\input texinfo @c -*-texinfo-*-
@smallbook
@c %**start of header
@setfilename mailfromd.info
@settitle Mailfromd
@c %**end of header
@setchapternewpage odd
@syncodeindex fn cp
@syncodeindex vr cp
@syncodeindex ky cp
@syncodeindex pg cp
@syncodeindex tp cp
@include version.texi
@include rendition.texi
@ifinfo
@dircategory Email
@direntry
* mailfromd: (mailfromd). Filter incoming mail by sender address.
@end direntry
@end ifinfo
@copying
Published by the Free Software Foundation,
51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA
Copyright @copyright{} 2005, 2006 Sergey Poznyakoff
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with the Front-Cover texts being ``Mailfromd Manual'',
and with the Back-Cover Texts as in (a) below. A copy of the license
is included in the section entitled ``GNU Free Documentation License''.
(a) The FSF's Back-Cover Text is: ``You have freedom to copy and modify
this GNU Manual, like GNU software. Copies published by the Free
Software Foundation raise funds for GNU development.''
@end copying
@titlepage
@title Mailfromd mail filter
@subtitle version @value{VERSION}, @value{UPDATED}
@author Sergey Poznyakoff.
@page
@vskip 0pt plus 1filll
@insertcopying
@end titlepage
@page
@summarycontents
@page
@contents
@node Top, Intro, (dir), (dir)
@ifinfo
@chapter Mailfromd
This edition of the @cite{Mailfromd Manual}, last updated @value{UPDATED},
documents @command{mailfromd} Version @value{VERSION}.
@end ifinfo
@menu
* Intro:: Introduction to Mailfromd.
* Overview:: How Address Verification Works.
* Limitations:: Limitations of Address Verification.
* Rate Limit:: Configuring Send Rate.
* Building:: Building the Package.
* Mailfromd Configuration:: Configuring @command{mailfromd}.
* Sendmail Configuration:: Configuring Sendmail to use @command{mailfromd}.
* Cache Database:: Managing Cache Database.
* Reporting Bugs:: How to Report a Bug.
Appendices
* Copying This Manual:: The GNU Free Documentation License.
* Concept Index:: Index of Concepts.
@end menu
@node Intro, Overview, Top, Top
@chapter Introduction to @command{mailfromd}
@command{Mailfromd} is a mail filter implementing @dfn{sender address
verification} technique. The program is designed to work with
@command{Sendmail}@footnote{See @uref{http://www.sendmail.org}} as a
@command{Milter} filter.
@dfn{Sender address verification} allows you to block a sender
address if it is not deliverable, thereby cutting off a large amount
of spam. It is also useful to block mail for undeliverable recipients,
for example on a mail relay host that does not have a list of all the
valid recipient addresses. This prevents undeliverable junk mail from
entering the queue, so that your MTA doesn't have to waste resources
trying to send @samp{MAILER-DAEMON} messages back.
@node Overview, Limitations, Intro, Top
@chapter How Address Verification Works
A sender address is verified by probing its MX servers for that
address, until one of them gives a definite (positive or negative)
reply. Let's illustrate how it works on an example:
@cindex Standard address verification
Suppose that the user @samp{<jsmith@@somedomain.net>} is trying to
send mail to one of your local users. The remote machine connects to
your MTA and issues @code{MAIL FROM: <jsmith@@somedomain.net>}
command. However, your MTA does not have to take its word for it, so
it uses @command{mailfromd} to verify the sender address
validity. @command{Mailfromd} strips the domain name from the address
(@samp{somedomain.net}) and queries DNS for MX records for that
domain. Suppose, it receives the following list
@itemize @bullet
@item 10 relay1.somedomain.net
@item 20 relay2.somedomain.net
@end itemize
It then connects to first MX server and asks it if it knows
something about user @samp{jsmith}. This is called sending a
@dfn{probe message}. If the server replies positive, the incoming mail
is accepted. Otherwise, if it replies negative the mail is
rejected. If the MX server cannot be connected, @command{mailfromd}
selects next server from the list and continues the described process
until it finds answer or the list of servers is exhausted.
The @dfn{probe message} is like a normal mail except that no data
are ever being sent. The probe message in our example might look as
follows (@samp{S:} meaning messages sent by remote MTA, @samp{C:}
meaning those sent by @command{mailfromd}):
@smallexample
C: HELO mydomain.net
S: 220 OK, nice to meet you
C: MAIL FROM: <>
S: 220 <>: Sender OK
C: RCPT TO: <jsmith@@somedomain.net>
S: 220 <jsmith@@remote.net>: Recipient OK
C: QUIT
@end smallexample
Probe messages are never delivered, deferred or bounced; they are
always discarded.
@cindex Strict address verification
The described method of address verification is called
@dfn{standard} method throughout this document. @command{Mailfromd}
also implements a method we call @dfn{strict}. When using strict
method, @command{mailfromd} first resolves IP address of sender
machine to a fully qualified domain name. Then it obtains MX records
for this machine, and then proceeds with probing as described above.
So, the difference between the two methods is in the set of MX
records that are being probed: standard method queries MXs based on
the sender email domain, strict method works with MXs for the sender
IP address.
Strict method allows to cut off much larger amount of spam,
although it does have its drawbacks. Returning to our example above,
consider the following situation: @samp{<jsmith@@somedomain.net>} is a
perfectly normal address, but it
|