On 4/5/06, Gordon Messmer <[EMAIL PROTECTED]> wrote:
Derrick T. Woolworth wrote:
> I'm strongly considering writing a courierfilter that will do the following:
>
> 1. For routed domains/hosts, check a database for valid users and
> reject if the incoming message isn't to a valid user. Make the filter
> logs the rejection in a way I can parse it from the logs.
You don't need a courierfilter for that. Use the database of valid
addresses, and build an alias file that redirects them to their
destinations. Make those routed domains "hosteddomains". Courier will
reject invalid recipients immediately, and presumably, you are already
looking at those messages in the logs, so you don't need to extend what
you're already doing.
Unfortunately, I'm not that familiar with MS Exchange server. I'm just wondering if it works more like Sendmail where the domain name is irrelevant to the username - so an e-mail sent to the alias
[EMAIL PROTECTED] will actually be deposited into the [EMAIL PROTECTED] account - or if domain must match?
I'm positive the customers doing this won't want to hear that their e-mail address on their Exchange box has to be different than their "real" e-mail address.
The reason we use Courier as an e-mail gateway is due to the filters that work much better than anything Exchange has to offer - which, again, I don't know Exchange so that might not be correct. Either way, its a nice scenario where the users that want to take advantage of Courier's filtering capabilities create valid accounts on the Courier box. The folks that don't want their e-mail filtered don't need accounts because Courier automatically routes e-mail to the Exchange box, untouched. This is why I'm suggesting one small filter that checks to see if an account is valid - and the ldap idea sounds like a really good one.
> 2. Write an external program that will monitor the logs - and actually
> I'll just have syslog write to my program which will then write the logs
> into /var/log/maillog - but take this log output, parse it, and when a
> remote host is obviously interrogating or trying some dictionary of
> names against a domain I host, I'll have the system add the remote hosts
> IP to smtpaccess.
It's almost certainly more reliable and less programming to simply watch
the log file that syslog is writing, rather than intercepting the data
in that way.
What I currently have works "ok" - but maillogs roll and the logic to prevent reparsing large logs seems a bit daunting as well. Forcing syslogd to pipe its output to a program that reads stdin and processes the logs and writes to the same /var/log/maillog seems a lot easier - but then that's just my opinion - but this way I'm sure not to miss anything and surely its more real-time. The logic for parsing and saving state is pretty much the same.
Then again, maybe when I upgrade to a much newer version of Courier, I won't see this issue as much due to the tarpit feature that I'm obviously missing.
Thanks for the response, for sure...
D
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
--
Derrick T. Woolworth, President
ServeTheWeb, LLC. http://www.ServeTheWeb.com
