DRAC Support in Postfix

You need "POP before SMTP" authentification to allow relaying for mobile users? DRAC is your friend.

Build and install DRAC

If you're using a sane operation system (e.g. everything non-professional, like GNU/Linux or a *BSD), your chances are high that the packages on your system already have drac support.

Get DRAC.
Compile and install the RPC DRAC-daemon according to the instructions.
For this you might need to install Berkeley DB if it isn't already installed (on Solaris 2.6 and HP-UX 10.20 for example).
Start the DRAC-daemon; use the parameters -i -e 5 /etc/postfix/dracd.db
This gives your users a 5-minute window for dropping their mail after they used POP or IMAP.
The map btree:/etc/postfix/dracd holds the information for later perusal by Postfix.
Don't delete the DRAC source tree, you'll need it later on.

Modify your POP3 or IMAP4 daemon

If you're using a sane operation system (e.g. everything non-professional, like GNU/Linux or a *BSD), your chances are high that the packages on your system already have drac support.

See POP/IMAP Server Modifications or roll your own. It's fairly easy. All the patches add one or two lines that simply call a function from the DRAC library that write the client's IP into the database file.
Rebuild and reinstall the daemon.
For this you need the DRAC source tree (I told you not to delete it!), since libdrac.a is not installed by default. Thus you might need to add -L/path/to/your/drac/source/tree in the daemons' Makefile.

Modify Postfix's `main.cf`

Basically Postfix must be told to relay mail from clients in btree:/etc/postfix/dracd.

Does your Postfix understand the maptype btree?
Check with postconf -m
If you see btree you're lucky.
If not, you need to re-build Postfix with Berkeley DB-support.

check_client_access is the obvious choice.

Tweaking mynetworks might also work.

I shall present both:

smtpd_recipient_restrictions = 
   permit_mynetworks
   check_client_access btree:/etc/postfix/dracd
   reject_unauth_destination
   ... further restrictions ...
   permit

or as an alternative:

				    
mynetworks = 
   ... further networks ...
   btree:/etc/postfix/dracd

(with default smtpd_recipient_restrictions).

Note: I always built postfix from source, as well as the daemons (obviously -- they need to be patched!). Postfix doesn't need to be patched, it only has to understand the btree format of the dracd.db. Therefore both postfix and the POP3/IMAP daemons need to use the SAME version of the Berkeley Database package.

Try this: Build Postfix with Berkeley DB support. Do NOT install it! Search the postmap binary in the source tree. Try if you can use the -q option of postmap to query the existing dracd database used by sendmail.

It works something like (check the manpage!):

% postmap -q 123.123.123.123 btree:/etc/postfix/dracd

with 123.123.123.123 being an IP of a client that has just authenticated using pop3 or IMAP. postmap should return a number (the timestamp of when the client authenticated).

© by Ralf Hildebrandt
This document contains links to external information sources that I do neither monitor nor control. I explicitly disclaim any liabilities in respect to external references.
You are getting this document without any guarantees. Any methods shown above are meant as demonstration and may be wrong in some place. You may damage your system if you try to follow my hints and instructions. You do this at your own risk!

This file was last modified 17. Jan 2007 by root

DRAC Support in Postfix

Build and install DRAC

Modify your POP3 or IMAP4 daemon

Modify Postfix's main.cf

Modify Postfix's `main.cf`