#title Sender Address Verifier for Sendmail #style /web/default.css Author: Wolfgang Hottgenroth , 2004-05-17 This is the prototype of a sender address verifier for sendmail-8.13. It consists of a m4 file containing a FEATURE to be included in your =sendmail.mc= and a verifier daemon in a bit of python code. By including the FEATURE in your sendmail.mc file and running the verifier daemon, sendmail file verify either - all sender addresses (with certain exceptions) or - only certain sender addresses This will be done by connecting to the best MX servers of the particular domain, trying to send a mail to the particular address and collect the replies. Actually only the =HELO=, =MAIL= and =RCPT= commands are issued. If a positive reply was found, the mail is considered as valid. If a permanent negative reply was found, the mail is considered as invalid. If no MX entry was found, the mail is considered as invalid. If a temporary negative reply was found, the mail is considered as temporary invalid. If there is more than one best MX server all of these servers are connected in parallel and the first permanent reply (either positive or negative) is returned. ** Download The complete sources: [[./download/][download]] Have a look into the sources: [[http://www.hottis.de/cgi-bin/cvsweb.cgi/sender_verifier/][sources]] ** Requirements *** sendmail sendmail-8.13 is required, since this thing uses the fresh introduced socket map. Find it [[http://www.sendmail.org][here]] on the sendmail homepage. Your need to build sendmail with support for the socket map. Include APPENDDEF(`confMAPDEF',`-DSOCKETMAP') in your =site.config.m4=. *** Python Python 2.2 or 2.3 is required. If you have Python 2.3 you must delete the =import timeoutsocket= line from =verifier.py=. Additionally the python package =python-dns= is required. Find it [[http://pydns.sourceforge.net/][http://pydns.sourceforge.net]]. ** Configuration of sendmail Include the FEATURE in your =sendmail.mc= file. You need to give two parameters: FEATURE(`verifysender', `mode', `return') For =mode= you must give either =white= or =black=. =white= :: All sender addresses but those mentioned in the whitelist file are verified. Complete addresses or just domains can be listed in the file. The default location of the whitelist is =/etc/mail/verify-white-list=. If you need a different location, define it to =confVERIFIER_WHITELIST=. =black= :: only addresses or addresses within domains listed in the blacklist file are verified. It is obviously only useful to mention domains in the blacklist. The default location of the blacklist is =/etc/mail/verify-black-list=. If you need a different location, define it to =confVERIFIER_BLACKLIST=. Both the blacklist and the whitelist file are maps, they must be created with =makemap=. Therefore the entries need a LHS (the address or domain) and a RHS. The actual content of the RHS has NO meaning at all. The FEATURE defines a socket map. The default target of the map is =inet:8884@127.0.0.1=, according to the default setting in =Config.py=. If you need something different, define it to =confVERIFIER_MAP=, but don't forget to also adjust =Config.py=. ** Configuration of the verification daemon The configuration of the daemon is done in the file =Config.py=. This is the default of this file: [Daemon] Address: 127.0.0.1 Port: 8884 PidFile: smmapd.pid Plugins: Verifier,Verifier2 [Logging] ApplId: smmapd [Verifier] ContainerModule: VerifierHandler ContainerClass: VerifierHandlerContainer WorkerModule: VerifierHandler WorkerClass: VerifierHandlerWorker EnableCaching: 1 CacheExpiration: 20 SMTPTimeOut: 20 SMTPHeloParam: local SMTPCheckSender: <> [Verifier2] ContainerModule: VerifierHandler ContainerClass: VerifierHandlerContainer WorkerModule: VerifierHandler WorkerClass: VerifierHandlerWorker EnableCaching: 1 CacheExpiration: 20 SMTPTimeOut: 20 SMTPHeloParam: hottis.de SMTPCheckSender: =Port= and =Address= are specifying the socket the daemon should listen to for communication with sendmail. These settings must be reflected in the =confVERIFIER_MAP= if you change it. =SMTPTimeOut= is the timeout for the communication with the MX servers when verifying addresses. =SMTPHeloParam= is the parameter the verifier will use with the =HELO= command when verifying. =SMTPCheckSender= is the sender address used during verifications. You should not change it unless you know what you do to avoid verification loops. Since the verification is a time and resource consuming process, results can be cached, which is enabled by default. Set =EnableCaching= to 0 to disable it. =CacheExpiration= is the time in seconds an entry in the cache is considered as valid. It should be much higher. ** Operation Configure sendmail and the daemon according to your needs. Start the daemon: ./verifier.py ** Changes - According to a comment in comp.mail.sendmail I've introduced a class =verifier_fix_white= in the FEATURE file, currently containing only the string =postmaster=. Addresses with userpart in this class will never ever be verified to avoid infinite verifying loops. *** 2004-05-17 - support plugins - separate container and worker object, thereby enable multiple instances of the same plugins