I think this was already mentioned, but in general the James project has taken the approach of accepting first and deleting during processing. Especially as these doesn't seem to be a high traffic/likely settings (you're not going to catch a ton of spammers), this seems like a job for the mailet API.
You can already handle deleting messages from bad networks by using existing matchers (HostIsLocal) and otherwise bit-bucket it using the NullMailet. The reverse DNS is a bit more interesting... I would take that code and make it a matcher for who we do most of these rules. We also have bundled (but not enabled by default) a matcher that checks that there is any entry for the deliverer's hostname called SenderInFakeDomain. What it does is if I get an email from [EMAIL PROTECTED], the matcher checks to see if there are MX/A/CNAME records for bar.com (to see if we could send a bounce to that server if necessary). Just thought I'd mention it as another somewhat useful spam deterent. Serge Knystautas Lokitech Software - Strategy - Design http://www.lokitech.com/ ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 24, 2003 4:23 PM Subject: PATCH - smtpserver acceptOnlyLocal and doReverseLookups options > Index: james-config.xml > =================================================================== > RCS file: /home/cvspublic/jakarta-james/src/conf/james-config.xml,v > retrieving revision 1.44 > diff -u -r1.44 james-config.xml > --- james-config.xml 18 Jan 2003 23:22:34 -0000 1.44 > +++ james-config.xml 23 Jan 2003 21:25:10 -0000 > @@ -406,6 +406,26 @@ > <verifyIdentity>true</verifyIdentity> > --> > > + <!-- Uncomment this if you want to only accept recipients in the local domain. --> > + <!-- Note that leaving this out will cause all recipients to be valid, but --> > + <!-- messages to other domains will still process per the above configuration, --> > + <!-- usually to the spam log. Leave this off while debugging, but if you find --> > + <!-- a huge number of SPAM messages to other --> > + <!-- you might want to turn it --> > + <!-- > + <acceptOnlyLocal>true</acceptOnlyLocal> > + --> > + > + <!-- Uncomment this if you want to ensure a reverse DNS Hostname exists --> > + <!-- for the IP addresses of incoming connections. Most legitimate email --> > + <!-- will have a rDNS hostname defined, but often the casual spammer will --> > + <!-- not. Note that this will cause connectivity problems if a sender's --> > + <!-- hostname cannot be determined by IP, or if the DNS service is --> > + <!-- --> > + <!-- > + <doReverseLookups>true</doReverseLookups> > + --> > + > <!-- This sets the maximum allowed message size (in kilobytes) for this --> > <!-- SMTP service. If unspecified, the value defaults to 0, which means no limit. --> > <maxmessagesize>0</maxmessagesize> > Index: SMTPHandlerConfigurationData.java > =================================================================== > RCS file: /home/cvspublic/jakarta-james/src/java/org/apache/james/smtpserver/SMTPHandl erConfigurationData.java,v > retrieving revision 1.3 > diff -u -r1.3 SMTPHandlerConfigurationData.java > --- SMTPHandlerConfigurationData.java 14 Jan 2003 13:41:54 -0000 1.3 > +++ SMTPHandlerConfigurationData.java 23 Jan 2003 21:04:37 -0000 > @@ -54,6 +54,29 @@ > boolean isVerifyIdentity(); > > /** > + * Returns whether the service requires connecting > + * IPs reverse DNS entry (the Hostname) to exist. > + * If the reverse DNS hostname entry for this IP > + * addressdoes not exist, and this is true, the > + * connection is terminated. > + * > + * Legitimate email servers have a reverse DNS entry > + * for their IP address, so this helps prevent SPAM. > + * The default entry is <B>false</B>. > + * > + * @return true if reverse lookups are > + */ > + boolean isReverseLookupNeeded(); > + > + /** > + * Returns whether the service only accepts recipients > + * with domains local to this server > + * > + * @return whether only local recipients are accepted > + */ > + boolean isAcceptOnlyLocal(); > + > + /** > * Returns the MailServer interface for this service. > * > * @return the MailServer interface for this service > Index: SMTPHandler.java > =================================================================== > RCS file: /home/cvspublic/jakarta-james/src/java/org/apache/james/smtpserver/SMTPHandl er.java,v > retrieving revision 1.42 > diff -u -r1.42 SMTPHandler.java > --- SMTPHandler.java 14 Jan 2003 13:41:54 -0000 1.42 > +++ SMTPHandler.java 23 Jan 2003 21:04:41 -0000 > @@ -328,23 +328,38 @@ > > out = new InternetPrintWriter(new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()), 1024), false); > > + boolean bLetThemIn = true; > + if ( ( theConfigData.isReverseLookupNeeded() ) && ( remoteHost.equals( remoteIP ) ) ) > + { > + bLetThemIn = false; > + responseBuffer.append("We do not