Download

Current version: 1.0
(dated 2002-01-10)

• Download rap 1.0 - includes notes & startup/shutdown shell scripts.

Installation

BEFORE YOU BEGIN: This guide assumes that you are familiar with installing and configuring sendmail, perl, and your POP3 server. It also assumes that you are familiar with regular expressions.

Sendmail 8.9 or above must be installed, and it must use the access_db feature. You may set that up by including the following line in your .mc file:

FEATURE(`access_db',`hash -o /etc/mail/access')dnl

If it is already enabled, make sure you add the `hash -o /etc/mail/access' part, it ensures that sendmail knows what type of database it will be using.

Your POP3 server must be able to generate lines in your syslog that tell you which ip address a user has successfully authenticated from. For example, qpopper requires that you configure it with the --enable-log-login option.

Version 5.004 of Perl needs to be installed, and several Perl modules are required:

• DB_File
• Sys::Syslog
• Time::Local

If your installation of Perl does not include these modules, you may get them from CPAN.

If you haven't already, get a copy of the distribution above. I installed RAP to /usr/local/rap, but any place to your liking is fine.

Configuration

Take a look at rap.pl. If you are running this script on a Solaris system, you should probably comment out the line that looks like this:

Sys::Syslog::setlogsock('unix');

There are several variables which you may need to customize:

• $syslog - the full path of the syslog the script should read from. This would be the same log that your POP3 server writes to.
• $accessdb - this variable probably does not need to be changed. Check the path of the access database in your sendmail.cf to make sure.
• $expiredb - the location you want to place the hash which contains all of the relay expiration timestamps.
• $timelimit - the number of seconds that a relay should expire after it has been created.
• $process - the name of the process that RAP calls itself in your syslog.
• $facility - the name of the syslog facility that RAP logs to.
• $level - the syslog level that RAP should use.
• @dontrelay - an array containing ip address masks of hosts that you wish to deny relaying even if they have authenticated.
• $pidfile - the full path of the file that RAP places its process id into.

On lines 107 and 116, you will need to change the regular expressions to fit the log lines that your POP3 server produces.

No more changes should need to be made to the script. To run the script and place it in the background, make sure you are in the same directory that the script lies in and use the following command:

rap.pl &

As an alternative, you may use the start.sh file that is included in the distribution. Make sure that it contains the correct path to the script.

Execution

Once you have RAP installed and configured, you need to learn how to manage it while its running.

RAP will send messages to the syslog facility that you specify. It will tell you when it starts, quits, grants a relay, or expires a relay. The lines will look similar to this:

Jan 20 23:41:03 localhost rapnew[84053]: expiring relay for xxx.xxx.xxx.xxx
Jan 20 23:41:14 localhost rapnew[84053]: updating relay for xxx.xxx.xxx.xxx, user johndoe

By default, RAP places a file called rap.pid in /var/run. This file contains its process id. You may use this id to send signals to the RAP script. To tell RAP to expire all relays regardless of age, send it a HUP signal like this:

kill -HUP `cat /var/run/rap.pid`

Similarly, you would send it a TERM signal to tell the script to stop executing.

RAP needs to get switched off and back on when you cycle your syslog file. In order to do this, just set up a cron job to kill the RAP process a minute or two before the log file gets cycled, and the make another cron job to start it up again a minute or two after.

Included in the distribution are a few shell scripts:

• start.sh
• stop.sh
• expire.sh

start.sh starts the RAP background process, stop.sh stops it. expire.sh expires all existing relays. Each script is a simple one line command. They all must have the correct path to the script in order to function properly.