PInetd

From OoKoo.org
Jump to: navigation, search

Contents

Status

PInetd is currently used in production on ooKoo.org, as a FTP server and as an email server.

SVN (old) : http://ookoo.org/svn/pinetd/
SVN (stable) : http://ookoo.org/svn/pinetd2/ (requires PHP 5.3 to run, uses namespaces)
Site : http://www.pinetd.com/

About

PInetd (Portable INET Daemon) is a server framework & daemon written in PHP, allowing anyone to easily create a TCP server, daemon, etc...

You can either use it as a developper, and build your own applications using pinetd, or use it as a system administrator, and host a ftp server, a mail server or anything provided by pinetd.

PInetd's config is written in XML; it defines which services runs, on which ports, and also contains specific settings for each service.

We currently have two services running on pinetd : SimpleFTPd which is a simple FTP daemon. It can be extended to support different authentification methods, and an extended version using SQL is provided. The other service is pMaild (portable mail daemon), a POP3/SMTP (and soon IMAP too) mail daemon.

Included Daemons

SimpleFTPd (port 21)

Small FTP daemon named SimpleFTPd, and which is able to use a SQL database as backend.

  • pinetd: Stable, named daemon/21.php and requires MySQL - No new features, only bugfix
  • pinetd2: Stable
  • FTPd: requires nothing, uses system logins
  • FTPd_SQL: uses SQL, allow to put a query in config.xml to define how logins are looked up

This FTP daemon was initially written to allow access to websites hosted by a few companies, including the french company Kalyweb when it was still existing.

SimpleFTPd features:

  • LIST always returns all files, even hidden files (those starting with a .). This was made like that to allow people using web hosting to see .htaccess files without telling their FTP client to send LIST -a
  • Supports FXP (and denies it to anonymous clients)
  • Uses chroot() and setuid()/setgid() for improved security. Also able to virtually chroot user (maybe not 100% safe, always use chroot() on UNIX systems)

TODO:

  • LIST just ignores any provided argument (we need to read path and stuff if we want to do this the right way)

Portable Mail Daemon (PMaild)

This mail server listens on ports 25 (smtp) and 110 (pop3) provide the following features:

  • POP boxes
  • POP alias
  • Wildcard alias ("default")
  • Mail forwarding to different mailbox on different domain using internal Mail Transfer Agent
  • Flag "create_account_on_mail" (create a pop account when a mail is being sent to this box, may be useful). NB: Mailboxes will be created even if the mail is detected as spam and refused (TODO: fix that)
  • HTTP mail target, allowing to forward an email to an HTTP address (advanced programming, mail triggers, etc)
  • SpamAssassin
    • A flag "drop_email_on_spam" allows to refuse mails detected as spam by spamassassin
  • ClamAV
  • NULL-password. By setting a password to null, it will be recorded automatically on next login. Coupled with create_account_on_mail, this is a way to migrate a POP-only system without the need to create again all the boxes
  • Mail relaying via SMTP (PMaild on pinetd uses SMTPafterPOP, PMaild on pinetd2 uses SMTP AUTH)
  • DNSBL for less spam:

TODO

The following features are still missing:

  • Support for IMAP4rev1 (RFC 3501) 35%
    • Authentication 100%
    • Support for mailboxes and subscriptions 97%
    • NNTP (usenet) support 0%
    • Server-side search 0%
    • MIME parsing 0%
    • The rest...
    • Works with Gnome Evolution (tested with 2.22 and 2.24)
  • Mailing lists and multi-target aliases (will never work on PMaild provided by pinetd, but will work on PMaild provided by pinetd2)

DNS Daemon

Simple dynamic DNS daemon answering on UDP and TCP, and using a database backend such as SQLite. Update of DNS records are done through a specific webservice that allows realtime update of records from anything, including a website.

NetBatch

Replacement for pecl ssh2 module, allowing to remotely run stuff. ssh2 wasn't working great with many file descriptors and was flawed in various points. After looking at ssh2 code, I found it too hard to fix, and made my own system.

Personal tools