| blob | a4dff939d0eb37753826ab7ed1cc965420b920d4 |
1 TITLE: scp-before-relay
2 LFS VERSION: any
3 AUTHOR: Gerard Beekmans <gerard@linuxfromscratch.org>
5 SYNOPSIS:
6 An alternative to the pop-before-relay scheme using postfix
8 HINT:
10 Disclaimer
11 ----------
12 This document is, at the moment, mostly a quick hack. I had to
13 implement this in between releasing the LFS-3.0 book and some
14 other pending LFS work, because my ISP's SMTP servers went offline.
15 The scripts are anything but effecient, but it gets the job done,
16 which is good enough for me at the moment. There's nothing elegant
17 about it, so be warned ;)
19 Having that said, let's get the show on the road.
23 what is pop-before-relay
24 ------------------------
26 A lot of ISP's give their users dynamically assigned IP addresses. One of
27 the side-effects of this is that remote servers never know who is behind a
28 particular IP address. You cannot simply tell the SMTP server you wish to relay
29 with to allow it from one or a block of IP addresses, because this would allow
30 anybody from your ISP to exploit the relay.
32 So, people came up with the pop-before-relay scheme. When you login to a
33 server to check for new mail, your current IP address is logged and added
34 to the SMTP's server relay database. A pop-before-relay (helper) daemon
35 will check that database and expire IP addresses after they have been
36 in the database for a certain amount of time, because you could have gone offline
37 after you checked for new email, so the IP address should be flushed from
38 that database as soon as possible to lower the chance of somebody else obtaining
39 the IP address and exploit the relay, unless you check for new mail again within
40 the expire time.
44 scp-before-relay
45 ----------------
47 What is this scp-before-relay and why not use pop-before-relay if software
48 has already been written to support it?
50 The problem I encountered is that I use ssh tunneling to login to my pop3
51 server at linuxfromscratch.org. With pop3 (imap and others probably too) your
52 password is transmitted as clear text, much like happens with telnet. I don't
53 quite like that, so I use port forwarding with openssh. The downside is that
54 the pop3 daemon now logs my login attempt with the IP address of the server
55 itself (since I'm ssh'ed into the server and connect to localhost there, so
56 the originating IP address is that of localhost as well).
58 So I had to come up with something different, and I call it
59 scp-before-relay.
63 How it works
64 ------------
66 My workstation, called gwaihir, runs the following script every 4
67 minutes:
69 #!/bin/bash
70 # Begin send-ip
72 PATH=/bin:/sbin:/usr/bin:/usr/sbin
74 ifconfig ppp0 > /home/gerard/tmp/ppp.tmp || exit 1
76 IP=$(cat /home/gerard/tmp/ppp.tmp|grep "inet addr"| \
77 cut -f 2 -d ":"|cut -f 1 -d " ")
79 echo "$IP 0" > /home/gerard/tmp/gwaihir-ip
81 /usr/bin/scp /home/gerard/tmp/gwaihir-ip \
82 linuxfromscratch.org:tmp
84 # End send-ip
86 The above script will obtain gwaihir's current IP address on the ppp0 link,
87 if it's up at the moment. Then send the file, gwaihir-ip, to the
88 linuxfromscratch.org server in my ~/tmp directory over there.
90 The format of the file is:
91 IP 0
93 The 0 can be any value you want, it's not used in the current scheme. It's
94 just to satisfy the hash database format used by postfix.
96 The server, shadowfax, runs the following script every 10 minutes:
98 #!/bin/sh
99 # Start update-postfix-relay
101 PATH=/bin:/sbin:/usr/bin:/usr/sbin
103 if [ -f /home/gerard/tmp/gwaihir-ip ]
104 then
105 mv /home/gerard/tmp/gwaihir-ip /etc/postfix
106 chown root.root /etc/postfix/gwaihir-ip
107 postmap /etc/postfix/gwaihir-ip
108 date +%s > /etc/postfix/gwaihir-ip.log
109 else
110 LAST=$(cat /etc/postfix/gwaihir-ip.log)
111 if [ $(expr $(date +%s) - $LAST) -lt 1200 ]
112 then
113 exit
114 else
115 echo "0 0" > /etc/postfix/gwaihir-ip
116 postmap /etc/postfix/gwaihir-ip
117 fi
118 fi
119 # End update-postfix-relay
122 This script checks for a new gwaihir-ip file. If found, move the file to
123 /etc/postfix and run postmap to update the database (else postfix will
124 complain that the database file is older than it's source file). Also log
125 the time when this update took place. The +%s option will log the amount of
126 seconds since January 1970. This makes it easier to calculate when it's
127 supposed to expire.
