11 Φεβρουαρίου, 2008 από Sotiris Tsimbonis

milter verify from

Μετά το milter-quota, ένα ακόμα milter βασισμένο στο sample.pl του Sendmail::Milter. Χρειάζεται και το Net::LDAP.

Υποθέτει ότι έχουμε έναν authoritative LDAP με όλα τα emails για τα domains που είναι υπεύθυνος ο mail server μας. Αν κάποιος πάει να μας στείλει mail με envelope from address (από δικό μας domain) που όμως δεν υπάρχει στον LDAP, το κάνουμε REJECT. Ετσι γλιτώνουμε το spam και backscatter από πολλά malware που στέλνουν κάνοντας randomize το from address και κολάνε το domain στο τέλος..


use Net::LDAP;

sub envfrom_callback
{
        my $ctx = shift;
        my @args = @_;

        $email=@args[0]; # format is <user @dom.ain>
        $email =~ s/< (.*)>/$1/; # strip <>
        ($username, $domain) = split (/@/, $email);
        #print "username=$username domain=$domain\n";

        $ldap = Net::LDAP->new("ldapserver");
        $ldap->bind("cn=postmaster,ou=sendmail,dc=mail", password=>"xxxx");
        $mesg = $ldap->search(filter=>"(sendmailMTAClassValue=$domain)",
                 base=>"sendmailMTAClassName=LDAPRoute,ou=classes,ou=sendmail,dc=mail");
        @entries = $mesg->entries;

        if (@entries) { # domain exists in our LDAP
                #print "domain $domain exists in our LDAP, so perform user lookup\n";
                $mesg2 = $ldap->search(filter=>"(mailLocalAddress=$username\@$domain)",
                        base=>"ou=$domain,ou=hosted,dc=mail");
                @entries2 = $mesg2->entries;

                if (@entries2) { # user exists in ldap
                        #print "address $username\@$domain exists in ldap. accept.\n";
                        return SMFIS_CONTINUE;
                } else {
                        #print "address $username\@$domain does not exist in ldap. reject.\n";
                        $ctx->setreply('550', '5.7.1', "Reject: your From address $email does not exist."); #rfc3463
                        return SMFIS_REJECT;
                }
        } else { # domain is not in our LDAP
                #print "domain $domain does not exist in LDAP. accept.\n";
                return SMFIS_CONTINUE;
        }
}

Αλλα παρόμοια milters:

LdapVfrom-milter by Angelos Karageorgiou.
milter-sender by SnertSoft.

2 Replies to “milter verify from”

Ο/Η panos λέει:

13 Φεβρουαρίου, 2008 στο 1:34 μμ

Καθολου ασχημη η ιδεα σου, αλλα για καθε smtp connection στο mail to: θα πρεπει να εχεις κανει implement αυτο το «milter». Αυτο συμενει spawn του perl binary ανα smtp, καλεσμα βιβλιοθηκων κτλ κτλ. Σιγουρα θα εχεις μικροτερο προβλημα με τη queue σου και τα bounce, αλλα μπορεις να εχεις περισοτερα smtp dos. Το καλυτερο ειναι να παρεις το patch qmail-ldap το οποιο εχει αυτο ακριβως το κωδικα στο smtp level και να τον κανεις πορτ για το sendmail!

Η ακομα καλυτερα για να γλυτωσεις δουλεια να βαλεις qmail σαν πρωτο layer smtp-in! ;-)

Με πιο απλα λογια, γραφτο σε ansi C βρε ψευτο-unixa :D

Απάντηση
Ο/Η Angelos Karageorgiou λέει:

30 Ιουνίου, 2008 στο 1:04 μμ

Yperoxo, apla yperoxo, kalh douleia ! Εαν το είχα δεί νωρίτερα το sample.pl δέν θα το έγραφα σε C ….

Κάνε το REJECT configurable για να μπορείς να το παίζεις και σε συνταγές spamassassin !

ciao.

Απάντηση

Σχολιάστε Ακύρωση απάντησης

Γράψτε το σχόλιο σας εδώ....

Εισάγετε τα παρακάτω στοιχεία ή επιλέξτε ένα εικονίδιο για να συνδεθείτε:

Ηλ. διεύθυνση (απαιτείται) Δεν θα εμφανιστεί δημόσια.

Όνομα (απαιτείται)

Ιστότοπος

Σχολιάζετε χρησιμοποιώντας τον λογαριασμό WordPress.com. ( Αποσύνδεση / Αλλαγή )

Σχολιάζετε χρησιμοποιώντας τον λογαριασμό Twitter. ( Αποσύνδεση / Αλλαγή )

Σχολιάζετε χρησιμοποιώντας τον λογαριασμό Facebook. ( Αποσύνδεση / Αλλαγή )

Ακύρωση

Σύνδεση με %s

follow me on twitter

RT @hsoc: Merry Christmas @hellasdirect 🎅🎄 https://t.co/V7xxbjw9YS 1 year ago

RT @bad_packets: It's not DNS There's no way it's DNS It was DNS twitter.com/BleepinCompute… 1 year ago

