Mail::MtPolicyd::Plugin::SMTPVerify - mtpolicyd plugin for remote SMTP address checks


version 2.05


This plugin can be used to do remote SMTP verification of addresses.


To check if the recipient exists on a internal relay and mailbox is able to receive a message of this size:

  <Plugin smtp-rcpt-check>
    module = "SMTPVerify"
    host = ""
    sender_field = "sender"
    recipient_field = "recipient"
    # send SIZE to check quota
    size_field = "size"

    temp_fail_action = "defer %MSG%"
    perm_fail_action = "reject %MSG%"

Do some very strict checks on sender address:

  <Plugin sender-sender-check>
    module = "SMTPVerify"

    # use a verifiable address in MAIL FROM:
    sender = "horst@mydomain.tld"
    recipient_field = "sender"
    no_starttls_action = "reject sender address does not support STARTTLS"
    temp_fail_action = "defer sender address failed verification: %MSG%"
    perm_fail_action = "reject sender address does not accept mail: %MSG%"

Or do advanced checking of sender address and apply a score:

  <Plugin sender-sender-check>
    module = "SMTPVerify"

    # use a verifiable address in MAIL FROM:
    sender = "horst@mydomain.tld"
    recipient_field = "sender"
    check_tlsa = "on"
    check_openpgp = "on"

    temp_fail_score = "1"
    perm_fail_score = "3"

    has_starttls_score = "-1"
    no_starttls_score = "5"
    has_tlsa_score = "-3"
    has_openpgp_score = "-3"

Based on the score you can later apply greylisting or other actions.



The module takes the following parameters:

(uc_)enabled (default: on)

Enable/disable this check.

host (default: empty)

If defined this host will be used for checks instead of a MX.

port (default: 25)

Port to use for connection.

check_tlsa (default: off)

Set to 'on' to enable check if an TLSA record for the MX exists.

This requires that your DNS resolver returns the AD flag for DNSSEC secured records.

check_openpgp (default: off)

Set to 'on' to enable check if an OPENPGPKEY records for the recipients exists.

sender_field (default: recipient)

Field to take the MAIL FROM address from.

sender (default: empty)

If set use this fixed sender in MAIL FROM instead of sender_field.

recipient_field (default: sender)

Field to take the RCPT TO address from.

size_field (default: size)

Field to take the message SIZE from.

perm_fail_action (default: empty)

Action to return if the remote server returned an permanent error for this recipient.

The string "%MSG%" will be replaced by the smtp message:

  perm_fail_action = "reject %MSG%"
temp_fail_action (default: empty)

Like perm_fail_action but this message is returned when an temporary error is returned by the remote smtp server.

  temp_fail_action = "defer %MSG%"
perm_fail_score (default: empty)

Score to apply when a permanent error is returned for this recipient.

temp_fail_score (default: empty)

Score to apply when a temporary error is returned for this recipient.

has_starttls_score (default: emtpy)
no_starttls_score (default: emtpy)

Score to apply when the smtp server of the recipient announces support for STARTTLS extension.

has_tlsa_score (default: empty)
no_tlsa_score (default: empty)

Score to apply when there is a TLSA or no TLSA record for the remote SMTP server.

has_openpgp_score (default: empty)
no_openpgp_score (default: empty)

Score to apply when a OPENPGPKEY record for the recipient exists or not exists.


Markus Benning <>


This software is Copyright (c) 2014 by Markus Benning <>.

This is free software, licensed under:

  The GNU General Public License, Version 2, June 1991