stop qmail from accepting email to non-existent users

[silver]

there are probably other ways to do and better but this way I like as it's simple and I wrote some Perl code

firstly my install of qmail is setup (quite badly!) to accept email to anything@domainname - which over the last year has meant increasing amounts of spam to non-existent email accounts,. this is not the recommended way to config qmail so most of the following deals with my strange setup

what I wanted was a simple way to black-list certain email addresses (e.g. webmaster@domainname) rather than creating a white-list of email addresses which were valid, I tend to make up an email address each time I sign up to something new which helps me determine where spam comes from and allows me to filter email based on the 'To' header

enter Magic SMTPD - it's open source and free to use,. there's a pay-for version with more features but for what I need the open source one is cool

it's a drop-in replacement for the smtpd that comes with qmail and you can install it and it'll work just the same as qmail did before,. where it gets neat is when you start using the new config options..

on mine (debian) I have newly created a /etc/magic-mail/ with 'control' and 'scripts' directories

in control I have 'check_valid_users' file with '1' and an file called 'ext_check_user_prog' with '/etc/magic-mail/scripts/check-user.pl'

below is my check-user.pl file - note you might want to change this and check for yourself it is not in some way harmful

Code:

#!/usr/bin/perl



use constant WHITE_LIST => (

#
# add in specific addresses at a domain where the blacklist would
# otherwise cause it to be denied
#

"^account\@example.com",

                           );



use constant BLACK_LIST => (

"^account",
"^admin",
"^advertising\@",
"^billing\@",
"^contact\@",
"^domains\@",
"^feedback\@",
"^guest\@",
"^help\@",
"^home\@",
"^info\@",
"^mail\@",
"^majordomo\@",
"^root\@",
"^sales\@",
"^service\@",
"^support\@",
"^technical\@",
"^uucp\@",
"^webmaster\@",

# whole domains black-listed

"\@example\.co",

                           );

use constant USER_EXISTS => 0;
use constant NO_SUCH_USER => 1;

my $sRawTO = $ARGV[0];

my $sFile = "/tmp/check-user.txt";
my $sTimeStamp = scalar(localtime(time));

my $iStatus = ::USER_EXISTS;
my $fWhiteFound = 0;


###############################################
# see if matching TO exists in the WHITE_LIST #
###############################################


foreach my $sWhiteFilter (::WHITE_LIST) {
  if($sRawTO =~ /$sWhiteFilter/) {
    $fWhiteFound = 1;
    last; #jump loop
  }
}


if($fWhiteFound) {
  #continue
} else {

  #check against BLACK_LIST
  foreach my $sBlackFilter (::BLACK_LIST) {
    if($sRawTO =~ /$sBlackFilter/) {
      $iStatus = ::NO_SUCH_USER;
      last; #jump loop
    }
  }
}


if(open(FILE, ">>" . $sFile)) {
  if(::USER_EXISTS == $iStatus) {
    print FILE "USER_EXISTS [$sTimeStamp] WhiteFound [$fWhiteFound] RawTO [$sRawTO]\n";
  } else {
    my $iRandWaitPeriodMax = 20;
    my $iWaitPeriod = int(rand($iRandWaitPeriodMax));
    $iWaitPeriod += 10; #bump the rand number to make everyone wait 
    sleep $iWaitPeriod;
    print FILE "NO_SUCH_USER [$sTimeStamp] RawTO [$sRawTO] slept [$iWaitPeriod]\n";
  }
}

exit $iStatus;

basically allows you to fail the inbound mail at the point where spammers try to send it,. I've been using the approach for about 6 months and my spam level has dropped massivly,. of course it's not a great approach to deal with made up or random 'To' addresses but IME it is effective (blocking around 1 email every 2 minutes average 24/7)

would like to hear about other approaches for stopping the delivery of spam at the SMTP level, I would like the makers of magic-smtpd to provide a similar method to script a check for certain inbound IP addresses so I could create my own black-lists - I suspect there are other methods to do this with qmail?

Sil

edit - jus noticed a logic error in the code, could argue it should still sleep when it can't open the logfile but lifes too short

[silver]

I started to get a lot of spam to one of the valid email address that I need to keep working..

I had a look at the ENV that is set when the check-user script is called, as if by magic it contains the IP address of the MTA that is connecting to the mailserver - v handy

$ENV{"TCPREMOTEIP"}

armed with that I have added in a GREY_LIST - on those I do a reverse lookup and check for patterns such as NN.NN.NN.NN / NN-NN-NN-NN which tend to indicate dynamic IP address and also check the sending domain (if it's not one of the well known ones com/co.uk/etc) or has no reverse setup I can refuse it at connect time,. v cool