Author: Wolfgang Hottgenroth <woho@hottis.de>, 2004-05-17
This is the prototype of a sender address verifier for sendmail-8.13.
It consists of a m4 file containing a FEATURE to be included in your
sendmail.mc
and a verifier daemon in a bit of python code.
By including the FEATURE in your sendmail.mc file and running the verifier daemon, sendmail file verify either
This will be done by connecting to the best MX servers of the particular domain, trying to send a mail to the particular address and collect the replies.
Actually only the HELO
, MAIL
and RCPT
commands are issued.
If a positive reply was found, the mail is considered as valid.
If a permanent negative reply was found, the mail is considered as invalid.
If no MX entry was found, the mail is considered as invalid.
If a temporary negative reply was found, the mail is considered as temporary invalid.
If there is more than one best MX server all of these servers are connected in parallel and the first permanent reply (either positive or negative) is returned.
The complete sources: download
Have a look into the sources: sources
sendmail-8.13 is required, since this thing uses the fresh introduced socket map.
Find it here on the sendmail homepage.
Your need to build sendmail with support for the socket map. Include
APPENDDEF(`confMAPDEF',`-DSOCKETMAP')
in your site.config.m4
.
Python 2.2 or 2.3 is required. If you have Python 2.3 you must delete
the import timeoutsocket
line from verifier.py
.
Additionally the python package python-dns
is required. Find it
http://pydns.sourceforge.net.
Include the FEATURE in your sendmail.mc
file. You need to give two
parameters:
FEATURE(`verifysender', `mode', `return')
For mode
you must give either white
or black
.
white
/etc/mail/verify-white-list
. If you need a different location,
define it to confVERIFIER_WHITELIST
.
black
/etc/mail/verify-black-list
. If you need a different location,
define it to confVERIFIER_BLACKLIST
.
Both the blacklist and the whitelist file are maps, they must be
created with makemap
. Therefore the entries need a LHS (the address
or domain) and a RHS. The actual content of the RHS has NO meaning at
all.
The FEATURE defines a socket map. The default target of the map is
inet:8884@127.0.0.1
, according to the default setting in
Config.py
. If you need something different, define it to
confVERIFIER_MAP
, but don't forget to also adjust Config.py
.
The configuration of the daemon is done in the file Config.py
.
This is the default of this file:
[Daemon] Address: 127.0.0.1 Port: 8884 PidFile: smmapd.pid Plugins: Verifier,Verifier2 [Logging] ApplId: smmapd [Verifier] ContainerModule: VerifierHandler ContainerClass: VerifierHandlerContainer WorkerModule: VerifierHandler WorkerClass: VerifierHandlerWorker EnableCaching: 1 CacheExpiration: 20 SMTPTimeOut: 20 SMTPHeloParam: local SMTPCheckSender: <> [Verifier2] ContainerModule: VerifierHandler ContainerClass: VerifierHandlerContainer WorkerModule: VerifierHandler WorkerClass: VerifierHandlerWorker EnableCaching: 1 CacheExpiration: 20 SMTPTimeOut: 20 SMTPHeloParam: hottis.de SMTPCheckSender: <postmaster@hottis.de>
Port
and Address
are specifying the socket the daemon should
listen to for communication with sendmail. These settings must be
reflected in the confVERIFIER_MAP
if you change it.
SMTPTimeOut
is the timeout for the communication with the MX servers
when verifying addresses.
SMTPHeloParam
is the parameter the verifier will use with the HELO
command when verifying.
SMTPCheckSender
is the sender address used during
verifications. You should not change it unless you know what you do to
avoid verification loops.
Since the verification is a time and resource consuming process,
results can be cached, which is enabled by default. Set
EnableCaching
to 0 to disable it.
CacheExpiration
is the time in seconds an entry in the cache is
considered as valid. It should be much higher.
Configure sendmail and the daemon according to your needs. Start the daemon:
./verifier.py
verifier_fix_white
in the FEATURE file, currently containing only
the string postmaster
. Addresses with userpart in this class will
never ever be verified to avoid infinite verifying loops.