the sobig.f worm isn't much of a problem for qpsmtpd of course (it
appears to be an early talker, for one thing), but the volume of bounce
messages we're seeing on lists.mysql.com proved rather daunting, and
many of them were bounces to addresses that never send email but are
listed on the web (such as the actual list addresses, or the -subscribe
and -unsubscribe addresses).
this plugin allows you to specify a 'badbounceto' file like badrcptto
that specifies recipients for which bounce messages should be rejected.
this is blocking about 20% of the incoming mail on lists.mysql.com now.
(or so. as i write this, it occurs to me that sql_maillog, at least the
version i've based ours on, does not handle multiple emails on a single
connection correctly.)
this sobig.f eruption is giving me an all-new dislike of
challenge-response systems.
jim
# this plugin checks the badbounceto config, which is like badrcptto but
# only for mail with a sender of "<>" (bounce messages)
sub register {
my ($self, $qp) = @_;
$self->register_hook("rcpt", "check_for_badbounceto");
}
sub check_for_badbounceto {
my ($self, $transaction, $recipient) = @_;
my @badbounceto = $self->qp->config("badbounceto") or return (DECLINED);
return (DECLINED) unless $recipient->host && $recipient->user;
return (DECLINED) unless $transaction->sender->format eq '<>';
my $host = lc $recipient->host;
my $from = $recipient->user . '@' . $host;
for my $bad (@badbounceto) {
$bad =~ s/^\s*(\S+)/$1/;
return (DENY, "bounces to $bad not accepted here")
if $bad eq $from;
}
return (DECLINED);
}
# vim: ft=perl
