Skaag Argonius wrote:
John Peacock wrote:In the spirit of TMTOWtDI, I wrote a very small finger daemon which runs on our primary server (which contains the vpopmail virtual domains/users).
This is by far the best solution I heard about. Can you provide that daemon to the public?
If by "public" you mean posting somewhere (like this list), it's attached. It's really a trivial program based on some example code I found for dealing with vpopmail queries.
I am currently evaluating Zimbra:
http://www.zimbra.com
which is a rich web mail client (AJAX) that stores all user information
in LDAP, so I may be revisiting this code to support LDAP queries instead.
Share and enjoy! John
#!perl -w
=head1 NAME
check_finger - performs a trivial finger request
=head1 DESCRIPTION
If you are running a "smart" relay host that accepts e-mail for your
domains and then forwards to the actual delivery MTA, you run the
risk of accepting mail only to then turn around and bounce it. With
this plugin, the "smart" relay host can use the finger command to
decide whether the recipient address is acceptable. In fact, the way
that the plugin is written, multiple hosts could be checked, prior to
attempting delivery.
NOTE: The finger service typically reveals too much information to be used
on a publically accessible port. Please be sure to protect this service
via firewall or other access rules, so that only known hosts can perform
the queries.
NOTE2: if you have virtual users (such as with VPopMail), a conventional
finger program will not be able to return an answer for you. The author of
this plugin has written vpopfinger, which checks for users within a
vpopmail database (MySQL only) and returns the appropriate values.
NOTE3: if the server(s) you are fingering are not accessible for any
reason, the plugin will return DECLINED, and the message may be received to
a non-legit address. This is preferrable to blocking legit mail if the
finger server is down for some reason. If you list multiple servers in the
check_finger configuration file, the hosts are checked in order and if any
of them are down, the subsequent hosts will not be checked.
=head1 CONFIG
Copy the check_finger file into the plugins/ directory and then create
the file config/check_finger containing the servers to perform the
finger queries against (one per line). Add check_finger to the config/plugins
file (typically after the other check_* lines).
There are no command line options at the present time.
=cut
# this plugin checks a remote server for valid users using finger
sub register {
my ($self, $qp) = @_;
$self->register_hook("rcpt", "check_finger");
}
sub check_finger {
my ($self, $transaction, $recipient) = @_;
$self->log(LOGWARN, "Attempting to finger");
my @check_finger = $self->qp->config("check_finger") or return (DECLINED, "No
configuration file found");
return (DENY, "Didn't get host and username")
unless $recipient->host && $recipient->user;
return (DECLINED) if
$recipient->user =~ /^(?:postmaster|abuse|mailer-daemon|root)$/i;
my $rcpt = $recipient->user;
$rcpt =~ s/^([^-]+).*/$1/; # ignore address extensions
$rcpt .= '@' . lc($recipient->host);
use Net::Finger;
foreach my $hostname ( @check_finger ) {
if ($hostname =~ /^([-.\w]+)$/) {
$hostname = $1; # cleanse the taint
}
my $finger = finger("[EMAIL PROTECTED]");
if ($finger) {
if ( $finger =~ /Alias/i ) {
$recipient->{_type} = 'Alias';
}
elsif ( $finger =~ /List/i ) {
$recipient->{_type} = 'List';
}
return (OK);
}
elsif ( defined $Net::Finger::error ) {
return (DECLINED) if $Net::Finger::error =~ /Connection refused/;
$self->log(LOGERROR, "Net::Finger: ".$Net::Finger::error)
if $Net::Finger::error; # print error if any and fall through
}
}
if ( $self->qp->connection->relay_client() ) {
return (DECLINED);
}
else {
return (DENY, "mail to $rcpt not accepted here");
}
}
vpopfinger.tgz
Description: application/compressed
