> On Jan 11, 2005, at 6:07 AM, ISP Lists wrote: >> I want to reject incoming email to invalid users AFTER accepting the >> email >> by SMTPd. Where can I insert a small bash script to check valid users >> against VPOPMAIL MYSQL DB before allowing SPAMD, CLAMAV, qmail-inject, >> etc. to run??? >> >> Vpopmail 5.4.5, Mysql 3.23.54. Also, I'm aware of Tonix's patch to >> prevent invalid users BEFORE SMTPD accepts mail. Am considering it, >> but >> want to understand options if I'm willing to take the bandwidth hit but >> not provide hints to dictionary attackers. Really hoping to put a >> small >> script inline to SMTP processing. THANKS! >> >> My current /var/qmail/supervise/qmail-smtpd/run file reads thusly. >> >> #!/bin/sh >> QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE > > You can incorporate it into qmail-scanner-queue.pl. If the qmail-queue > program exits with the proper exit code, qmail-smtpd will reject the > message. > > You can run vuserinfo and check the exit code to determine if an > account is valid or not. You'll need to check the catchall setting > (unless catchall is bounce/delete, all addresses are valid). You'll > have to add some additional code though to check for mailing list, > autoresponder and alias/forward accounts. We have bounced around the > idea of writing a simple vpopmail program that checks to see if an > account is valid or not (taking into consideration the catchall > setting). > > Another option would be to modify Tonix's patch to do the checking > after receiving the message. I have no idea how hard that would be > though. > > On possible problem with this setup is that if I legitimately email two > people at your company and one address is invalid, the entire message > bounces and I don't know which address was wrong. > > -- > Tom Collins - [EMAIL PROTECTED] > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ > Info on the Sniffter hand-held Network Tester: http://sniffter.com/ > >
Tom, thanks for your well considered message. Your last point is probably the most troubling to any scenario that rejects by name. I haven't taken a serious look yet into the docs/code from Tonino to see its behavior in such a case. I, for one, would like to see some additional movement in vpopmail to expand control of smtpd - if not replace it as LinuxMagic have done. That's a bit far-reaching, so perhaps your thought of extending some service for checking valid IDs is useful. I, for one, do NOT run with a catchall, BTW....
