Index: james-config.xml
===================================================================
RCS file: /home/cvspublic/jakarta-james/src/conf/james-config.xml,v
retrieving revision 1.44
diff -u -r1.44 james-config.xml
--- james-config.xml 18 Jan 2003 23:22:34 -0000 1.44
+++ james-config.xml 23 Jan 2003 21:25:10 -0000
@@ -406,6 +406,26 @@
<verifyIdentity>true</verifyIdentity>
-->
+ <!-- Uncomment this if you want to only accept recipients in the local
+domain. -->
+ <!-- Note that leaving this out will cause all recipients to be valid, but
+ -->
+ <!-- messages to other domains will still process per the above
+configuration, -->
+ <!-- usually to the spam log. Leave this off while debugging, but if you
+find -->
+ <!-- a huge number of SPAM messages to other domains,
+ -->
+ <!-- you might want to turn it on.
+ -->
+ <!--
+ <acceptOnlyLocal>true</acceptOnlyLocal>
+ -->
+
+ <!-- Uncomment this if you want to ensure a reverse DNS Hostname exists
+-->
+ <!-- for the IP addresses of incoming connections. Most legitimate email
+-->
+ <!-- will have a rDNS hostname defined, but often the casual spammer will
+-->
+ <!-- not. Note that this will cause connectivity problems if a sender's
+-->
+ <!-- hostname cannot be determined by IP, or if the DNS service is
+-->
+ <!-- unreliable.
+-->
+ <!--
+ <doReverseLookups>true</doReverseLookups>
+ -->
+
<!-- This sets the maximum allowed message size (in kilobytes) for this -->
<!-- SMTP service. If unspecified, the value defaults to 0, which means no
limit. -->
<maxmessagesize>0</maxmessagesize>
Index: SMTPHandlerConfigurationData.java
===================================================================
RCS file:
/home/cvspublic/jakarta-james/src/java/org/apache/james/smtpserver/SMTPHandlerConfigurationData.java,v
retrieving revision 1.3
diff -u -r1.3 SMTPHandlerConfigurationData.java
--- SMTPHandlerConfigurationData.java 14 Jan 2003 13:41:54 -0000 1.3
+++ SMTPHandlerConfigurationData.java 23 Jan 2003 21:04:37 -0000
@@ -54,6 +54,29 @@
boolean isVerifyIdentity();
/**
+ * Returns whether the service requires connecting
+ * IPs reverse DNS entry (the Hostname) to exist.
+ * If the reverse DNS hostname entry for this IP
+ * addressdoes not exist, and this is true, the
+ * connection is terminated.
+ *
+ * Legitimate email servers have a reverse DNS entry
+ * for their IP address, so this helps prevent SPAM.
+ * The default entry is <B>false</B>.
+ *
+ * @return true if reverse lookups are
+ */
+ boolean isReverseLookupNeeded();
+
+ /**
+ * Returns whether the service only accepts recipients
+ * with domains local to this server
+ *
+ * @return whether only local recipients are accepted
+ */
+ boolean isAcceptOnlyLocal();
+
+ /**
* Returns the MailServer interface for this service.
*
* @return the MailServer interface for this service
Index: SMTPHandler.java
===================================================================
RCS file:
/home/cvspublic/jakarta-james/src/java/org/apache/james/smtpserver/SMTPHandler.java,v
retrieving revision 1.42
diff -u -r1.42 SMTPHandler.java
--- SMTPHandler.java 14 Jan 2003 13:41:54 -0000 1.42
+++ SMTPHandler.java 23 Jan 2003 21:04:41 -0000
@@ -328,23 +328,38 @@
out = new InternetPrintWriter(new BufferedWriter(new
OutputStreamWriter(socket.getOutputStream()), 1024), false);
+ boolean bLetThemIn = true;
+ if ( ( theConfigData.isReverseLookupNeeded() ) && ( remoteHost.equals(
+remoteIP ) ) )
+ {
+ bLetThemIn = false;
+ responseBuffer.append("We do not accept email from the likes of you,
+")
+ .append(remoteHost);
+ String responseString = clearResponseBuffer();
+ getLogger().error(responseBuffer.toString());
+ writeLoggedFlushedResponse(responseString);
+ }
+
+
// Initially greet the connector
// Format is: Sat, 24 Jan 1998 13:16:09 -0500
- responseBuffer.append("220 ")
- .append(theConfigData.getHelloName())
- .append(" SMTP Server (")
- .append(SOFTWARE_TYPE)
- .append(") ready ")
- .append(rfc822DateFormat.format(new Date()));
- String responseString = clearResponseBuffer();
