smmapdfw/smmapd_prototype/index.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<html>
  <head>
    <title>Sender Address Verifier for Sendmail</title>
    <meta name="generator" content="emacs-wiki.el">
    <meta http-equiv="Content-Type"
	  content="text/html; charset=iso-8859-1">
    <link rev="made" href="mailto:woho@hottis.de">
    <link rel="stylesheet" type="text/css" href="/web/default.css" />
  </head>
  <body>
    <h1>Sender Address Verifier for Sendmail</h1>
    <!-- Page published by Emacs Wiki begins here -->
<p>
Author: Wolfgang Hottgenroth <<a href="mailto:woho@hottis.de">woho@hottis.de</a>>, 2004-05-17

</p>

<p>
This is the prototype of a sender address verifier for sendmail-8.13.

</p>

<p>
It consists of a m4 file containing a FEATURE to be included in your
<code>sendmail.mc</code> and a verifier daemon in a bit of python code.

</p>

<p>
By including the FEATURE in your sendmail.mc file and running the
verifier daemon, sendmail file verify either

</p>

<ul>
<li>all sender addresses (with certain exceptions) or
</li>
<li>only certain sender addresses
</li>
</ul>

<p>
This will be done by connecting to the best MX servers of the
particular domain, trying to send a mail to the particular address and
collect the replies. 

</p>

<p>
Actually only the <code>HELO</code>, <code>MAIL</code> and <code>RCPT</code> commands are issued.

</p>

<p>
If a positive reply was found, the mail is considered as valid.

</p>

<p>
If a permanent negative reply was found, the mail is considered as
invalid.

</p>

<p>
If no MX entry was found, the mail is considered as invalid.

</p>

<p>
If a temporary negative reply was found, the mail is considered as
temporary invalid.

</p>

<p>
If there is more than one best MX server all of these servers are
connected in parallel and the first permanent reply (either positive
or negative) is returned.

</p>

<h3>Download</h3>

<p>
The complete sources: <a href="./download/">download</a>

</p>

<p>
Have a look into the sources: <a href="http://www.hottis.de/cgi-bin/cvsweb.cgi/sender_verifier/">sources</a>

</p>

<h3>Requirements</h3>

<h4>sendmail</h4>

<p>
sendmail-8.13 is required, since this thing uses the fresh introduced
socket map.

</p>

<p>
Find it <a href="http://www.sendmail.org">here</a> on the sendmail homepage.

</p>

<p>
Your need to build sendmail with support for the socket map. Include 

</p>

<pre class="example">
APPENDDEF(`confMAPDEF',`-DSOCKETMAP')
</pre>

<p>
in your <code>site.config.m4</code>.

</p>

<h4>Python</h4>

<p>
Python 2.2 or 2.3 is required. If you have Python 2.3 you must delete
the <code>import timeoutsocket</code> line from <code>verifier.py</code>.

</p>

<p>
Additionally the python package <code>python-dns</code> is required. Find it
<a href="http://pydns.sourceforge.net/">http://pydns.sourceforge.net</a>.

</p>

<h3>Configuration of sendmail</h3>

<p>
Include the FEATURE in your <code>sendmail.mc</code> file. You need to give two
parameters:

</p>

<pre class="example">
FEATURE(`verifysender', `mode', `return')
</pre>

<p>
For <code>mode</code> you must give either <code>white</code> or <code>black</code>.

</p>

<dl>
<dt><code>white</code></dt>
<dd>
All sender addresses but those mentioned in the whitelist
file are verified. Complete addresses or just domains can be listed in
the file. The default location of the whitelist is
<code>/etc/mail/verify-white-list</code>. If you need a different location,
define it to <code>confVERIFIER_WHITELIST</code>.
</dd>
<dt><code>black</code></dt>
<dd>
only addresses or addresses within domains listed in the
blacklist file are verified. It is obviously only useful to mention
domains in the blacklist. The default location of the blacklist is
<code>/etc/mail/verify-black-list</code>. If you need a different location,
define it to <code>confVERIFIER_BLACKLIST</code>.
</dd>
</dl>

<p>
Both the blacklist and the whitelist file are maps, they must be
created with <code>makemap</code>. Therefore the entries need a LHS (the address
or domain) and a RHS. The actual content of the RHS has NO meaning at
all.

