On Fri, Mar 11, 2005 at 12:47:43AM +0200, Scott Ryan wrote:
> On Monday 07 March 2005 19:44, Scott Ryan shaped the electrons to say:
> > On Monday 07 March 2005 18:20, Karolis Dautartas shaped the electrons to
> say:
> > > >> True, but one typically does not have nearly as many users over their
> > > >> quota than email addresses that don't exist (which are infinitely
> > > >> many). Besides, Spamcop typically would not be able to test that -
> > > >> they have to be very lucky to (1) find a mailbox that exist and (2) at
> > > >> the same time find one that's full.
> > >
> > > AP> Spamcop is not testing your mail addresses. They have spam traps
> > > (mail AP> adresses which never have used for mail) which should not
> > > recieved AP> mails. This traps recievd bounces from you server. When now
> > > a spammer AP> send mails to a couple of your users with a forged address,
> > > bounces will AP> go out and when murphy want to a spamcop address.
> > >
> > > There is always an option to disable bounce messages :)
> > >
> > > It looks like in a couple of years nobody will be able to afford to
> > > send bounce messages anyway, as they will occupy 99% of mail server's
> > > traffic.
> >
> > I have now reduced my 'time in queue' to 24hrs to help get bring down my
> > remote queue because of bounce messages. This reduced my remote queue from
> > 400,00+ to just 40,000 (across 8 servers)
> >
> > > I have a couple of domains that recieve 5-20k emails per day at
> > > random addresses. And there are several hundered domains on the mail
> > > server. Imagine if all domains were like the first 2...
> > >
> > > Karolis
> >
> > What we will do to resolve this issue is try to write a patch to check the
> > dash ext alternate addresses in ldap for the recipient checking.
> > We have already done something like this to resolve the 'from' field in
> > auto responses.
>
> Incase anyone is interested. Here is a patch to enable RCPTCHECK & SENDERCHECK
> for ldap entries that use the DASH ext
>
> Cheers.
> --
> slr.
> 'Dont queue mail with Sendmail,
> send mail with Qmail ... '
> b0n0b0 #qmail on efnet
> key: 0x0B65ABDC - http://wwwkeys.pgp.net:11371
> --- qmail-smtpd.c 2005-03-10 07:19:54.000000000 +0200
> +++ qmail-smtpd.c.new 2005-03-10 10:47:27.000000000 +0200
> @@ -987,8 +987,18 @@
> if (sendercheck && !bounceflag) {
> if (!goodmailaddr()) { /* good mail addrs go through anyway */
> if (addrlocals()) {
> - char *s;
> - switch (ldaplookup(addr.s, &s)) {
> + char *s,*x,temp[1024];
> + strcpy(temp,addr.s);
strcpy should crash and burn. You just added a poissible buffer overflow
to qmail. DON'T USE strcpy() USE strlcpy() or the djb functions.
The same goes for sprintf() use snprintf() in ANY case.
> + x = strchr(addr.s,'@'); /* check for position of @ in address */
> + if(x != NULL)
> + {
> + strcpy(temp,++x); /* ie. telkomsa.net */
> + while ((x = strchr(temp,'.')) != NULL)
> + *x = '_'; /* telkomsa_net */
> + sprintf(temp,"%s-%s",temp,addr.s);
> + }
> + /* switch (ldaplookup(addr.s, &s)) */
> + switch (ldaplookup(temp,&s)) {
> case 1: /* valid */
> break;
> case 0: /* invalid */
> @@ -1036,6 +1046,7 @@
>
> void smtp_rcpt(char *arg)
> {
> + char temp[1024]; //temp buffer
> if (!seenmail)
> {
> err_wantmail();
> @@ -1115,9 +1126,20 @@
> if (!goodmailaddr()) {
> logline(4,"recipient verify, recipient not in goodmailaddr");
> if (addrlocals()) {
> - char *s;
> + char *s,*x;
> logline(4,"recipient verify, recipient is local");
> - switch (ldaplookup(addr.s, &s)) {
> + /** hack the planet patch */
> + strcpy(temp,addr.s);
> + x = strchr(addr.s,'@'); /* check for position of @ in address */
> + if(x != NULL)
> + {
> + strcpy(temp,++x); /* ie. telkomsa.net */
> + while ((x = strchr(temp,'.')) != NULL)
> + *x = '_'; /* telkomsa_net */
> + sprintf(temp,"%s-%s",temp,addr.s);
> + }
> + /* switch (ldaplookup(addr.s, &s)) */
> + switch (ldaplookup(temp,&s)) {
> case 1: /* valid */
> logline(4,"recipient verify OK");
> break;
--
:wq Claudio
