NAME

Mail::MtPolicyd::Plugin::SMTPVerify - mtpolicyd plugin for remote SMTP address checks

VERSION

version 2.03

DESCRIPTION

This plugin can be used to do remote SMTP verification of addresses.

Example

To check if the recipient exists on a internal relay and mailbox is able to recieve a message of this size:

  <Plugin smtp-rcpt-check>
    module = "SMTPVerify"
    
    host = "mail.company.internal"
    sender_field = "sender"
    recipient_field = "recipient"
    # send SIZE to check quota
    size_field = "size"

    temp_fail_action = "defer %MSG%"
    perm_fail_action = "reject %MSG%"
  </Plugin>

Do some very strict checks on sender address:

  <Plugin sender-sender-check>
    module = "SMTPVerify"

    # use a verifiable address in MAIL FROM:
    sender = "horst@mydomain.tld"
    recipient_field = "sender"
    no_starttls_action = "reject sender address does not support STARTTLS"
    temp_fail_action = "defer sender address failed verification: %MSG%"
    perm_fail_action = "reject sender address does not accept mail: %MSG%"
  </Plugin>

Or do advanced checking of sender address and apply a score:

  <Plugin sender-sender-check>
    module = "SMTPVerify"

    # use a verifiable address in MAIL FROM:
    sender = "horst@mydomain.tld"
    recipient_field = "sender"
    check_tlsa = "on"
    check_openpgp = "on"

    temp_fail_score = "1"
    perm_fail_score = "3"

    has_starttls_score = "-1"
    no_starttls_score = "5"
    has_tlsa_score = "-3"
    has_openpgp_score = "-3"
  </Plugin>

Based on the score you can later apply greylisting or other actions.

Configuration

Parameters

The module takes the following parameters:

(uc_)enabled (default: on)

Enable/disable this check.

host (default: empty)

If defined this host will be used for checks instead of a MX.

port (default: 25)

Port to use for connection.

check_tlsa (default: off)

Set to 'on' to enable check if an TLSA record for the MX exists.

This requires that your DNS resolver returnes the AD flag for DNSSEC secured records.

check_openpgp (default: off)

Set to 'on' to enable check if an OPENPGPKEY records for the recipients exists.

sender_field (default: recipient)

Field to take the MAIL FROM address from.

sender (default: empty)

If set use this fixed sender in MAIL FROM instead of sender_field.

recipient_field (default: sender)

Field to take the RCPT TO address from.

size_field (default: size)

Field to take the message SIZE from.

perm_fail_action (default: empty)

Action to return if the remote server returned an permanent error for this recipient.

The string "%MSG%" will be replaced by the smtp message:

  perm_fail_action = "reject %MSG%"
temp_fail_action (default: empty)

Like perm_fail_action but this message is returned when an temporary error is returned by the remote smtp server.

  temp_fail_action = "defer %MSG%"
perm_fail_score (default: empty)

Score to apply when a permanent error is returned for this recipient.

temp_fail_score (default: empty)

Score to apply when a temporary error is returned for this recipient.

has_starttls_score (default: emtpy)
no_starttls_score (default: emtpy)

Score to apply when the smtp server of the recipient announces support for STARTTLS extension.

has_tlsa_score (default: empty)
no_tlsa_score (default: empty)

Score to apply when there is a TLSA or no TLSA record for the remote SMTP server.

has_openpgp_score (default: empty)
no_openpgp_score (default: empty)

Score to apply when a OPENPGPKEY record for the recpient exists or not exists.

AUTHOR

Markus Benning <ich@markusbenning.de>

COPYRIGHT AND LICENSE

This software is Copyright (c) 2014 by Markus Benning <ich@markusbenning.de>.

This is free software, licensed under:

  The GNU General Public License, Version 2, June 1991