This is a quickly hacked-up script to monitor your mail logs for successfully authenticated POP and IMAP(S) sessions, and store the IP addresses they come from in a DB file which your mailer can then use to allow incoming SMTP sessions form the same addresses to relay mail.
beforesmtp is basically the same as the well-known Perl script pop-before-smtp, except:
- it’s in Python instead of Perl;
- there are no other dependencies;
- it is smaller with less to configure;
- it is less mature;
- there’s no installation package or init.d script available.
beforesmtp works for me with Postfix as the SMTPd and Dovecot as the IMAPd. Other combinations of software may or may not do anything; there are patterns included for a number of non-Dovecot servers but these are clumsily adapted from pop-before-smtp and might not work. You have been warned.
Installation
Download the beforesmtp script, put it somewhere convenient
(eg. /usr/local/bin/) and make it executable (eg. chmod 755
beforesmtp
). If you need to change the place it looks for logs
(usually the default /var/log/maillog is okay) or the output db file, or
you want to change how long permission to send lasts after the original
authorisation (default an hour), load the script into a text editor and fiddle the
constants at the top.
Next, configure your mailer to use the db file (default location /var/log/beforesmtp.db).
In postfix this is done with the main.cf configuration command check_client_access
hash:/var/log/beforesmtp.db
inside smtpd_recipient_restrictions
.
Other mailers I don’t know about; see the pop-before-smtp
Quickstart for some words about Sendmail.
Finally, set beforesmtp to run in whatever way your OS/distro uses (eg. I use
/etc/rc.d/rc.local on Slackware). It is a good idea to have beforesmtp run as an
fairly unprivileged user (eg. su -c /usr/local/bin/beforesmtp nobody &
),
but if so the user must have read-access to the logs and write-access to the db file
(obviously).
Latest [dogfood] version
Version 0.2: script. Licence: GPL.