</p>

<p>
The FEATURE defines a socket map. The default target of the map is
<code>inet:8884@127.0.0.1</code>, according to the default setting in
<code>Config.py</code>. If you need something different, define it to
<code>confVERIFIER_MAP</code>, but don't forget to also adjust <code>Config.py</code>.

</p>

<h3>Configuration of the verification daemon</h3>

<p>
The configuration of the daemon is done in the file <code>Config.py</code>.

</p>

<p>
This is the default of this file:

</p>

<pre class="example">
[Daemon]
Address: 127.0.0.1
Port: 8884
PidFile: smmapd.pid
Plugins: Verifier,Verifier2

[Logging]
ApplId: smmapd

[Verifier]
ContainerModule: VerifierHandler
ContainerClass: VerifierHandlerContainer
WorkerModule: VerifierHandler
WorkerClass: VerifierHandlerWorker
EnableCaching: 1
CacheExpiration: 20
SMTPTimeOut: 20
SMTPHeloParam: local
SMTPCheckSender: &lt;&gt;

[Verifier2]
ContainerModule: VerifierHandler
ContainerClass: VerifierHandlerContainer
WorkerModule: VerifierHandler
WorkerClass: VerifierHandlerWorker
EnableCaching: 1
CacheExpiration: 20
SMTPTimeOut: 20
SMTPHeloParam: hottis.de
SMTPCheckSender: &lt;postmaster@hottis.de&gt;</pre>

<p>
<code>Port</code> and <code>Address</code> are specifying the socket the daemon should
listen to for communication with sendmail. These settings must be
reflected in the <code>confVERIFIER_MAP</code> if you change it.

</p>

<p>
<code>SMTPTimeOut</code> is the timeout for the communication with the MX servers
when verifying addresses.

</p>

<p>
<code>SMTPHeloParam</code> is the parameter the verifier will use with the <code>HELO</code>
command when verifying.

</p>

<p>
<code>SMTPCheckSender</code> is the sender address used during
verifications. You should not change it unless you know what you do to
avoid verification loops.

</p>

<p>
Since the verification is a time and resource consuming process,
results can be cached, which is enabled by default. Set
<code>EnableCaching</code> to 0 to disable it.

</p>

<p>
<code>CacheExpiration</code> is the time in seconds an entry in the cache is
considered as valid. It should be much higher.

</p>

<h3>Operation</h3>

<p>
Configure sendmail and the daemon according to your needs. Start the
daemon:

</p>

<pre class="example">
./verifier.py
</pre>

<h3>Changes</h3>

<ul>
<li>According to a comment in comp.mail.sendmail I've introduced a class
  <code>verifier_fix_white</code> in the FEATURE file, currently containing only
  the string <code>postmaster</code>. Addresses with userpart in this class will
  never ever be verified to avoid infinite verifying loops.
</li>
</ul>

<h4>2004-05-17</h4>

<ul>
<li>support plugins
</li>
<li>separate container and worker object, thereby enable multiple
  instances of the same plugins
</li>
</ul>


    <!-- Page published by Emacs Wiki ends here -->
    <div class="navfoot">
      <hr>
      <table width="100%" border="0" summary="Footer navigation">
	<tr>
	  <td width="33%" align="left">
	    <span class="footdate">UPDATED: 2004-05-17</span>
	  </td>
	  <td width="34%" align="center">
	    <span class="foothome">
	      
	    </span>
	  </td>
	  <td width="33%" align="right">
	    
	  </td>
	</tr>
      </table>
    </div>
  </body>
</html>