List Info

Thread: Usermap to deny POP3 and allow IMAP
Usermap to deny POP3 and allow IMAP
country flaguser name
Italy		 2008-03-05 08:43:45 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For some users I wanted to block pop3 but allow imap from
the webmail
on localhost.

I entered this into usermaps, but it also blocks login to
imap from
127.0.0.1.

Is anyone using usermap for the purpose or notice something
wrong in
this entry?

INSERT INTO `dbmail_usermap` (`login`, `sock_allow`,
`sock_deny`,
`userid`) VALUES
('testgufonero.com','inet:127.0.0.1:143','inet:0.0.0.0:110'
,'testgufonero.com');


here's the log snippet

Mar  5 15:38:16 mail dbmail/imap4d[17653]:
Debug:[imapsession]
dbmail-imapsession.c,dbmail_imap_session_handle_auth(+1618):
trying to
validate user [testgufonero.com], pass [XXXX]
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[sql]
dbmysql.c,db_query(+287): query [SELECT userid FROM
dbmail_usermap WHERE
1 = 2]
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
dbmodule.c,db_query(+151): last query took [0] seconds
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
db.c,db_use_usermap(+167): enabling usermap lookups
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
db.c,db_usermap_resolve(+4748): checking userid [testgufonero.com] in
usermap
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
db.c,db_usermap_resolve(+4759): client on inet socket
[inet:127.0.0.1:143]
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[sql]
dbmysql.c,db_query(+287): query [SELECT login, sock_allow,
sock_deny,
userid FROM dbmail_usermap WHERE login in ('testgufonero.com','ANY')
ORDER BY sock_allow, sock_deny]
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
dbmodule.c,db_query(+151): last query took [0] seconds
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[misc]
misc.c,dm_sock_score(+830): base[inet:0.0.0.0:110]
test[inet:127.0.0.1:143] => [0]
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[misc]
misc.c,dm_sock_compare(+853): clientsock
[inet:127.0.0.1:143]
sock_allow[], sock_deny [inet:0.0.0.0:110] => [1]
Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
db.c,db_usermap_resolve(+4799): access denied

thanks
John
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


iD8DBQFHzrGhd4I3jTtt9EIRAk0rAKCnDySJay9hgpnbvTXXGBu/fNmKegCf
Xv1I
VQ7WZBBXq9k1YQ6IR/8YMQc=
=cSiK
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: Usermap to deny POP3 and allow IMAP
country flaguser name
Italy		 2008-03-05 09:26:18 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Fawcett wrote:
> For some users I wanted to block pop3 but allow imap
from the webmail
> on localhost.
> 
> I entered this into usermaps, but it also blocks login
to imap from
> 127.0.0.1.
> 
> Is anyone using usermap for the purpose or notice
something wrong in
> this entry?
> 
> INSERT INTO `dbmail_usermap` (`login`, `sock_allow`,
`sock_deny`,
> `userid`) VALUES
> ('testgufonero.com','inet:127.0.0.1:143','inet:0.0.0.0:110'
,'testgufonero.com');
> 

well I can get it working if I make this change, passing in
the
sockok as well. (diff file line numbers may not match
exactly
since I also have another patch installed on db.c)

- --- dbmail-2.2.9/db.c   2008-02-09 13:08:28.000000000
+0100
+++ dbmail-2.2.9-patch/db.c     2008-03-05
16:20:37.000000000 +0100
 -4713,7
+4793,7 
                sockok = db_get_result(row, 1);
                sockno = db_get_result(row, 2);
                userid = db_get_result(row, 3);
- -               result = dm_sock_compare(clientsock,
"", sockno);
+               result = dm_sock_compare(clientsock, sockok,
sockno);
                /* any match on sockno will be fatal */
                if (result) {
                        TRACE(TRACE_DEBUG,"access
denied");

John
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


iD8DBQFHzruad4I3jTtt9EIRAoiJAJ0a6PoViLDKaXM9BFw2ofsXeQGMQACf
bEs5
OVbn1sLTwBbXN/9Ok/xrwfc=
=DBgN
-----END PGP SIGNATURE-----
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: Usermap to deny POP3 and allow IMAP
country flaguser name
Netherlands		 2008-03-05 09:41:03 
John,

the logic appears to be broken.

please try the attached patch.

Please not however that you should include a /0 for wildcard
address matching
because the cidr calls assume a /32 mask if none is
specified which is not what
you want.

inet:0.0.0.0:110	will never match for tcp/110 connects
inet:0.0.0.0/0:110	will always match for tcp/110 connects

so with attached patch:

 INSERT INTO `dbmail_usermap` (`login`, `sock_allow`,
`sock_deny`,
 `userid`) VALUES
	('testgufonero.com',
	'inet:127.0.0.1:143',
	'inet:0.0.0.0/0:110',
	'testgufonero.com');

will work as expected.


