Sender Address Verifier for Sendmail

Author: Wolfgang Hottgenroth <woho@hottis.de>, 2004-05-17

This is the prototype of a sender address verifier for sendmail-8.13.

It consists of a m4 file containing a FEATURE to be included in your sendmail.mc and a verifier daemon in a bit of python code.

By including the FEATURE in your sendmail.mc file and running the verifier daemon, sendmail file verify either

This will be done by connecting to the best MX servers of the particular domain, trying to send a mail to the particular address and collect the replies.

Actually only the HELO, MAIL and RCPT commands are issued.

If a positive reply was found, the mail is considered as valid.

If a permanent negative reply was found, the mail is considered as invalid.

If no MX entry was found, the mail is considered as invalid.

If a temporary negative reply was found, the mail is considered as temporary invalid.

If there is more than one best MX server all of these servers are connected in parallel and the first permanent reply (either positive or negative) is returned.

Download

The complete sources: download

Have a look into the sources: sources

Requirements

sendmail

sendmail-8.13 is required, since this thing uses the fresh introduced socket map.

Find it here on the sendmail homepage.

Your need to build sendmail with support for the socket map. Include

APPENDDEF(`confMAPDEF',`-DSOCKETMAP')

in your site.config.m4.

Python

Python 2.2 or 2.3 is required. If you have Python 2.3 you must delete the import timeoutsocket line from verifier.py.

Additionally the python package python-dns is required. Find it http://pydns.sourceforge.net.

Configuration of sendmail

Include the FEATURE in your sendmail.mc file. You need to give two parameters:

FEATURE(`verifysender', `mode', `return')

For mode you must give either white or black.

white
All sender addresses but those mentioned in the whitelist file are verified. Complete addresses or just domains can be listed in the file. The default location of the whitelist is /etc/mail/verify-white-list. If you need a different location, define it to confVERIFIER_WHITELIST.
black
only addresses or addresses within domains listed in the blacklist file are verified. It is obviously only useful to mention domains in the blacklist. The default location of the blacklist is /etc/mail/verify-black-list. If you need a different location, define it to confVERIFIER_BLACKLIST.

Both the blacklist and the whitelist file are maps, they must be created with makemap. Therefore the entries need a LHS (the address or domain) and a RHS. The actual content of the RHS has NO meaning at all.

The FEATURE defines a socket map. The default target of the map is inet:8884@127.0.0.1, according to the default setting in Config.py. If you need something different, define it to confVERIFIER_MAP, but don't forget to also adjust Config.py.

Configuration of the verification daemon

The configuration of the daemon is done in the file Config.py.

This is the default of this file:

[Daemon]
Address: 127.0.0.1
Port: 8884
PidFile: smmapd.pid
Plugins: Verifier,Verifier2

[Logging]
ApplId: smmapd

[Verifier]
ContainerModule: VerifierHandler
ContainerClass: VerifierHandlerContainer
WorkerModule: VerifierHandler
WorkerClass: VerifierHandlerWorker
EnableCaching: 1
CacheExpiration: 20
SMTPTimeOut: 20
SMTPHeloParam: local
SMTPCheckSender: <>

[Verifier2]
ContainerModule: VerifierHandler
ContainerClass: VerifierHandlerContainer
WorkerModule: VerifierHandler
WorkerClass: VerifierHandlerWorker
EnableCaching: 1
CacheExpiration: 20
SMTPTimeOut: 20
SMTPHeloParam: hottis.de
SMTPCheckSender: <postmaster@hottis.de>

Port and Address are specifying the socket the daemon should listen to for communication with sendmail. These settings must be reflected in the confVERIFIER_MAP if you change it.

SMTPTimeOut is the timeout for the communication with the MX servers when verifying addresses.

SMTPHeloParam is the parameter the verifier will use with the HELO command when verifying.

SMTPCheckSender is the sender address used during verifications. You should not change it unless you know what you do to avoid verification loops.

Since the verification is a time and resource consuming process, results can be cached, which is enabled by default. Set EnableCaching to 0 to disable it.

CacheExpiration is the time in seconds an entry in the cache is considered as valid. It should be much higher.

Operation

Configure sendmail and the daemon according to your needs. Start the daemon:

./verifier.py

Changes

2004-05-17