It's not hard to adapt the current source code to handle this. I went through v1.17 and modified it to handle a large number of checks on envelope principals. Took about 2 days to do the mods, and another 2 - 3 days to test properly. There may still be a few bugs in what I did, but I haven't encountered them (I've been running with the mods in production for at least a month). However, I'm definitely a low-volume MX, so the mods might not stand up to higher volumes.
The checks I implemented (and some of these were present already) were: // Connection (IP based) tests are placed in the first byte (bits 1 - 8) #define SMTP_FAIL_IP_SPAMMER (1 << 0) // IP appears in spammers.tab #define SMTP_FAIL_IP_RDNS (1 << 1) // IP has no RDNS defined #define SMTP_FAIL_IP_RDNS_SPAMMER (1 << 2) // RDNS appears in spam-rdns.tab #define SMTP_FAIL_IP_BADPTR (1 << 3) // RDNS ends with ".in-addr.arpa" #define SMTP_FAIL_IP_MAPS (1 << 4) // IP is listed in a DNSBL #define SMTP_FAIL_IP_RDNS_FQDN (1 << 5) // RDNS is not a FQDN (has no period) // HELO tests are placed in the second byte (bits 9 - 16) #define SMTP_FAIL_HELO_IPADDR (1 << 8) // HELO name is an IP address #define SMTP_FAIL_HELO_SPAMMER (1 << 9) // HELO name appears in spam-helo.tab #define SMTP_FAIL_HELO_FQDN (1 << 10) // HELO name is not a FQDN (check for at least one period) #define SMTP_FAIL_HELO_DNS (1 << 11) // HELO name does not resolve (no A record) #define SMTP_FAIL_HELO_NOTPEER (1 << 12) // HELO name does not match connected IP (FQDN A record lookup or IP HELO) // MAIL FROM tests are placed in the third byte (bits 17 - 24) #define SMTP_FAIL_MAIL_NULL_SENDER (1 << 16) // MAIL FROM: <> #define SMTP_FAIL_MAIL_SPAMMER (1 << 17) // MAIL FROM appears in spam-addresses.tab #define SMTP_FAIL_MAIL_MX (1 << 18) // MAIL FROM domain has no MX record #define SMTP_FAIL_MAIL_DNS (1 << 19) // MAIL FROM domain has no A record // Other tests (none at present) are placed in the fourth byte (bits 25 - 32) All "fails" are delayed until after RCPT TO (this allows me to log all pertinent information for each fail (sender IP, sender RDNS, HELO/EHLO name, MAIL FROM, RCPT TO) and allows me to whitelist by IP address (I'm planning to add RDNS whitelisting at some point), but also to allow *all* traffic for designated RCPT TO addresses (such as role accounts which are required, by RFC, to accept all mail directed to them). Most of these tests I set up to be controlled by option variables I added in server.tab. At 10:47 12/18/2003, Charles Frolick wrote: >While we are on the subject of future filter capabilites (XMail 3.0 >perhaps), custom filters for envelope rejection (MAIL FROM, RCPT TO, >EHLO) would be very nice. No hurry, just would be nice to have as spam >control. > >Thanks, >Chuck Frolick >ArgoLink.net > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >On Behalf Of S=F6nke Ruempler >Sent: Thursday, December 18, 2003 2:52 AM >To: [EMAIL PROTECTED] >Subject: [xmail] Re: XMail CTRL slow > > > > Hmmm, if you guys drop tons of stuff inside the filters files maybe=20 > > the architecture will have to change again :-/ > >Davide, and another problem is, if 2 processes overlap while read and >write with cfgfileset/get. > >We now solve that client-side, but in a heterogen environment it would >be better if XMail CTRL handles that. And as i mentioned, maybe >filteradd/filterdel command would ne nice ;-) > >But i think XMail 2.0 and IMAP should have priority over this because >the people are waiting ;-) > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in the >body of a message to [EMAIL PROTECTED] For general help: send the >line "help" in the body of a message to [EMAIL PROTECTED] > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