John Fawcett wrote:
> For some users I wanted to block pop3 but allow imap
from the webmail
> on localhost.
> 
> I entered this into usermaps, but it also blocks login
to imap from
> 127.0.0.1.
> 
> Is anyone using usermap for the purpose or notice
something wrong in
> this entry?
> 
> INSERT INTO `dbmail_usermap` (`login`, `sock_allow`,
`sock_deny`,
> `userid`) VALUES
> ('testgufonero.com','inet:127.0.0.1:143','inet:0.0.0.0:110'
,'testgufonero.com');
> 
> 
> here's the log snippet
> 
> Mar  5 15:38:16 mail dbmail/imap4d[17653]:
Debug:[imapsession]
>
dbmail-imapsession.c,dbmail_imap_session_handle_auth(+1618):
trying to
> validate user [testgufonero.com], pass [XXXX]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[sql]
> dbmysql.c,db_query(+287): query [SELECT userid FROM
dbmail_usermap WHERE
> 1 = 2]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> dbmodule.c,db_query(+151): last query took [0] seconds
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> db.c,db_use_usermap(+167): enabling usermap lookups
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> db.c,db_usermap_resolve(+4748): checking userid
[testgufonero.com] in
> usermap
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> db.c,db_usermap_resolve(+4759): client on inet socket
[inet:127.0.0.1:143]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[sql]
> dbmysql.c,db_query(+287): query [SELECT login,
sock_allow, sock_deny,
> userid FROM dbmail_usermap WHERE login in ('testgufonero.com','ANY')
> ORDER BY sock_allow, sock_deny]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> dbmodule.c,db_query(+151): last query took [0] seconds
> Mar  5 15:38:16 mail dbmail/imap4d[17653]:
Debug:[misc]
> misc.c,dm_sock_score(+830): base[inet:0.0.0.0:110]
> test[inet:127.0.0.1:143] => [0]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]:
Debug:[misc]
> misc.c,dm_sock_compare(+853): clientsock
[inet:127.0.0.1:143]
> sock_allow[], sock_deny [inet:0.0.0.0:110] => [1]
> Mar  5 15:38:16 mail dbmail/imap4d[17653]: Debug:[db]
> db.c,db_usermap_resolve(+4799): access denied
> 
> thanks
> John
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail

-- 
 
____________________________________________________________
____
  Paul Stevens                                      paul at
nfg.nl
  NET FACILITIES GROUP                     GPG/PGP:
1024D/11F8CD31
  The Netherlands________________________________http://www.nfg.nl

_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
  
Re: Usermap to deny POP3 and allow IMAP
country flaguser name
Netherlands		 2008-03-05 09:44:12 
John Fawcett wrote:

>  -4713,7 +4793,7 
> -               result = dm_sock_compare(clientsock,
"", sockno);
> +               result = dm_sock_compare(clientsock,
sockok, sockno);

don't do that. You won't be able to use the usermap's
best-row-matches-best
weighing feature that determines which row to use for the
actual mapping.

The idea is that any match on a sock_deny will deny access,
but the actual
usermapping used is determined by the row whose sock_allow
matches best with the
socket the client is connecting on.

check out the patch in my other mail.

-- 
 
____________________________________________________________
____
  Paul Stevens                                      paul at
nfg.nl
  NET FACILITIES GROUP                     GPG/PGP:
1024D/11F8CD31
  The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
Re: Usermap to deny POP3 and allow IMAP
country flaguser name
Italy		 2008-03-05 10:07:07 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul J Stevens wrote:
> John Fawcett wrote:
> 
>>  -4713,7 +4793,7 
>> -               result =
dm_sock_compare(clientsock, "", sockno);
>> +               result =
dm_sock_compare(clientsock, sockok, sockno);
> 
> don't do that. You won't be able to use the usermap's
best-row-matches-best
> weighing feature that determines which row to use for
the actual mapping.
> 
> The idea is that any match on a sock_deny will deny
access, but the actual
> usermapping used is determined by the row whose
sock_allow matches best with the
> socket the client is connecting on.
> 
> check out the patch in my other mail.
> 
Paul
thanks again, your patch is working fine.

here's a documentation patch too, if that helps.

John

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org


iD8DBQFHzsUrd4I3jTtt9EIRApUVAKDXQyee0CROv5fu+/HLOwJZn7KSeQCZ
Advs
Z2sPYEWNQBMWvwWQ4Bx49NQ=
=LOm4
-----END PGP SIGNATURE-----

_______________________________________________
DBmail mailing list
DBmaildbmail.org
htt
ps://mailman.fastxs.nl/mailman/listinfo/dbmail
  
[1-5]

about | contact  Other archives ( Real Estate discussion Medical topics )