ȡλãޤǤäѤ
ĤΤդ뤳ȡpbsselect ϵưˤΥ쥳ɤʤ
(褦˽Τ⥫󥿥)pbsdelete ¹Ԥ
̤ξ롣

ưɬפʳƼѥ᡼ PBS_PARAM Ȥơ֥Ͽ롣
ȤäƤ⡢POP ֤ͭ expire Ȥˤ
ȤäƤʤɡ

update PBS_PARAM set VALUE=600 where PARAM='expire'; -- ֤ͭ10ʬѹ

åϤۤȤ SQL Ǽ¸Ƥ롣PHP ץȤεҼΤ
RDBMS ˤۤȤɰ¸ʤ Pear DB 饹ȤäƤ뤬MySQL Ǥ
Ȥʤ(뤤Ͼͽ)ǽ򤤤ĤȤäƤΤǡ
MySQL ˰ܿȤʤ SQLite ¦ˤޤƤ PHP ¦
ʤ褦˥ɤɲäɬפ(ȤäƤ礷
֤ǤϤʤ)PostgeSQL  Oracle ʤ餵ۤ礭ʽ
ʤƤܿǤȻפ롣Ȥܿ뤳Ȥͤ
ʤϤޤǼ¸ŪʼǤ롣

뤤ϡRDBMS ǤϤʤ "ip.add.re.ss:mail@address timestamp" Τ褦
 BerkeleyDB ˳ǼȤˡͤ뤫ʡ

POP Ф qmail-pop3d Ȥäsyslog ƻ뤹褦ˤ
¾ POP ФǤȤȻפtpop3d Ȥ POP Фϥ
Ǥդ SQL ȯԤǤΤ(MySQL ˸¤뤬)
ưפбǤMTA  postfix ʳǤ񤷤Ȼפ

ޤǼ¸ŪʼʤΤǡǡ١ι¤ϤޤͤƤʤ
ޤǼ¸ŪʼʤΤǡѥեޥ󥹤ȤϤޤͤƤʤ
ޤǼ¸ŪʼʤΤǡ
Ѥ˻ȤˤϳƼǲɤʤϥκƼ򤷤Ƥ

ɤ줯餤¸ŪʤΤȤȡץȤ񤯤Τˤä֤⡢
ΥɥȤϤ뤫˻֤äƤ뤰餤Ƥȡ
줿ΤǤ롣ĿͥФǻȤ֤ˤϤ֤ϤʤȻפɡ


-- 
ޤΤ // yamaya@mtj.biglobe.ne.jp