accept email from the likes of you, ") > + .append(remoteHost); > + String responseString = clearResponseBuffer(); > + getLogger().error(responseBuffer.toString()); > + writeLoggedFlushedResponse(responseString); > + } > + > + > // Initially greet the connector > // Format is: Sat, 24 Jan 1998 13:16:09 -0500 > > - responseBuffer.append("220 ") > - .append(theConfigData.getHelloName()) > - .append(" SMTP Server (") > - .append(SOFTWARE_TYPE) > - .append(") ready ") > - .append(rfc822DateFormat.format(new Date())); > - String responseString = clearResponseBuffer(); > - writeLoggedFlushedResponse(responseString); > + if ( bLetThemIn ) > + { > + responseBuffer.append("220 ") > + .append(theConfigData.getHelloName()) > + .append(" SMTP Server (") > + .append(SOFTWARE_TYPE) > + .append(") ready ") > + .append(rfc822DateFormat.format(new Date())); > + String responseString = clearResponseBuffer(); > + writeLoggedFlushedResponse(responseString); > > - theWatchdog.start(); > - while (parseCommand(readCommandLine())) { > - theWatchdog.reset(); > + theWatchdog.start(); > + while (parseCommand(readCommandLine())) { > + theWatchdog.reset(); > + } > + theWatchdog.stop(); > } > - theWatchdog.stop(); > getLogger().debug("Closing socket."); > } catch (SocketException se) { > if (getLogger().isDebugEnabled()) { > @@ -1140,6 +1155,19 @@ > return; > } > } > + } > + } > + if ( theConfigData.isAcceptOnlyLocal() ) > + { > + // check domain against accepted list > + String toDomain = recipientAddress.getHost(); > + if (!theConfigData.getMailServer().isLocalServer(toDomain)) { > + responseString = "503 Cannot Deliver to Specified Email Address"; > + writeLoggedFlushedResponse(responseString); > + responseBuffer.append("Rejected recipient - Cannot Deliver to Specified Email Address: ") > + .append( recipientAddress ); > + getLogger().error( responseBuffer.toString() ); > + return; > } > } > rcptColl.add(recipientAddress); > Index: SMTPServer.java > =================================================================== > RCS file: /home/cvspublic/jakarta-james/src/java/org/apache/james/smtpserver/SMTPServe r.java,v > retrieving revision 1.19 > diff -u -r1.19 SMTPServer.java > --- SMTPServer.java 14 Jan 2003 13:41:55 -0000 1.19 > +++ SMTPServer.java 23 Jan 2003 21:04:43 -0000 > @@ -77,6 +77,22 @@ > private boolean verifyIdentity = false; > > /** > + * If set, the server verifies that the remote IP > + * connecting to the server has a reverse DNS entry > + * (host name). Any legitimate email server will > + * be reverse DNS'd, so this helps prevent SPAM > + * (stuff posing as mail) by hanging up on them. > + */ > + private boolean doReverseLookups = false; > + > + /** > + * Whether the server only accepts recipients that match > + * the list of localhosts. If true, will respond with > + * a 503 code for recipients with non-local domains > + */ > + private boolean acceptOnlyLocal = false; > + > + /** > * The maximum message size allowed by this SMTP server. The default > * value, 0, means no limit. > */ > @@ -135,6 +151,8 @@ > Configuration handlerConfiguration = configuration.getChild("handler"); > authRequired = handlerConfiguration.getChild("authRequired").getValueAsBoolean(false); > verifyIdentity = handlerConfiguration.getChild("verifyIdentity").getValueAsBoolean(false); > + doReverseLookups = handlerConfiguration.getChild("doReverseLookups").getValueAsBoolean(false); > + acceptOnlyLocal = handlerConfiguration.getChild("acceptOnlyLocal").getValueAsBoolean(false); > if (authRequired) { > if (verifyIdentity) { > getLogger().info("This SMTP server requires authentication and verifies that the authentication credentials match the sender address."); > @@ -144,6 +162,10 @@ > } else { > getLogger().info("This SMTP server does not require authentication."); > } > + if ( doReverseLookups ) > + getLogger().info("Incoming IP connections with no reverse DNS host name will be disconnected." ); > + if ( acceptOnlyLocal ) > + getLogger().info("Only messages for local domains will be accepted." ); > // get the message size limit from the conf file and multiply > // by 1024, to put it in bytes > maxMessageSize = handlerConfiguration.getChild( "maxmessagesize" ).getValueAsLong( maxMessageSize ) * 1024; > @@ -307,6 +329,20 @@ > */ > public boolean isVerifyIdentity() { > return SMTPServer.this.verifyIdentity; > + } > + > + /** > + * @see org.apache.james.smtpserver.SMTPHandlerConfigurationData#isReverseLookupNeed ed() > + */ > + public boolean isReverseLookupNeeded() { > + return SMTPServer.this.doReverseLookups; > + } > + > + /** > + * @see org.apache.james.smtpserver.SMTPHandlerConfigurationData#isAcceptOnlyLocal() > + */ > + public boolean isAcceptOnlyLocal() { > + return SMTPServer.this.acceptOnlyLocal; > } > > /** > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
