On Tue, 28 Feb 2006, Robin Bowes wrote:
> Have a look at my check_validrcptto_cdb plugin:
>
> http://robinbowes.com/projects/check_validrcptto_cdb
>
> If you can generate a list of valid users on your systems somehow then
> this can seriously cut down on the amount of messages you accept for
> further processing. This and the check_earlytalker plugin are the two
> single-most effective plugins in my setup.
When I first set up 0.26, I used a modified badrcptto to identify
non-existent accounts, but the file grew far too fast. Then I came across
Rasjid Wilcox' delivery plugin, and used it. I really like the idea of not
having to maintain a redundant set of data just to identify legitimate
addresses.
However, the plugin is rather lengthy (over 700 lines, plus a
short setuid script), but that's because it attempts to handle every
conceivable possibility (aliases, etc.). Apparently, it was not complete,
but it did the job in my case.
When I first tried 0.31.1, the plugin/script stopped working for
me. I forget what the problem was. My solution was to rewrite things from
scratch. Now I have less than 200 lines for both the plugin and the setuid
script.
But I am running a very atypical setup. All domains are virtual,
with a linux account controlling each address via .qmail files (as opposed
to separate entries in the control/virtualdomains file), and no ~alias
.qmail files. I do have to identify some special .qmail files, though. It
must handle .qmail-default type files, too. The bottom line is that it's
fairly simple to take a recipient address and see if a .qmail file in the
domain's control account matches. If it doesn't, then the connection can
be turfed. No need to keep duplicating the account names in another config
file.
If you have local accounts, or if you trace chains of .qmail
files, then it gets much more complicated.
