Jason R. Mastaler wrote:
> "Jesse D. Guardiani" <[EMAIL PROTECTED]> writes:
>
>> Yeah. That helped a lot with the searches. Exim seems to have pretty
>> comprehensive support for "sender address verification" already.
>
> Not surprised. It looks very similar to what's in Postfix from the
> docs. Perhaps WV used Exim's sender address verification as a model.
> Exim has lots of attractive features, but it's sheer size and complex
> configuration sort of scares me. Postfix seems to be somewhere in the
> middle between qmail and Exim on the feature/complexity scale.
>From what I've read, Postfix seems to be a superior MTA over qmail for
everything but virtual domain management and security. If Postfix had
something like VMailMgr or vpopmail I'd use it myself. But it doesn't.
>
>> I've started a discussion on the qmail mailing list. So far the
>> responses are favorable.
>
> I'm reading it. I'm surprised this hasn't already been implemented.
> Perhaps it's not so trivial in qmail.
Well, if you read Russ Nelson's latest post to my thread, it IS pretty
trivial. Just waiting for DATA before rejecting the sender would go a
long way toward simplifying the situation.
I think maybe the reason why people haven't implemented this feature
in qmail yet has something to do with the clear separation between
incoming and outgoing SMTP in qmail's architecture. This functionality
would blur that line a bit. But who cares, you know? 70% spam reduction
isn't anything to sneeze at.
>
>> One interesting suggestion by a member of the qmail list was that
>> TMDA itself perform the SMTP probe. I agree that this is better
>> implemented in the MTA, but it's interesting and something I hand't
>> considered before.
>
> You said on the qmail list that I disagreed with this idea, and that's
> not really true. I just think it's better implemented in the MTA and
> also don't like reinventing the wheel, but am not opposed to doing
> this from TMDA. In fact, if you don't have control over your MTA,
> this might be your only option. I'm only opposed to just deleting
> pending files when the corresponding confirmation request bounces.
I appologize. I just assumed you wouldn't like the idea since you
didn't favor my previous ideas about automated bounce dropping. I guess
I need to be more careful when I speak for others without their consent.
>
> You could wire a custom SMTP prober into TMDA using 'pipe'. You'd
> have at the end of your FILTER_INCOMING (after whitelists) something
> like:
>
> # drop the message if its sender can't be verified
> pipe "/usr/bin/smtp_verify_sender" drop
That's pretty slick. I like it. I'll have to give this a try tommorrow
and see how it works (without the 'drop' at first, I think).
>
> You'd write the `smtp_verify_sender' program to do an MX lookup on the
> address, probe its primary SMTP server, and return 0 if the address is
> bad (i.e, if the server returns a 550 response code).
>
> The program could be written in any language of course, but Python's
> smtplib module makes this pretty easy. e.g,
>
>>>> import smtplib
>>>> server = smtplib.SMTP('mx1.hotmail.com')
>>>> server.docmd('ehlo')
> (250, 'mc5-f12.law1.hotmail.com (02.02.00.0007) Hello
> [128.165.147.60]\nSIZE 4278
> 190\nPIPELINING\n8bitmime\nBINARYMIME\nCHUNKING\nVRFY\nAUTH
> LOGIN\nAUTH=LOGIN\nX- HMAUTH\nOK')
>>>> server.docmd('mail from:', '<[EMAIL PROTECTED]>')
> (250, '[EMAIL PROTECTED] OK')
>>>> server.docmd('rcpt to:', '<[EMAIL PROTECTED]>')
> (550, 'Requested action not taken: mailbox unavailable')
>>>> server.quit()
>>>>
>
> For extra credit, things like handling timeouts, and storing the
> verified bad addresses in a persistent file for later processing
> should be implemented.
Yeah. CDB or MySQL system wide caching. I like it! That's getting
almost as good as an MTA level implementation!
I can't wait to give this a try ASAP... stay tuned.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
We are actively looking for companies that do a lot of long
distance faxing and want to cut their long distance bill by
up to 50%. Contact [EMAIL PROTECTED] for more info.
_________________________________________________
tmda-workers mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-workers
