- Jason Haar <[EMAIL PROTECTED]>:
| > Clearly, you can't. But what you could do is to have a program
| > sitting between the TCP socket and qmail-smtpd. Normally, it would
| > just pass every incoming command to qmail-smtpd, but it would check
| > any MAIL command first. If it's bad, it will take over and reject
| > every RCPT or DATA command until a RSET or new MAIL command appears.
|
| What I was thinking about is a program that carried out the SMTP
| conversation until the MAIL FROM occurred, and then checked that the
| address was "correct" (by DNS lookup). If it isn't, drop the SMTP as
| spam, otherwise turn around and replay the conversation to
| qmail-smtpd and then link the two together.
Well, there is no way for a program to magically link two file
descriptors together and then go away: The program must remain and
copy data from one file descriptor to the other. Second, after the
DATA phase is done the sender may start over with a new MAIL command,
etc., and your front end program must be prepared for that. So it
would need to parse the traffic to detect this, and filter the new
address. Further, a spammer could easily get around your filter by
just doing
MAIL FROM:<[EMAIL PROTECTED]>
(the front end checks this, finds it ok, replays this to
qmail-smtpd, and leaves the rest to qmail-smtpd)
RSET
MAIL FROM:<[EMAIL PROTECTED]>
(qmail-smtpd blissfully accepts the new sender address)
Personally, I don't see checking the sender domain in the DNS as a
very useful antispam measure, since spammers are learning to use
sender addresses with existing domains. But it can be seen as a way
to increase the reliability of mail delivery: By accepting mail, you
take on the responsibility to either deliver it or to notify the
envelope sender of a failure to do so. By refusing to accept mail
without a valid sender domain, you are basically refusing an
obligation that is impossible to meet. (On the other hand, it may be
impossible anyway, since the local part of the sender address may be
wrong as well. But then you could, at least in principle, pass the
resulting double bounce to the postmaster at that domain.)
- Harald
