/* SmAccessD (c) 2000 Stefan Richter * * S*ndmail Access Database Update Daemon v1.0 * * Edit below to suit your site's configuration. */ /* clear text source file for access_db */ #define ETC_MAIL_ACCESSTXT "/etc/mail/access" /* base name of access_db file */ #define ETC_MAIL_ACCESS "/etc/mail/access" /* full path to makemap executable */ #define USR_SBIN_MAKEMAP "/usr/sbin/makemap" /* maptype */ #define MAKEMAP_MAPTYPE "dbm" /* place to store process ID of smaccessd */ #define VAR_RUN__PID "/var/run/smaccessd.pid" /* named pipe (FIFO) to read input from POP daemon * * The POP daemon should write pairs of login name and client address into * this FIFO after successfully authenticated POP logins. Login name and * client address must be separated by an '@'. Client addresses must be * written in standard dots-and-numbers notation (ASCII encoded decimal; * must contain 3 dots) and terminated by white space (space, tab, return, * or '\0'), e.g. as "loginname@111.22.3.44\n". * * You can test smaccessd at command line with "echo" or "cat" writing * names and addresses into the FIFO special file. */ #define VAR_RUN__FIFO "/var/run/smaccessd.fifo" /* permission flags of named pipe * * On most systems, the POP daemon (e.g. qpopper) is running with GID "mail". * If you install smaccessd setgid mail (i.e. chgrp mail smaccessd; chmod g+s * smaccesd) smaccessd can deny write access to the FIFO for "others". * * Define WORLDWRITEABLE_FIFO *only* if you are sure you need a world writeable * FIFO. */ /* #define WORLDWRITEABLE_FIFO */ /* default file creation permissions mask * * (affects PID file and access_db, not FIFO) */ #define DEFAULT_UMASK 022 /* do not include these addresses into access_db * * Put any hosts that are allowed to relay through your mail host into this * exclude list, e.g. hosts of class w and class R. Include any remote hosts * that are allowed to POP but not to use your SMTP relay, too. * * The more POP clients are excluded from SMTP-after-POP (especially local * hosts that are allowed to relay through your server by other rules) * the less frequent access_db needs to be rebuilt. * * This exclude list consists of "address","mask" pairs. An address is first * AND combined with "mask" and then compared with "address". E.g. 255.255.0.0 * masks an entire class B network. Put backslashes at end-of-line. */ #define EXCLUDE_ADDRESSES \ /* loopback device */ "127.0.0.1", "255.255.255.255", \ /* BTU Cottbus campus network */ "141.43.0.0", "255.255.0.0" /* "heartbeat" (minutes) * * interval to increase expiration counters and to check for timeouts */ #define TIME_OF_CYCLE 10 /* minimal lifetime of SMTP-after-POP entries (minutes) * * POP client addresses shall not be removed from access_db until they * are older than this timeout. TIME_IN_CACHE should be longer than the * intervals most of your users configured their POP client programs to * check for new mail. * * TIME_IN_CACHE must be a multiple of TIME_OF_CYCLE. */ #define TIME_IN_CACHE 60 /* interval between complete rewrites of access_db (minutes) * * Expired SMTP after POP entries are only removed at a complete rebuild * of access_db. That is, they may last in access_db up to TIME_IN_CACHE * plus TIME_TO_REBUILD plus a fraction of TIME_OF_CYCLE minutes. * * If a POP client logs in repeatedly before the database entry expires * it will remain in the database, possibly for a very long time. This is * reported in syslog at every rebuild. * * TIME_TO_REBUILD should be a multiple of TIME_OF_CYCLE and should be * longer than TIME_IN_CACHE. */ #define TIME_TO_REBUILD 240 /* max simultaneous SMTP-after-POP entries * * In fact, there will be more clients allowed to do SMTP-after-POP since * their addresses stay in access_db for more than TIME_TO_REBUILD minutes, * even if they are older than TIME_IN_CACHE minutes. CACHE_ENTRIES * is just the limit for an internal buffer. It should be more than the * number of POP clients you have during TIME_IN_CACHE minutes to ensure * that they will indeed be in access_db for TIME_IN_CACHE. */ #define CACHE_ENTRIES 100 /* shortest interval between two rebuilds of access_db (seconds) * * If a new POP login occurs shortly after the database map has been * rebuilt the next rebuild is deferred for TIME_PAUSE seconds. */ #define TIME_PAUSE 10 /* interval to check for modifications of access clear text source file * and for the FIFO functioning (minutes) * * SmAccessD will re-read the files when this time expires or whenever a * SIGHUP is caught, e.g. after a "kill -HUP `cat /var/run/smaccessd.pid`". * TIME_TO_CHECKFILES should be a multiple of TIME_OF_CYCLE. */ #define TIME_TO_CHECKFILES 240 /* syslog facility to use for error messages and status notes * * After SmAccessD detached from terminal error messages are sent to * syslogd instead of stderr. Every SMTP-after-POP entry is also logged * to help the postmaster in case of support inquiries or complaints. * * Fitting facilities are that of popper/qpopper (LOG_LOCAL0 on most * systems) or of the mail subsystem (LOG_MAIL). See manual pages of * syslogd and syslog.conf for explanation. */ #define SYSLOG_FACILITY LOG_LOCAL0 /* syslog priority for error messages */ #define SYSLOG_ERROR LOG_ERR /* syslog priority for informational messages */ #define SYSLOG_INFO LOG_INFO /* end of smaccessd.h */