=====================================================================
$Id: smtpguard_design.txt,v 1.1.1.1 2005/11/04 07:19:30 tkitame Exp $

		       smtpguard ߷׽

 ܵǽŪ
   SMTPåȤˡ餫줿
   롼ˤäƥݥȤη׻Ԥqmail-smtpd ݤʤɤ
   ŬڤʥԤȤǽȤ롣

 

o SMTPåΤʲΤΤѤ롣
  + ⡼IPɥ쥹(remoteip)
  + MAIL FROMޥɤͿ줿ʸ(mailfrom)
  + RCPT TOޥɤͿ줿ʸ(rcptto)

  * DNSƳʤ

o ʲξǤΥݥȷ׻Ԥ褦ˤ롣
  + remoteip ΥѥˤݥȲû
  + mailfrom ΥѥˤݥȲû
  + rcptto ΥѥˤݥȤû

o 㣲ʳͤꤷݥȤͤۤ
  ꤵ줿󤬹Ԥ褦ˤ롣

o ʲΥ󤬹Ԥ褦ˤ롣
  wait:   smtp command ֤wait(qmail-smtpdФؼ)
  reject: (qmail-smtpdФؼ
  mail:   ꤵ줿ɥ쥹إ᡼(mail)
  log:    (log)

o ݥȤϡremoteip ˴طդƥǡ١˵Ͽ졢ݻ롣
  ۤʤ륻å󡢰ۤʤץΥݥȤ绻
  ׻ɬפ뤬륵Ǵ뤷Ƥ褤

o ݥȤݻ(ǡݻ)ǽˤ롣
  ǽ³äǡݻ֤᤮ǡ
  ǡ١롣

o ݥȤͤۤwait, reject ֤ˤʤä硢
  ξ֤ϥǡݻ֤᤮ޤǷ³롣

o ݻݥȾϡɬפʻ˥ޥɥ饤
  ȤǤ褦ˤ롣

o ܵǽƳ֤Ǥ⡢ɬפȤ륹롼ץåȤݤ롣

o ǡ١Υ饤եϡܵǽ󶡤ݥȷ׻ǡ
  βƯ֤Ȥ롣Ĥޤꡢ餫ͳǥݥȷ׻ǡ
  Ƶư줿ˤϡݻƤǡϼΤƤ롣

o smtpguard-daemon ¦˰۾郎硢socket ̿
  ꤬ȯǤɬ qmail-smtpd Ԥ˽
  ³롣smtpguard-daemon ˰۾郎ȯƤ
  ݥȤνϹԤʤ

 

	+----+ +----+
	|    |=| DB |
	|    |=|  | +--------------------------+
	|    |=|  +-+ǡ١expireǡ|
	|    |=|  | |    (smtpguard-daemon)    |
	| DB |=|  | +--------------------------+
	|    |=|  |
	|    |=|  | +--------------------------+
	|    |=|  +-+ǡ١ץ|
	|    |=|  | |    (smtpguard-manager)   |
	|    |=|  | +--------------------------+
	+----+ +-+--+
		 |
	+--------+-----------+   +------------+
	|ݥȷ׻ǡ+===|ե|
	| (smtpguard-daemon) |   |  (.conf)   |
	+--+--+--------------+   +------------+
	   #  #
	   #  ############# unixɥᥤ󥽥å
	   #              #
	+--+--------+  +--+--------+
	|qmail-smtpd|  |qmail-smtpd| ...
	+-----------+  +-----------+

o DB
  BerkeleyDB 4.2 Ѥ롣
  + IP򥭡ȤϿǤɬפ롣
  + 򥭡ˤƺǤɬפ롣
  Τˡsecondary indices׵ǽѤơ
	+ IPɥ쥹򥭡Ȥ btree ǡ١
	+ 򥭡Ȥ륻 btree ǡ١
  ΣĤΥǡ١Ѥ롣
  ޤʣץΥǡ١ǽȤ뤿ˡ
  Concurrent Data Store׵ǽѤ롣

o DB å
  + DB Фƥڥ졼Ūʥå򤷤Ƥʤ
  + ɲáѹλ˥쥳 (IP ɥ쥹) ǥåƤ
  + smtpguard-manager Ǥ DB Ф all Υޥɤ򵯤
    (print all, delete all) ϰ index ФƤ顢
    쥳ɰĤĽƤ

o smtpguard-daemon
  + smtpguard-daemon  daemontools 굯ư
  + Ū(ǥեȤǤϣäȤ)ŤǡĴ١
    ǡݻ֤᤮Ƥǡ롣
  + qmail-smtpd 饽åȷͳǥå˴ؤ
    ξȤ˥ǡ١򹹿ȤȤˡݥȷ׻̤
    qmail-smtpd ֤
  + եɤ߹ߵǽ

o å (smtpguard-daemon)
  + եɤ߹ǽ塢ĤΥåɤ
    1. ǡ١ expire ǡ
    2. ݥȷ׻ǡ
  + ɤ餫Υåɤ˰۾郎ȯ硢åɤ꥿󤷡
    smtpguard-daemon ۾ｪλ롣ξ smtpguard-daemon 
    daemontools ˤƵư롣

o ǡ١ץ (smtpguard-manager)
  + ǡ١ޤϤ٤ƤIPɥ쥹Υǡ롣
  + ǡ١ޤϤ٤ƤIPɥ쥹Υǡɽ롣
  + ǡ١ΥǡԽ롣

o ե (smtpguard.conf)
  smtpguard-daemon Υݥȷ׻ɬפʥ롼롣
  ޤɬפԤ

o qmail-smtpd
  IP ADDRESS,MAIL FROM,RCPT TO ʤɡݥȷ׻ɬפʾ
  smtpguard-daemon 褦˲¤롣ޤ
  smtpguard-daemon äºݤ˼¹Ԥʬ롣

