pop-before-smtp - watch log for POP/IMAP auth, update map allowing SMTP
nohup pop-before-smtp [--config=FILE] [--[no]write] [--[no]debug] \ [--[no]flock] [--reprocess] [--watchlog=FILE] [--dbfile=FILE] \ [--logto=FILE] [--grace=SECONDS] [--daemon=PIDFILE] \ [--version] [--dumpconfig] [--list]
pop-before-smtp watches your mail log file (e.g. /var/log/maillog) for lines written by your POP/IMAP software (e.g. UW popd/imapd) that indicate a successful login. When found, pop-before-smtp installs an entry for the IP in an on-disk hash (DB) that is watched by your SMTP software (e.g. Postfix, sendmail, qmail, etc.). It then expires these entries when 30 minutes have elapsed after the last POP/IMAP access from that IP.
This daemon directly requires four modules from CPAN, which are not included in the base Perl release as of this writing. See the quickstart guide for more information (either look at the README.QUICKSTART file in the source or visit http://popbsmtp.sourceforge.net/quickstart.shtml).
You should edit the supplied pop-before-smtp-conf.pl file to customize things for your local system, such as scanning for the right POP/IMAP authorization, setting various options, etc. Again, the quickstart guide cover this.
When starting up, pop-before-smtp builds an internal table of all netblocks natively permitted by your SMTP software (for Postfix it looks at the output of ``postconf mynetworks''). This allows us to filter out local IP addresses that are already authorized and thus need no special help from us.
This daemon likes a couple of helpers. Several init scripts are included with the source and a version customized for your current OS may have been installed in the same package as the pop-before-smtp script.
Once pop-before-smtp has been started (and thus the database file has been created), you'll need to modify your MTA's configuration to read the IPs from the database file. This is also covered in the quickstart guide.
See the website http://popbsmtp.sourceforge.net/ for the latest version. See the mailing list (referenced on the website) for support.
pop-before-smtp keeps two data structures for all currently-allowed hosts: a queue, and a hash. The queue contains [ipaddr, time] records, while the hash contains ipaddr => time. Every time the daemon wakes up to deal with something else from the logfile handle, it peeks a the front of the queue, and when the timestamp of the record there has expired (is > 30 minutes old) it tosses it, and if the timestamp in the hash equals the timestamp in the queue, it deletes the hash entry and the on-disk db file entry.
pop-before-smtp protects the writes to the db file by flock. As far as I know, the consequences of a collision (corrupt read in an smtpd) are relatively mild, and the likelihood of one is remote, but the performance impact of the locking seems to be negligible, so it's enabled by default. To disable the flocking, invoke with --noflock or set ``$flock = 0'' in the config file.
Pop-before-smtp was created by Bennett Todd <email@example.com>. It is currently being maintained by Wayne Davison <firstname.lastname@example.org>.
Return to the pop-before-smtp home page.