"Jesse D. Guardiani" <[EMAIL PROTECTED]> writes:
> Yeah. That helped a lot with the searches. Exim seems to have pretty
> comprehensive support for "sender address verification" already.
Not surprised. It looks very similar to what's in Postfix from the
docs. Perhaps WV used Exim's sender address verification as a model.
Exim has lots of attractive features, but it's sheer size and complex
configuration sort of scares me. Postfix seems to be somewhere in the
middle between qmail and Exim on the feature/complexity scale.
> I've started a discussion on the qmail mailing list. So far the
> responses are favorable.
I'm reading it. I'm surprised this hasn't already been implemented.
Perhaps it's not so trivial in qmail.
> One interesting suggestion by a member of the qmail list was that
> TMDA itself perform the SMTP probe. I agree that this is better
> implemented in the MTA, but it's interesting and something I hand't
> considered before.
You said on the qmail list that I disagreed with this idea, and that's
not really true. I just think it's better implemented in the MTA and
also don't like reinventing the wheel, but am not opposed to doing
this from TMDA. In fact, if you don't have control over your MTA,
this might be your only option. I'm only opposed to just deleting
pending files when the corresponding confirmation request bounces.
You could wire a custom SMTP prober into TMDA using 'pipe'. You'd
have at the end of your FILTER_INCOMING (after whitelists) something
like:
# drop the message if its sender can't be verified
pipe "/usr/bin/smtp_verify_sender" drop
You'd write the `smtp_verify_sender' program to do an MX lookup on the
address, probe its primary SMTP server, and return 0 if the address is
bad (i.e, if the server returns a 550 response code).
The program could be written in any language of course, but Python's
smtplib module makes this pretty easy. e.g,
>>> import smtplib
>>> server = smtplib.SMTP('mx1.hotmail.com')
>>> server.docmd('ehlo')
(250, 'mc5-f12.law1.hotmail.com (02.02.00.0007) Hello [128.165.147.60]\nSIZE 4278
190\nPIPELINING\n8bitmime\nBINARYMIME\nCHUNKING\nVRFY\nAUTH LOGIN\nAUTH=LOGIN\nX-
HMAUTH\nOK')
>>> server.docmd('mail from:', '<[EMAIL PROTECTED]>')
(250, '[EMAIL PROTECTED] OK')
>>> server.docmd('rcpt to:', '<[EMAIL PROTECTED]>')
(550, 'Requested action not taken: mailbox unavailable')
>>> server.quit()
>>>
For extra credit, things like handling timeouts, and storing the
verified bad addresses in a persistent file for later processing
should be implemented.
_________________________________________________
tmda-workers mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-workers