 ݥȷ׻

o smtpguard-daemon  qmail-smtpd 顢
  ץȥ˴ŤơƼǡ롣
  줾ΥǡˤĤơեˤäƥݥȲû
  Ԥqmail-smtpd ǡ̤
  ֤ޤǤδ֤ɾåפȸƤ֡ĤSMTPå
  ֤ǤϡŪʣɾåȯ롣

o Ĥ SMTP åǤ RCPT TO: ɾԤ
  RCPT TO: ιԤƤƤΥǡ򥽥åȷͳ
  qmail-smtpd -> smtpguard-daemon 롣η̤
  åȷͳ smtpguard-daemon -> qmail-smtpd ֤롣
  
 ե

   smtpguard-daemon Υݥȷ׻ɬפʥ롼롣
   ޤɬפԤ

  o 

    <̾>=<>
    or
    <٥> : <> , <> , ... :  ,  ...

     Ƭ '#' ǻϤޤϡԤޤǤ̵뤹롣
     Ԥ̵뤹롣
     ǻϤޤԤϡ³ԤȤߤʤ

  + 

    MAILFROM="<ADDR>"
	mail᡼ 'From: <ADDR>' <ADDR> Υǥե͡

    SENDMAIL="<PROGRAM>"
        <PROGRAM> ͳǷٹ᡼롣

    EXPIRE=<>
	ǡݻ(ñ̤)

  + ٥

    'A' ιԤϤĤͤɾоݤȤʤ

    'R' ιԤϺǸ˷̤֤ɾ
    
  + 

    Ʊ		A==B
    ƱͤǤʤ		A!=B
    ѥޥå	A~=B
    ѥޥå	A!~=B
    		A<B, A>B, A<=B, A>=B

     ʣξꤷ硢ANDȤߤʤ롣

  + ѿ

    IP: IPɥ쥹
    F : MAIL FROMʸ
    FD: MAIL FROMΥɥᥤ
    T : RCPT TOʸ
    TD: RCPT TOΥɥᥤ
    C : RELAYCLIENTꤵƤ뤫ɤ
       1 - ꤵƤ
       0 - ꤵƤʤ
    H : RCPT TO Υɥᥤ rcpthosts ϿƤ뤫ɤ
       1 - ϿƤ
       0 - ϿƤʤ
    SC: ץå
    FC:  MAIL FROM 
    TC:  RCPT TO 
    P : ץݥȿ

  + 

	o add( <> )
	  ݥȲû(P ؤβû)

	o addlocal( <> )
	  ݥȲû
	  ɾåˤơݥ(P)˰Ū˲û롣

	o ok()
	  ³ԡ
	  饤ȤϽ³Ԥ롣

	o wait( <WAITTIME> )
	  ٱ䡣
	  饤ȤϡSMTPޥɤWAITTIMEΥȤ롣

	o reject( "<MESSAGE>" )
	  ݡ
	  qmail-smtpd  MESSAGEäƼݤ롣

	   MUA ֤åʤΤɬ SMTP code 
	   Ƭ˵Ҥɬפ롣Ū 400, 500 ˤʤ롣

	o mail( "<ADDRESS>" )
	  ADDRESS ˷ٹ᡼롣

	o log( "<MESSAGE>"/<ѿ> , "<MESSAGE>"/ѿ , ... )
	  MESSAGE Ϥ(multilog)

	o extendexpire( <SECONDS> )
	  Υǡͭ¤ SECONDSñĹ롣

	o delete()
	  Υ쥳ɤ롣

   ѿ̾ס֥٥ס־ѿפˤ
    ä硢顼˽Ϥ³롣
   ѿ͡ס֥͡פˤͤä硢
   ˥顼Ϥ³뤬smtpguard 
   ݾڤǤʤ

  + 
       +--------------------------------------------------------------------
       |MAILFROM="postmaster@example.com"
       |SENDMAIL="/usr/sbin/sendmail"
       |EXPIRE=900
       |
       |# IPɥ쥹 172.16.3.* ǤСݥȲû롣
       |A: IP==172.16.3.	: add(1)
       |
       |# MAIL FROM  example.com ޤޤƤʤСݥȲû롣 
       |A: F!~=example.com	: add(1)
       |
       |# MAIL FROM Υɥᥤ example.comǤʤСݥȲû롣 
       |A: FD!=example.com	: add(1)
       |
       |# RCPT TO ˤĤݥȲû롣
       |A:			: add(1)
       |
       |# RCPT TO  example.com ޤޤƤʤСݥȲû롣
       |A: T!~=example.com	: add(1)
       |
       |# RCPT TO Υɥᥤ example.comǤʤСݥȲû롣 
       |A: TD!=example.com	: add(1)
       |
       |# RCPT TO 100ۤƤСŪ100ݥȲû롣
       |R: TC>100		: addlocal(100)
       |
       |# ݥȤ100ۤƤС
       |#       o qmail-smtpd  "wait 5" ֤
       |#       o 
       |R: P>100		: wait(5),
       |        log( "inserting a small sleep in a SMTP session from " , IP )
       |
       |# ݥȤ1000ۤƤС
       |#       o "admin@example.com" ؤηٹ᡼
       |#       o ǡݻ֤900ñĹ
       |#       o 
       |#       o qmail-smtpd 饯饤Ȥ "MESSAGE" ֤
       |R: P>1000		: mail("admin@example.com"),
       |	extendexpire(900),
       |        reject("411 mail server temporally rejected message"),
       |        log("rejecting a SMTP session from ", IP)
       +--------------------------------------------------------------------

ʾ
