> On Jan 11, 2005, at 6:07 AM, ISP Lists wrote:
>> I want to reject incoming email to invalid users AFTER accepting the
>> email
>> by SMTPd. Where can I insert a small bash script to check valid users
>> against VPOPMAIL MYSQL DB before allowing SPAMD, CLAMAV, qmail-inject,
>> etc. to run???
>> Vpopmail 5.4.5, Mysql 3.23.54.  Also, I'm aware of Tonix's patch to
>> prevent invalid users BEFORE SMTPD accepts mail.  Am considering it,
>> but
>> want to understand options if I'm willing to take the bandwidth hit but
>> not provide hints to dictionary attackers.  Really hoping to put a
>> small
>> script inline to SMTP processing.  THANKS!
>> My current /var/qmail/supervise/qmail-smtpd/run file reads thusly.
>> #!/bin/sh
>> QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
> You can incorporate it into qmail-scanner-queue.pl.  If the qmail-queue
> program exits with the proper exit code, qmail-smtpd will reject the
> message.
> You can run vuserinfo and check the exit code to determine if an
> account is valid or not.  You'll need to check the catchall setting
> (unless catchall is bounce/delete, all addresses are valid).  You'll
> have to add some additional code though to check for mailing list,
> autoresponder and alias/forward accounts.  We have bounced around the
> idea of writing a simple vpopmail program that checks to see if an
> account is valid or not (taking into consideration the catchall
> setting).
> Another option would be to modify Tonix's patch to do the checking
> after receiving the message.  I have no idea how hard that would be
> though.
> On possible problem with this setup is that if I legitimately email two
> people at your company and one address is invalid, the entire message
> bounces and I don't know which address was wrong.
> --
> Tom Collins  -  [EMAIL PROTECTED]
> QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
> Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Tom, thanks for your well considered message.  Your last point is probably
the most troubling to any scenario that rejects by name.  I haven't taken
a serious look yet into the docs/code from Tonino to see its behavior in
such a case.

I, for one, would like to see some additional movement in vpopmail to
expand control of smtpd - if not replace it as LinuxMagic have done. 
That's a bit far-reaching, so perhaps your thought of extending some
service for checking valid IDs is useful.  I, for one, do NOT run with a
catchall, BTW....

Reply via email to