TAP Patches For Smail 3.1.28 - 2 June 1993 release Author: Nigel Metheringham The basic TAP functionality is added by the smail3.1.28-tap-2Jun93.patch patchfile. This also includes patches to the manual pages. The patch makes an additional expansion variable available - tap_ident_sender - available, which is set to the identity of the user sending SMTP mail as returned by the RFC1413 type ident server running on the sender's machine. This variable can be used in a received header (see example below), its value is also dumped in the log entry for a received message. There is one configuration variable - tap_query_timeout - which controls the timeout period for an ident query. If this is set <= 0 then the queries are disabled (the default value is -1). Changes from pervious releases ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This version is patched against smail 3.1.28 (ie new log format). Unlike previous versions, only the active code is enabled/disabled by the HAVE_TAP compilation flag - this means that the lookups can be disabled, but the config files may still contain references to the tap variables. Installing the patch ~~~~~~~~~~~~~~~~~~~~ To use this you need the authuser library, available on ftp.lysator.liu.se The library needs to be compiled and put somewhere useful. The authuser.h file needs to be put in the search path for smail compilation. Feed the patch to patch in your top smail directory (ie directory in which src, man etc subdirs appear). Add TAP to the HAVE line in EDITME. Add a flag to make the linker use the authuser library to the linker libraries line - ie I use "-lauthuser" since my I have libauthuser.a in /usr/lib . Recompile, install. Modify config files as required. Use --- Add 'tap_query_timeout = 30' (or any other suitable timeout period - 30 seconds works well though) to your config file. Add '$tap_ident_user' into your Received lines if you want information put there, my received line defn currently looks like this:- received_field = "Received: \ ${if def:sender_host\ {from $sender_host by $primary_name\ ${if def:sender_proto: with $sender_proto }\ ${if def:tap_ident_sender:tap_id $tap_ident_sender }\ \n\t(Smail$version #$compile_num) }\ else{by $primary_name ${if def:sender_proto:with $sender_proto }\ ${if def:tap_ident_sender:tap_id $tap_ident_sender }\ (Smail$version #$compile_num)\n\t}}\ id $message_id; $spool_date" Support ------- You can get the latest ident/tap server available for just about all machines that are supported from ftp.lysator.liu.se. Run one and make the world a better protected place! Problems -------- There are no known bugs in this code. If you find one please inform me - even better send me a patch. There is a bug in the BSD NET/1 code that affects ident lookups under certain circumstances. This means that if the ident lookup fails with a "host unavailable" error, your kernel assumes that all connections to that host are hosed and kills them - this kills your SMTP connection as well. Here's how to test for the bug:- To test whether your machine is affected, assuming you are on the internet, try the following procedure. You need 2 terminal sessions (xterms or whatever) on the *same* machine. 1. In the first session type telnet 131.155.70.100 25 2. You should see an SMTP logon banner 3. In session 2 type telnet 131.155.70.100 111 4. This port is setup to give a host unreachable error, so you should get back a "host unreachable." error from telnet. 5. If simulateously session 1 closes down (connection closed by remote host), then you have the kernel bug. If you have the bug complain bitterly to your OS supplier!!! I must stress that this is a kernel bug - not a TAP or Smail bug, its just that TAP shows it rather well under some circumstances. If you do have this bug you can either not install TAP, not talk to hosts that this affects (mostly big corporations with CISCO routers used as firewalls which are also out of spec by returning "host unreachable" under these circumstances), or get a very kludgy workround from me (email me for details). Names ----- You'll see that I'm inconsistant as to the name of the identification protocol - thats because the name changes regularly. When I wrote this code the best bet seemed to be the TAP name - which is the simple form of the ident protocol, and a sucessor to RFC931. Since then RFC1413 has come out with less protocol bloat than expected. This patch actually works with all known implementations of a RFC931, RFC1413, TAP or ident daemon - a pile of horse manure by any name still makes a strong smell! Bumpf ----- This code is released with no warrenty and no restrictions on distribution. If you find (and fix) bugs in it, then please let me know.