129 Now, if there is no file gwaihir-ip present on shadowfax, it usually is
130 caused by one of the following:
132 1) both scripts were run at the same time. There will always be a point in
133 time where both systems will be running the scripts at the exact same
134 time, so gwaihir could be in the middle of sending the new file while
135 shadowfax is checking for it to exist.
137 2) gwaihir is still online, but there's a network problem between gwaihir's
138 ISP and shadowfax, which could have caused shadowfax to be unreachable from
139 gwaihir for a short period of time.
141 3) gwaihir went offline
143 There is no way for shadowfax to know which of the 3 reasons applies at the
144 moment. It's most likely reason 1 or 2, so we don't want to turn off the
145 relay authorization right away.
147 So instead, shadowfax checks gwaihir-ip.log's contents against the current
148 time. If the difference is less than 1200 seconds (20 minutes), then
149 it won't do anything. Since shadowfax checks every 10 minutes, gwaihir will have
150 10 minutes to send the file. Because gwaihir tries to send it every 4
151 minutes, it gives gwaihir 2 more chances to get the file delivered before
152 shadowfax checks again, when the 1200 seconds are up.
154 If during the next check (after 1200 seconds) gwaihir still hasn't sent a file,
155 we'll have to disable gwaihir's ability to relay. At that time "0 0" is put in
156 postfix's database. There is no IP address that matches '0', so this effectively
157 disables the relay.
161 Improvements
162 ------------
164 There is much room for improvement.
166 Shortly after I activated this scheme I got the idea to put the date +%s
167 output in the gwaihir-ip file as the second value, which would elimate the
168 need for the gwaihir-ip.log file. gwaihir can't put the date +%s in it's
169 file, because the systems are in different timezones. So shadowfax will
170 have to do this when it found the new file.
172 The send-ip script could be changed to write the gwaihir-ip file as:
174 echo "$IP stub" > /home/gerard/tmp/gwaihir-ip
176 Then the modified update-postfix-relay script could look like:
177 #!/bin/sh
178 # Start update-postfix-relay
180 PATH=/bin:/sbin:/usr/bin:/usr/sbin
182 if [ -f /home/gerard/tmp/gwaihir-ip ]
183 then
184 sed s/stub/$(date +%s)/ /home/gerard/tmp/gwaihir-ip \
185 > /etc/postfix/gwaihir-ip
186 rm /home/gerard/tmp/gwaihir-ip
187 postmap /etc/postfix/gwaihir-ip
188 else
189 LAST=$(cat /etc/postfix/gwaihir-ip|cut -f 2 -d " ")
190 if [ $(expr $(date +%s) - $LAST) -lt 1200 ]
191 then
192 exit
193 else
194 echo "0 0" > /etc/postfix/gwaihir-ip
195 postmap /etc/postfix/gwaihir-ip
196 fi
197 fi
198 # End update-postfix-relay
201 I'm pretty sure this works, I just haven't tried it yet.
203 Another obvious improvent would be using variables in the scripts for the
204 gwaihir-ip file locations, like:
206 SOURCE=/home/gerard/tmp/gwaihir-ip
207 DEST=/etc/postfix/gwaihir-ip
211 Other than that, this is designed to work with one user. If you have more
212 people you want to be able to use the server as a relay, you need to make some
213 changes. You could use seperate files for every user, and put the script in a loop
214 to parse the files and disable or refresh somebody's relay abilities
215 accordingly. I haven't bothered giving multi-user functionality any thought,
216 so you're on your own for now. Feel free to get back to me if you have any ideas
217 on the matter. I'm not going to pursue it right now because I don't have the
218 need for it. The need may arise in the future, so who knows.