tonix (Antonio Nati) wrote:

This topic should have been already covered.

Please check if this "change" works for you.



If the complete address does not exist, routine looks for "-" characters, starting from left, and each time verifies if user exists, until no "-" is found or user exists.
The "-" character must be modified accordingly to the site character chosen as TMDA address delimiter.

If I'm understanding this correctly (and definitely may not be, since I'm just getting started messing around with TMDA), what this would do is cause qmail-smtpd to:

1. look for an exact match of the recipient first - if an exact match is found, hand off to delivery per .qmail file directives for that user (or default I guess);

2. if an exact match isn't found, start looking at the username portion of the receipient address, take as much as is found prior to the occurence of a '-' character (if a '-' is found in the username), and see if THAT is a valid user for the mail domain. If this is true, hand off to delivery per the .qmail file directives for that matching username (or .qmail-default);

3. if both of these tests fail, reject the email at the SMTP phase, as chkusr normally does, since no matching user exists on that domain.

So if, for example, a spammer was trying to spam a user on one of our domains, sending an email to an expired dated address like [EMAIL PROTECTED], as long as [EMAIL PROTECTED] was a valid user account, chkusr/qmail-smtpd would accept the message at the SMTP phase, and TMDA would deal with the message as spam post-SMTP since the dated address had expired.

That's still pretty good.

Now if TMDA was creating .qmail aliases for dated addresses to point to the real user account, and removing those aliases once they had expired, the chkusr patch wouldn't need to be patched at all, would it? And people trying to send email to expired dated addresses would still be rejected at the SMTP phase with the "regular" chkusr patch -- instead of successfully delivering that message to our SMTP servers, even though these emails would ultimately be "dealt with" by TMDA.

I guess I really like the "curmudgeon" aspect of what chkusr does to qmail-smtpd, when the recipient address isn't valid. ;)


Reply via email to