Thank you very much! I think this is a good starting point to write my
first plugin.
Werner
Johan Almqvist schrieb:
Werner Fleck wrote:
Why should I miss legitimate bounces? I thought, since I'm in control
of any mail server which might legitimately identify itself as
mydomain.com, any mail mail which has a Received: line with
mydomain.com and an ip number which does not belong to me is forged.
The reason I asked is that I'm running TMDA and about 20% of the mails
in the pending queue are bounces for such clearly forged mails. If I
could reject such mails, I could have avoided sending challenge
messages for them.
I know, it would be better if the the other mail server had not
accepted the original mail at first. I'm using SPF for my domains so
that this mail could easily be detected as not being legitimate. But
then, not everybody is using qpsmtpd.
Something like:
sub hook_data_post {
my ($self, $transaction) = @_;
# skip past headers
while (my $line = $transaction->body_getline) {
$line =~ s/\r?\n//;
$line =~ s/\s*$//;
last unless length($line);
}
while (my $line = $transaction->body_getline) {
if ($line =~ /^Received:.*YOURHOSTNAME.COM/ ||
!($line =~ /YOUR.IP.HERE/)) {
return (DENY, "Fake bounce");
}
}
?