- writeLoggedFlushedResponse(responseString);
+ if ( bLetThemIn )
+ {
+ responseBuffer.append("220 ")
+ .append(theConfigData.getHelloName())
+ .append(" SMTP Server (")
+ .append(SOFTWARE_TYPE)
+ .append(") ready ")
+ .append(rfc822DateFormat.format(new Date()));
+ String responseString = clearResponseBuffer();
+ writeLoggedFlushedResponse(responseString);
- theWatchdog.start();
- while (parseCommand(readCommandLine())) {
- theWatchdog.reset();
+ theWatchdog.start();
+ while (parseCommand(readCommandLine())) {
+ theWatchdog.reset();
+ }
+ theWatchdog.stop();
}
- theWatchdog.stop();
getLogger().debug("Closing socket.");
} catch (SocketException se) {
if (getLogger().isDebugEnabled()) {
@@ -1140,6 +1155,19 @@
return;
}
}
+ }
+ }
+ if ( theConfigData.isAcceptOnlyLocal() )
+ {
+ // check domain against accepted list
+ String toDomain = recipientAddress.getHost();
+ if (!theConfigData.getMailServer().isLocalServer(toDomain)) {
+ responseString = "503 Cannot Deliver to Specified Email Address";
+ writeLoggedFlushedResponse(responseString);
+ responseBuffer.append("Rejected recipient - Cannot Deliver to
+Specified Email Address: ")
+ .append( recipientAddress );
+ getLogger().error( responseBuffer.toString() );
+ return;
}
}
rcptColl.add(recipientAddress);
Index: SMTPServer.java
===================================================================
RCS file:
/home/cvspublic/jakarta-james/src/java/org/apache/james/smtpserver/SMTPServer.java,v
retrieving revision 1.19
diff -u -r1.19 SMTPServer.java
--- SMTPServer.java 14 Jan 2003 13:41:55 -0000 1.19
+++ SMTPServer.java 23 Jan 2003 21:04:43 -0000
@@ -77,6 +77,22 @@
private boolean verifyIdentity = false;
/**
+ * If set, the server verifies that the remote IP
+ * connecting to the server has a reverse DNS entry
+ * (host name). Any legitimate email server will
+ * be reverse DNS'd, so this helps prevent SPAM
+ * (stuff posing as mail) by hanging up on them.
+ */
+ private boolean doReverseLookups = false;
+
+ /**
+ * Whether the server only accepts recipients that match
+ * the list of localhosts. If true, will respond with
+ * a 503 code for recipients with non-local domains
+ */
+ private boolean acceptOnlyLocal = false;
+
+ /**
* The maximum message size allowed by this SMTP server. The default
* value, 0, means no limit.
*/
@@ -135,6 +151,8 @@
Configuration handlerConfiguration = configuration.getChild("handler");
authRequired =
handlerConfiguration.getChild("authRequired").getValueAsBoolean(false);
verifyIdentity =
handlerConfiguration.getChild("verifyIdentity").getValueAsBoolean(false);
+ doReverseLookups =
+handlerConfiguration.getChild("doReverseLookups").getValueAsBoolean(false);
+ acceptOnlyLocal =
+handlerConfiguration.getChild("acceptOnlyLocal").getValueAsBoolean(false);
if (authRequired) {
if (verifyIdentity) {
getLogger().info("This SMTP server requires authentication and
verifies that the authentication credentials match the sender address.");
@@ -144,6 +162,10 @@
} else {
getLogger().info("This SMTP server does not require authentication.");
}
+ if ( doReverseLookups )
+ getLogger().info("Incoming IP connections with no reverse DNS host
+name will be disconnected." );
+ if ( acceptOnlyLocal )
+ getLogger().info("Only messages for local domains will be accepted."
+);
// get the message size limit from the conf file and multiply
// by 1024, to put it in bytes
maxMessageSize = handlerConfiguration.getChild( "maxmessagesize"
).getValueAsLong( maxMessageSize ) * 1024;
@@ -307,6 +329,20 @@
*/
public boolean isVerifyIdentity() {
return SMTPServer.this.verifyIdentity;
+ }
+
+ /**
+ * @see
+org.apache.james.smtpserver.SMTPHandlerConfigurationData#isReverseLookupNeeded()
+ */
+ public boolean isReverseLookupNeeded() {
+ return SMTPServer.this.doReverseLookups;
+ }
+
+ /**
+ * @see
+org.apache.james.smtpserver.SMTPHandlerConfigurationData#isAcceptOnlyLocal()
+ */
+ public boolean isAcceptOnlyLocal() {
+ return SMTPServer.this.acceptOnlyLocal;
}
/**
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
