HCI Data Ltd
Qpsmtpd Plugins
Home Internet tools
 

First of all, I will not give details of qpsmtpd as there is already some documentation about it.

Briefly, qpsmtpd is a very easy to install and very easy to customise SMTP receiver. It achieves customisation by using plugins at key points of a SMTP session. These plugins can be written in PERL.

Sample Qpsmtpd Plugin to Reduce Spam Being Received

There are many anti-spam plugins for qpsmtpd. Each one takes a different approach. The approach by this plugin is to identify e-mail addresses that are only used by spammers and to reject the whole e-mail.

Type of Spam E-Mail Processed

Often a spammer will send a single e-mail to a recipient host with multiple recipient (RCPT) addresses on that host. If you are lucky, one of those addresses will be one that a spammer has made up. Or you may have created a honey-pot e-mail address that was picked up by spammers when they were harvesting web pages for anything that looked like an e-mail address. I will call both types of e-mail address a "honey-pot e-mail address". This plugin will look for the "honey-pot e-mail address" and reject the e-mail so that neither the "honey-pot e-mail address" nor any other e-mail addresses on the e-mail will get the spam.

Traditional Processing - The Problem

Normally, when an e-mail arrives, any invalid RCPT addresses are notified back to the sender with a status code. However, if some e-mail addresses appear valid, the e-mail will still get through to the valid e-mail addresses.

Qpsmtp Plugin Processing - The Solution

As each "RCPT TO" command is processed, a note will be made should any RCPT be a "honey-pot e-mail address". When the sender is ready to send data, it sends a "DATA" command. Should any "honey-pot e-mail address" have been noted then the SMTP server will reject the "DATA" command.

Qpsmtp Plugin Processing - The Code - check_verybadrcptto


# Copyright (C) 2006 Phil Hobson, HCI Data Ltd - www.hcidata.info

# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in
# the Software without restriction, including without limitation the rights to
# use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
# of the Software, and to permit persons to whom the Software is furnished to do
# so, subject to the following conditions:

# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

# NAME check_verybadrcptto
#
# This plugin helps other users when a spammer sends e-mails to several addresses, most of which are valid.
#
# Overall Logic:
#
# read qmail's "Very Bad RCPT To" file get the list of addresses (honeypots?) who only receive spam
# decline to do anything when given a recipient address but make a note if the recipient is in the "Very Bad RCPT To" list
# DENY the sending of data if a note of a recipient in the "Very Bad RCPT To" list was made
#
# NOTE
#       This MUST go before any other plugin that can DENY a RCPT address.
#
#       If this goes after such a plugin that has DENIED the RCPT address, then our "hook_rcpt" will not be run
#       and so we do not make a note to reject the whole e-mail as spam.
#       If there were multiple RCPT addresses, the e-mail may get through to other RCPT addresses.
#
#       If our hook_rcpt is run first, we make a note to reject the whole e-mail as spam and any other plugins can
#       run and send any other status codes to the sending system.
#       Even if there are more RCPT addresses that have not been DENIED, we have noted that the e-mail is spam and
#       will stop the data being received.
#
# Installation notes are at http://www.hcidata.info/qpsmtpd.htm

use Qpsmtpd::DSN;
use strict;

sub hook_rcpt {
  my ($self, $transaction, $recipient) = @_;
  return (DECLINED) unless $recipient->host && $recipient->user;  # there is no point continuing if we haven't got enough to work with!

  my @verybadmailto = $self->qp->config('verybadrcptto')  # there is no point continuing if we haven't got a "Very Bad RCPT To" list
    or return (DECLINED);

  my $userhost = lc $recipient->user . '@' .$recipient->host;

  for my $bad (@verybadmailto) {
    $bad =~ s/^\s*(\S+)\s*/$1/;
    next unless lc $bad eq $userhost;
    $self->log(LOGNOTICE,"$userhost is such a bad recipient that no data will be allowed to be sent");
    $transaction->notes('verybadrcptto',
       "sorry, one or more of the recipients has flagged this e-mail as unsolicited bulk/commercial " .
       "e-mail which is contrary to our acceptable e-mail use policy");
    last;
  }
  return (DECLINED);    # we are not going to do anything now.  We will take action later.
}

sub hook_data {
  my ($self, $transaction) = @_;
  my $note = $transaction->notes('verybadrcptto');
  return (DECLINED) unless $note;

  $self->log(LOGNOTICE,$note);
  sleep 1;              # may as well slow the spammer down a bit.
  return Qpsmtpd::DSN->media_unsupported("$note - spam score exceeded threshold");
}

Installation of check_verybadrcptto in qpsmtpd

  1. Cut and paste (see Note 2) the above code into a file ~/qmsmtp/plugins/check_verybadrcptto (or where ever your plugins are kept)
  2. Create a file in the qmail control directory (e.g. /var/qmail/control/verybadrcptto)
  3. Add entries in /var/qmail/control/verybadrcptto in the same manner as /var/qmail/control/badrcptto
  4. Add "check_verybadrcptto" to ~/qmsmtp/config/plugins before any other plugin that can reject a RCPT (see note 1)

Installation Note for check_verybadrcptto

Note 1: The crux of this plugin is that the "hook_rcpt" routine has to be run in order for this plugin to do its work. If this plugin goes after another plugin that can DENY or OK a RCPT address, then our "hook_rcpt" routine will not be run. Note that we do not DENY the RCPT in the "hook_rcpt" routine - this is to allow other plugins to do whatever they want.

Note 2: If you try to extract the code from the web page's source, watch out for any & in the source that will need changing to &

If you found this plugin useful, please create a link to this page so that other can benefit from it. If you found an error in it, please contact me. My e-mail address can be found on the contact page - I am Phil.




HCI Data Ltd is a member of the Federation of Small Businesses
Last Updated: Saturday, 23-Jan-2016
HCI Data Ltd.