initial commit of file from CVS for qmail on Fri 14 Jul 16:15:22 BST 2023
This commit is contained in:
Brian Read
154
moreipme.README
Normal file
154
moreipme.README
Normal file
@@ -0,0 +1,154 @@
|
||||
###########
|
||||
### WHO ###
|
||||
###########
|
||||
|
||||
This patch was written by Scott Gifford <sgifford@suspectclass.com>.
|
||||
The design and much of the code for supporting "notipme" was
|
||||
contributed by Charles Cazabon <charlesc@discworld.dyndns.org>.
|
||||
|
||||
|
||||
############
|
||||
### WHAT ###
|
||||
############
|
||||
|
||||
This patch may be necessary in some configurations that involve network
|
||||
address translation or port forwarding. It prevents a problem caused
|
||||
by an MX or other mail routing directive instructing qmail to connect to
|
||||
itself without realizing it's connecting to itself. When this happens,
|
||||
it accepts the message, finds out where to deliver it to (itself), and
|
||||
promptly reconnects to itself to deliver the message. Eventually, when
|
||||
it has done this 20 or 30 times, it will give up and bounce the message,
|
||||
but not before sucking up all of your CPU while it's happening.
|
||||
|
||||
It may also be useful in some configurations that have multiple qmail
|
||||
servers configured on different interfaces of the same system. qmail
|
||||
will normally refuse to deliver mail by SMTP to the machine it's
|
||||
running on, but with multiple copies of qmail, you may want to prevent
|
||||
this behavior.
|
||||
|
||||
Normally, qmail can detect what IP addresses refer to itself by getting
|
||||
a list of all network interfaces with IP addresses from the operating
|
||||
system. It uses this list to determine whether connecting to an address
|
||||
will cause it to connect to itself, and avoid the situation (it calls
|
||||
the perm_ambigmx() function, which prints the message:
|
||||
|
||||
Sorry. Although I'm listed as a best-preference MX or A for that host,
|
||||
it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)
|
||||
|
||||
But in situations where the OS is not aware of all IP addresses that
|
||||
connect back to itself, this detection fails, causing the CPU-sucking
|
||||
phenomenon described above. This can happen if there is a network
|
||||
address translation device in front of the qmail server, such as a
|
||||
load-balancer or a router which allows you to share one IP address among
|
||||
several machines; if there is a port forwarder forwarding connections
|
||||
from some other machine to the SMTP server on the qmail server; or in
|
||||
configurations where a "dumb" mailserver is configured to use your qmail
|
||||
server as a "smarthost", delivering all mail to it without inspection.
|
||||
|
||||
To solve this, other IP addresses which will ultimately connect back to
|
||||
your machine can be added to the file "control/moreipme", one per line.
|
||||
qmail will treat all addresses in this file exactly as if they were
|
||||
local, and if it finds an MX record or other mail routing information
|
||||
which would cause it to connect to any of these addresses, it will call
|
||||
perm_ambigmx(), and print the above error message.
|
||||
|
||||
Additionally, IP addresses which the system detects but which should
|
||||
*not* be treated as local can be removed from qmail's ipme list by
|
||||
adding them to the file "control/notipme".
|
||||
|
||||
IP addresses can be specified as individual addresses in the usual
|
||||
dotted-quad format, or as entire networks using a slash followed by
|
||||
the full dotted-quad netmask:
|
||||
|
||||
127.0.0.1
|
||||
127.0.0.1/255.255.255.255
|
||||
127.0.0.0/255.0.0.0
|
||||
10.0.0.0/255.255.255.0
|
||||
|
||||
An individual address is treated exactly like a network with a mask of
|
||||
255.255.255.255. Addresses of interfaces found on the system are
|
||||
added with their individual addresses. In addition, these addresses
|
||||
are implicitly added:
|
||||
|
||||
0.0.0.0
|
||||
127.0.0.0/255.0.0.0
|
||||
|
||||
So the list of system addresses (the "ipme" list) is, in order,
|
||||
127.0.0.0/255.0.0.0, 0.0.0.0, then all actual interfaces on the system
|
||||
in the order they are reported, then the contents of the "moreipme"
|
||||
file. The list of excluded addresses (the "notipme" list) is just the
|
||||
contents of the "notipme" file.
|
||||
|
||||
If an address appears in both the ipme list and the notipme list, the
|
||||
entry with the longest netmask wins. If the netmask lengths are the
|
||||
same, notipme wins.
|
||||
|
||||
For example, if the ipme list has 127.0.0.0/255.0.0.0 and notipme has
|
||||
127.0.0.2, then 127.0.0.2 will not be considered me because the entry
|
||||
in notipme has a 32-bit mask. If the notipme list has
|
||||
127.0.0.0/255.0.0.0, all of 127.* will not be considered me.
|
||||
|
||||
You can run the program "ipmeprint" from the source directory to see
|
||||
what interfaces qmail is detecting or finds in moreipme.
|
||||
|
||||
You can run the program "ipmetest" from the source directory to test
|
||||
your configuration. It takes as its first and only parameter an IP
|
||||
address to test, and prints either "me" or "not me".
|
||||
|
||||
###########
|
||||
### HOW ###
|
||||
###########
|
||||
|
||||
To apply the patch, download and save it somewhere, then cd into your
|
||||
qmail source directory.
|
||||
|
||||
For stock qmail, download qmail-1.03-moreipme-0.6.patch then run:
|
||||
|
||||
cd qmail-1.03
|
||||
patch -p1 </path/to/qmail-1.03-moreipme-0.6.patch
|
||||
|
||||
For netqmail, first download netqmail-1.05, and run the included
|
||||
collate.sh script. Then download netqmail-1.05-moreipme-0.6.patch and
|
||||
apply it to the netqmail base directory, after runn:
|
||||
|
||||
cd netqmail-1.05
|
||||
patch -p1 </path/to/netqmail-1.05-moreipme-0.6.patch
|
||||
|
||||
|
||||
###################
|
||||
### OTHER NOTES ###
|
||||
###################
|
||||
|
||||
This patch also incorporates the "0.0.0.0" patch, which causes qmail
|
||||
to recognize the IP address 0.0.0.0 as a local address. See:
|
||||
|
||||
http://www.suspectclass.com/~sgifford/qmail/qmail-0.0.0.0.README
|
||||
|
||||
for more information, and
|
||||
|
||||
http://www.suspectclass.com/~sgifford/qmail/qmail-0.0.0.0.patch
|
||||
|
||||
for a copy of the patch.
|
||||
|
||||
|
||||
###############
|
||||
### HISTORY ###
|
||||
###############
|
||||
|
||||
2004 May 22 - Patch version 0.6 released. Fix from Richard Dawe where
|
||||
masks weren't handled properly, removed some dead code,
|
||||
updated comments and docs. Produce a copy of the patch
|
||||
for netqmail-1.05.
|
||||
|
||||
2003 Apr 29 - Patch version 0.5 released. Added support for netmasks
|
||||
in moreipme and notipme, ipmetest utility, 127/8 as
|
||||
implicit ipme.
|
||||
|
||||
2002 Apr 26 - Patch version 0.4 released. Includes support for "notipme" file.
|
||||
Many other small fixes and cleanups. Fixes ipmeprint to
|
||||
chdir(/var/qmail) before running.
|
||||
|
||||
2001 Oct 8 - Original release of patch.
|
||||
|
||||
2001 Jan 22 - (roughly) Original release of 0.0.0.0 patch.
|
||||
|
||||
Reference in New Issue
Block a user