I like what you have done, but it would be nice to be able to run filters like greylisting (http://projects.puremagic.com/greylisting/), also to be able to tarpit, refuse (5xx error), or temp error (4xx) based on info in the envelope. Of course SMTP Auth would have to be able to take priority over the filters, at least optionally.
Thanks, Chuck Frolick ArgoLink.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tracy Sent: Thursday, December 18, 2003 12:21 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: XMail CTRL slow It's not hard to adapt the current source code to handle this. I went through v1.17 and modified it to handle a large number of checks on envelope principals. Took about 2 days to do the mods, and another 2 - 3 days to test properly. There may still be a few bugs in what I did, but I haven't encountered them (I've been running with the mods in production for at least a month). However, I'm definitely a low-volume MX, so the mods might not stand up to higher volumes. The checks I implemented (and some of these were present already) were: // Connection (IP based) tests are placed in the first byte (bits 1 - 8) #define SMTP_FAIL_IP_SPAMMER (1 << 0) // IP appears in spammers.tab #define SMTP_FAIL_IP_RDNS (1 << 1) // IP has no RDNS defined #define SMTP_FAIL_IP_RDNS_SPAMMER (1 << 2) // RDNS appears in spam-rdns.tab #define SMTP_FAIL_IP_BADPTR (1 << 3) // RDNS ends with ".in-addr.arpa" #define SMTP_FAIL_IP_MAPS (1 << 4) // IP is listed in a DNSBL #define SMTP_FAIL_IP_RDNS_FQDN (1 << 5) // RDNS is not a FQDN (has no period) // HELO tests are placed in the second byte (bits 9 - 16) #define SMTP_FAIL_HELO_IPADDR (1 << 8) // HELO name is an IP address #define SMTP_FAIL_HELO_SPAMMER (1 << 9) // HELO name appears in spam-helo.tab #define SMTP_FAIL_HELO_FQDN (1 << 10) // HELO name is not a FQDN (check for at least one period) #define SMTP_FAIL_HELO_DNS (1 << 11) // HELO name does not resolve (no A record) #define SMTP_FAIL_HELO_NOTPEER (1 << 12) // HELO name does not match connected IP (FQDN A record lookup or IP HELO) // MAIL FROM tests are placed in the third byte (bits 17 - 24) #define SMTP_FAIL_MAIL_NULL_SENDER (1 << 16) // MAIL FROM: <> #define SMTP_FAIL_MAIL_SPAMMER (1 << 17) // MAIL FROM appears in spam-addresses.tab #define SMTP_FAIL_MAIL_MX (1 << 18) // MAIL FROM domain has no MX record #define SMTP_FAIL_MAIL_DNS (1 << 19) // MAIL FROM domain has no A record // Other tests (none at present) are placed in the fourth byte (bits 25 - 32) All "fails" are delayed until after RCPT TO (this allows me to log all pertinent information for each fail (sender IP, sender RDNS, HELO/EHLO name, MAIL FROM, RCPT TO) and allows me to whitelist by IP address (I'm planning to add RDNS whitelisting at some point), but also to allow *all* traffic for designated RCPT TO addresses (such as role accounts which are required, by RFC, to accept all mail directed to them). Most of these tests I set up to be controlled by option variables I added in server.tab. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
