Re: deny_login_sharing

Wed, 16 Nov 2005 22:54:18 -0800 

Correction: made it case insensitive, though it was catching
mostly spam while case sensitive...so would throwing darts
while blindfolded!

You could write in a log-only mode to discover how many
people are loaning their corporate smtp logins to family
and friends, without busting them just yet. How many
are trojaned, too, and which is more common, loaning
or pc's getting trojaned or logins stolen through
viruses(through another mta of course).

-Bob

Bob Dodds wrote:

John Peacock wrote:


Bob Dodds wrote:

Mail readers really encourage a "default" login
for multiple senders("accounts"). I would like
to discourage the practice without losing time
to phone conversations with users, i.e.
Yeah, this is the same feature that Anil Kumar was looking for ~two weeks ago. I don't find it at all useful, but I'm corporate, not an ISP, so my biases might 
be showing.  Here't the thread messages:

http://www.nntp.perl.org/group/perl.qpsmtpd/3815
http://www.nntp.perl.org/group/perl.qpsmtpd/3816
Personally, I think that this "feature" will cause *more* support headaches, rather than less. I'm considering branches/0.31 to be frozen, so I'll see about 
adding some merge of my code and yours to trunk later this week...

John

It doesn't get in the way so far. Maybe Anil will
try this, too.

-Bob

=head1 NAME

deny_login_sharing

=head1 DESCRIPTION

This qpsmtpd plugin checks for auth sender, and if that
is too different from sender(making allowances for mailing
list server aliases), it returns a DENY, which causes the
the message to be rejected by qpsmtpd.

=head1 CONFIG

list it in your ./config/plugins file.

=cut

sub hook_data_post {

my ( $self , $transaction ) = @_ ;

my $msg = "multiple mail reader accounts "
. "cannot share one smtp login here" ;

# TODO:
# $self->id_theft_alert( $transaction, $msg )
#  if $self->qp->config( 'deny_shared_login.paranoid' ) ;

$self->log ( LOGWARN , $msg )
 and return ( DENY , "4.7.1. " . $msg )
  unless $self->unshared_login
   or not $transaction->sender->address ;

return DECLINED ;

}

sub unshared_login {
my $self = shift ;
my $sender = lc $self->qp->transaction->sender->address ;
my $auth_ok = lc $self->qp->auth_user || $sender ;
my ( $user , $host ) = ( $auth_ok->qa->user , $auth_ok->qa->host ) ;
return $sender
if $sender =~ /[EMAIL PROTECTED]/ ;
}

sub UNIVERSAL::qa { my @a ; $_ and not /::/ and push @a , lc $_ for @_ ;
@a ? Qpsmtpd::Address->new( @a ) : undef ;
}

Reply via email to