RT @PowerDNS_Bert: Dear EU: Cyber security is important, but please don’t #RuinTheRoot by regulating the non-essential entities that run th… 1 year ago

RT @_argp: BugTraq Shutdown, end of an era: "At this time, resources for the BugTraq mailing list have not been prioritized, and this will… 2 years ago

RT @jpmens: IT WASN’T DNS twitter.com/atoonk/status/… 2 years ago

RT @fanf: “For the first time, nginx is in use by more web-facing computers than any other web server, including Apache” https://t.co/rscQy… 2 years ago

RT @skaragiannis: In case you missed it https://t.co/X3FUqYZYqZ 2 years ago

RT @QuinnyPig: The best part about this question is that (aside from the third answer's "single digit millisecond latency") I can make it d… 3 years ago

RT @ripencc: Today, at 15:35, we made our final /22 IPv4 allocation from the last remaining addresses in our available pool. We have now ru… 3 years ago

RT @hellasdirect: Sotiris Tsimbonis, our infrastructure and automation lead, has been with us from day 1. Today, we are proud to see him ex… 3 years ago

Follow @stsimb

Linux Weekly News

X.org vulnerability and releases

The X.Org project has announced a vulnerability in its X server and Xwayland (CVE-2023-1393). This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. [...] If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a da […]

jake

[$] The trouble with MODULE_LICENSE() in non-modules

The kernel's hierarchical maintainer model works quite well from the standpoint of allowing thousands of developers to work together without (often) stepping on each others' toes. But that model can also make life painful for developers who are trying to make changes across numerous subsystems. Other possible source of pain include changes related […]

corbet

Stable kernels 6.2.9, 6.1.22, 5.15.105, and 5.4.239

Greg Kroah-Hartman has announced the release of the 6.2.9, 6.1.22, 5.15.105, and 5.4.239 stable kernels. The latter (5.4.239) has single patch to fix the permissions of a selftest file, while the other three have a lengthy list of important fixes throughout the kernel tree.

jake

Security updates for Thursday

Security updates have been issued by Debian (xorg-server and xrdp), Fedora (mingw-python-certifi, mingw-python3, mingw-zstd, moodle, python-cairosvg, python-markdown-it-py, redis, xorg-x11-server, and yarnpkg), Slackware (mozilla and xorg), SUSE (grub2, ldb, samba, libmicrohttpd, python-Werkzeug, rubygem-rack, samba, sudo, testng, tomcat, webkit2gtk3, xorg-x […]

jake

[$] LWN.net Weekly Edition for March 30, 2023

The LWN.net Weekly Edition for March 30, 2023 is available.

corbet

[$] Rebecca Giblin on chokepoint capitalism

The fourth and final keynote for Everything Open 2023 was given by Professor Rebecca Giblin of the Melbourne Law School, University of Melbourne. It revolved around her recent book, Chokepoint Capitalism, which she wrote with Cory Doctorow; it is "a book about why creative labor markets are rigged — and how to unrig them". Giblin had planned to be […]

jake

[$] OpenSUSE MicroOS Desktop: a Flatpak-based immutable distribution

Immutable Linux distributions are on the rise recently, with multiple popular distributions creating their own immutable versions; it could be one of the trends of 2023, as predicted. While many of these immutable distributions are focused on server use, there are also some that offer a desktop experience. OpenSUSE MicroOS Desktop is one of them, with a mini […]

jake

Stenberg: Pre-notification dilemmas

Curl maintainer Daniel Stenberg expresses some frustrations with the vulnerability notification policies maintained by the distros mailing list. The week before we were about to ship the curl 8.0.0 release, I emailed the distros mailing list again like I have done so many times before and told them about the upcoming six(!) vulnerabilities we were about to r […]

corbet

Security updates for Wednesday

Security updates have been issued by Debian (unbound and xorg-server), Fedora (stellarium), Oracle (kernel), SUSE (apache2, oracleasm, python-Werkzeug, rubygem-loofah, sudo, and tomcat), and Ubuntu (git, kernel, and linux-hwe-5.19).

corbet

[$] Ubuntu stops shipping Flatpak by default

Canonical recently announced that it will no longer ship Flatpak as part of its default installation for the various official Ubuntu flavors, which is in keeping with the practices of the core Ubuntu distribution. The Flatpak package format has gained popularity among Linux users for its convenience and ease of use. Canonical will focus exclusively on its ow […]

jake

	Michail στη Ελληνικά ή Αγγλικά;
	adamo στη Ελληνικά ή Αγγλικά;
	Michail στη Ελληνικά ή Αγγλικά;
	Michail στη Ελληνικά ή Αγγλικά;
	cvi going distribute… στη version control for important…
	bilias στη It’s a girl!
	Sotiris Tsimbonis στη It’s a girl!
	kioan στη It’s a girl!
	kzorba στη It’s a girl!
	Sotiris Tsimbonis στη It’s a girl!

Share this:

Μου αρέσει αυτό:

Σχετικά

2 Replies to “milter verify from”

Σχολιάστε Ακύρωση απάντησης