Re: [Mimedefang] MIMEDefang Notification

2014-12-09 Thread Anne Bennett 

> md_check_against_smtp_server
> to verify email addresses ahead.

> This works fine for 1 destination server but in some environments there
> may be a number of servers available to authenticate against, an MS
> Exchange network for example may have multiple Hub Transport servers.

> Has anyone managed to extend this excellent logic, which works perfectly
> for single MX, to allow for multiple MX ?

Here are some excerpts from my own code (my complete code
includes local caching so I don't check back too often for
the same address - I don't show that here).  I assume that we
run the back-check only for mail being delivered locally, not
for mail on its way out.  You'll need to configure the $EC_*
variables suitably for your installation, of course.



  # Configuration: our MDAs, that we're willing to check users against:
  $EC_check_against_these_mdas = '(?:mail\d+\.encs\.concordia\.ca)';
  # A known valid sender address that we'll use for the checks:
  $EC_checker_sender_addr  = 'mail-check-b...@encs.concordia.ca';

sub concordia_check_against_smtp_server()
{
  my ( $envsender, $rcpt_addr, $rcpt_mailer, $rcpt_host ) = @_;

  $returnval = 'CONTINUE'; # default case: fail open

  # If this isn't for SMTP delivery, cannot perform this check:
  return($returnval) unless (lc $rcpt_mailer) =~ /^e?smtp$/ ;

  # If a mailertable is in use, the $rcpt_host may be a list, so split
  # it as needed before running any checks.
  # We will check only against our own relays:
  #
  {
my ( $host );
@rcpt_hosts = ();
foreach $host ( split /:/, $rcpt_host )
{
  $host =~ s/^\[(.*)\]$/$1/;  # Strip square brackets if any.
  next unless lc($host) =~ /^$EC_check_against_these_mdas$/ ; # Just ours.
  push @rcpt_hosts, $host;
}
  }
  # If none of our relays were listed, we don't check:
  return($returnval) unless @rcpt_hosts;

  # Check the recipient with the next hop for this message.  The first
  # definite answer (if any) is used.  IMPORTANT: use a known good
  # sender instead of the real message's sender, otherwise a rejection
  # due to a bad sender could get cached as a rejection for the
  # recipient address! (RT#242833, 2012-04-27)
  foreach $check_mx ( @rcpt_hosts )
  {
my $query = $res->search($check_mx);
# Paranoia: run only if host exists and can be resolved: 
if ($query)
{
  my ( $mdc_retval, $mdc_msg ) =
main::md_check_against_smtp_server($EC_checker_sender_addr,
  $rcpt_addr_noplus, $thishost, $check_mx);
  if ( $mdc_retval eq 'REJECT'  or  $mdc_retval eq 'CONTINUE' )
  {
# definitive answer, return immediately:
return($mdc_retval, "$mdc_msg (via $check_mx)");
  }
  # else, an error occurred, so carry on with foreach loop:
  # another MDA may be available to check this user.

} # if the host resolves in DNS
  } # foreach check_mx

  return ($returnval); # default is CONTINUE
}



Hope that helps.


Anne.
-- 
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8
a...@encs.concordia.ca+1 514 848-2424 x2285
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang Notification

2014-12-09 Thread Matt Garretson 
On 12/9/2014 2:06 PM, Jon Rowlan wrote:
> Domain.com  esmtp:[9.9.9.9]:[8.8.8.8]

I'm not fully sure of your overall goal, but if your question is 
about a regex to parse your sample line above, then how about 
something generally like this:


my $line = "Domain.com  esmtp:[9.9.9.9]:[8.8.8.8]";
my ( $domain, $proto, $relays ) = ( $line =~ m/^(\S+)\s+(e?smtp)(:.+)$/i );
my @relays = ( $relays =~ m/:\[([^]]+)\]/g );



___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang Notification

2014-12-09 Thread Jon Rowlan 
Hi all,

In a post back in 2011 Larry Starr referred to using 

md_check_against_smtp_server

to verify email addresses ahead.

http://lists.roaringpenguin.com/pipermail/mimedefang/2005-March/026240.h
tml

in this he has this line:

if( $relaydomains{$domain} =~ /^smtp:\[(.+)\]/){

This reads a the value of a hash, it essentially takes the square
bracketed mailertable entry to interpret the server to contact to check
for a valid user.

This works fine for 1 destination server but in some environments there
may be a number of servers available to authenticate against, an MS
Exchange network for example may have multiple Hub Transport servers.

I wanted to extend this to include multiple MX which are defined thus:

Domain.com  esmtp:[9.9.9.9]:[8.8.8.8]

And I thought that I had correctly figured the regex required would be:

/^smtp:\[(.+)/)

By taking out the escaped close square bracket then the match should be
for a string that begins

Smtp:[

With an undetermined number of any characters on the end.

Then the plan was to split based upon the colon character.

I have been unable to get this to work and trying to use DB_File in the
way I would normally treat hash tables and disk files keeps telling me
that my code is not blessed  which I wold have thought is something
that I would hear about in church!

Has anyone managed to extend this excellent logic, which works perfectly
for single MX, to allow for multiple MX ?

Many thanks all,

jON
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang