> Hello,
> I'm trying to use a mail filter appliance with a qmail/vpopmail (gentoo)
> install and am running into a issue with the filter generating excessive
> email accounts due to the way qmail handles invalid email addresses.
> I'm familiar with the chkuser 2 patch and have tried it with little
> success.  I am using TLS on my system and the chkuser patch works
> exactly one time then begins rejecting even valid addresses.  The vendor
> that makes the filter suggested using SMTP_VRFY but I'm unable to find a
> way to implement this in qmail/vpopmail.
> Can anyone here point me in the right direction?
Sounds like there's something funky going on with the chkuser patch for
you - do you have the same problem when not using TLS?  I'm not a chkuser
expert, but have you double-checked your chkuser settings?

Qmail implements SMTP_VRFY, but it doesn't actually do anything.  DJB
(rightly, IMHO) decided that it didn't make sense to let people constantly
hammer your system with VRFY commands to determine who was or wasn't a
valid user, and so (per the RFC) qmail's VRFY implementation responds with
a message that indicates a non-answer (252 send some mail, i'll try my
best) and doesn't actually indicate whether the address is valid or not. 
Chkuser can result in giving the same information, as it will reject
non-valid users, but this at least forces spammers to try to send mail,
and get rejections (and possibly dropped altogether) rather than just
scanning a qmail SMTP server...

Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
  - Layman's translation of the Laws of Thermodynamics

Reply via email to