-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
basic SMTP recipient checking #233
base: main
Are you sure you want to change the base?
Commits on Mar 28, 2003
-
Reject SMTP recipients in control/badrcptto.
Original: badrcptto-v1.02.netqmail.patch The badrcptto patch SMTP-rejects email for specific recipients in an email domain you otherwise accept mail for. List these "bad recipients" in control/badrcptto, one per line. Rejection occurs during the smtp envelope (rcpt) phase, before the email headers and body can be transmitted. Alex Kramarov added code to skip badrcptto checks if RELAYCLIENT is set, so that one could prevent remote users from sending email to certain local accounts while permitting local users to do so. This has been merged. Andrew McCarthy added logging for badrcptto hits. This has also been merged.
Configuration menu - View commit details
-
Copy full SHA for b310a2e - Browse repository at this point
Copy the full SHA b310a2eView commit details
Commits on Feb 2, 2022
-
Let qmail-smtpd reject admin-defined recipients.
Original: https://www.soffian.org/downloads/qmail/qmail-smtpd.patch This patch modifies qmail-smtpd to check for an environment variable, $RCPTCHECK. If it is set, for each 'rcpt to:' that qmail-smtpd receives, it will fork/exec $RCPTCHECK. $RCPTCHECK is run in the same environment as qmail-smtpd (Note that qmail-smtpd changes its CWD to qmail-home [typically /var/qmail] at startup). Additionally $SENDER is set to the envelope from (mail from:) and $RECIPIENT is set to the envelope recipient (for the current rcpt to:). Based on the return code (exit value) of $RCPTCHECK, the rcpt to: address will either be accepted or rejected as follows: - 100: recipient is rejected with "553 sorry, no mailbox here by that name. (#5.1.1)" - 111: connection is dropped with a temporary error "421 unable to verify recipient (#4.3.0)" - 120: connection is dropped with a temporary error "421 unable to execute recipient check (#4.3.0)" - All others: recipient is accepted. 120 is used internally (by the patch) if $RCPTCHECK cannot be executed. Useful for validating recipient to addresses with an arbitrary program (such as fastforward in '-n' mode).
Configuration menu - View commit details
-
Copy full SHA for 5ddc3d7 - Browse repository at this point
Copy the full SHA 5ddc3d7View commit details -
Configuration menu - View commit details
-
Copy full SHA for b6bb341 - Browse repository at this point
Copy the full SHA b6bb341View commit details -
Reject many {Q,S}MTP recipients that would bounce.
Original: qmail-1.03-realrcptto-2006.12.10.patch The qmail-realrcptto patch copies logic from qmail-send, qmail-lspawn, qmail-getpw, and qmail-local into qmail-smtpd and qmail-qmtpd, so that if a local delivery (i.e., one for a domain in /var/qmail/control/locals or virtualdomains) would eventually bounce due to a missing .qmail file, then that recipient address is rejected during the SMTP or QMTP protocol conversation. There are other qmail patches around that do similar jobs (badrcptto, etc.); the focus of this patch is to get this functionality with no additional administrative effort, rather than qmail-smtpd's running speed. You just set up your .qmail files, as you would have to do anyway, and the rest is automatic, though slower than a CDB lookup. Addresses which use the default delivery instructions are never rejected by this patch, because they would never be bounced due to the lack of a .qmail file. This patch is less effective when there are .qmail-default files, or when qmaild does not have sufficient filesystem permissions to stat() users' .qmail files, since in those cases, qmail-smtpd cannot know that the delivery would later bounce due to the lack of a .qmail file. For example, I'm told that this patch is not useful for virtual domains managed with vpopmail, since an applicable .qmail-default file always exists. (I'm not familiar with vpopmail myself.) The patch may still be useful for other local or virtual domains on the same server, if they are not managed by vpopmail.
Configuration menu - View commit details
-
Copy full SHA for a54cf2a - Browse repository at this point
Copy the full SHA a54cf2aView commit details -
Configuration menu - View commit details
-
Copy full SHA for f15549b - Browse repository at this point
Copy the full SHA f15549bView commit details -
Convert realrcptto to a RCPTCHECK-style program.
- Remove realrcptto references from qmail-qmtpd(8) and qmail-smtpd(8) - Add qmail-rcptcheck-realrcptto(8) program and manual page - Adjust realrcptto.c messages for the new context Note that this leaves qmail-qmtpd(8) without realrcptto functionality. Porting the RCPTCHECK patch would probably do the trick.
Configuration menu - View commit details
-
Copy full SHA for 4da3ecc - Browse repository at this point
Copy the full SHA 4da3eccView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1422071 - Browse repository at this point
Copy the full SHA 1422071View commit details
Commits on Feb 5, 2022
-
Add qmail-rcptcheck(8) from rejectutils.
qmail-rcptcheck runs an administrator-defined sequence of programs to check SMTP envelope senders and recipients. Checks must adhere to the RCPTCHECK interface. If any check rejects, the message is rejected. qmail-rcptcheck is most commonly invoked from qmail-smtpd via RCPTCHECK, but also runs under qmail-spp (not documented here), so if and when we switch to that, recipient-checking programs won't need to be changed.
Configuration menu - View commit details
-
Copy full SHA for 44a63b4 - Browse repository at this point
Copy the full SHA 44a63b4View commit details -
Convert badrcptto to a RCPTCHECK-style program.
- Remove references from qmail-smtpd(8) - Extract logic to badrcptto.c - Add qmail-rcptcheck-badrcptto(8) program and manual page
Configuration menu - View commit details
-
Copy full SHA for 1189eda - Browse repository at this point
Copy the full SHA 1189edaView commit details -
Configuration menu - View commit details
-
Copy full SHA for 1ef1c15 - Browse repository at this point
Copy the full SHA 1ef1c15View commit details