\input texinfo @c -*-texinfo-*-
@smallbook
@c %**start of header
@setfilename mailfromd.info
@settitle Mailfromd
@c %**end of header
@setchapternewpage odd
@syncodeindex fn cp
@syncodeindex vr cp
@syncodeindex ky cp
@syncodeindex pg cp
@syncodeindex tp cp
@include version.texi
@include rendition.texi
@ifinfo
@dircategory Email
@direntry
* mailfromd: (mailfromd). Filter incoming mail by sender address.
@end direntry
@end ifinfo
@copying
Published by the Free Software Foundation,
51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA
Copyright @copyright{} 2005, 2006 Sergey Poznyakoff
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no
Invariant Sections, with the Front-Cover texts being ``Mailfromd Manual'',
and with the Back-Cover Texts as in (a) below. A copy of the license
is included in the section entitled ``GNU Free Documentation License''.
(a) The FSF's Back-Cover Text is: ``You have freedom to copy and modify
this GNU Manual, like GNU software. Copies published by the Free
Software Foundation raise funds for GNU development.''
@end copying
@titlepage
@title Mailfromd mail filter
@subtitle version @value{VERSION}, @value{UPDATED}
@author Sergey Poznyakoff.
@page
@vskip 0pt plus 1filll
@insertcopying
@end titlepage
@page
@summarycontents
@page
@contents
@node Top, Intro, (dir), (dir)
@ifinfo
@chapter Mailfromd
This edition of the @cite{Mailfromd Manual}, last updated @value{UPDATED},
documents @command{mailfromd} Version @value{VERSION}.
@end ifinfo
@menu
* Intro:: Introduction to Mailfromd.
* Overview:: How Address Verification Works.
* Limitations:: Limitations of Address Verification.
* Rate Limit:: Configuring Send Rate.
* Building:: Building the Package.
* Mailfromd Configuration:: Configuring @command{mailfromd}.
* Sendmail Configuration:: Configuring Sendmail to use @command{mailfromd}.
* Cache Database:: Managing Cache Database.
* Reporting Bugs:: How to Report a Bug.
Appendices
* Copying This Manual:: The GNU Free Documentation License.
* Concept Index:: Index of Concepts.
@end menu
@node Intro, Overview, Top, Top
@chapter Introduction to @command{mailfromd}
@command{Mailfromd} is a mail filter implementing @dfn{sender address
verification} technique. The program is designed to work with
@command{Sendmail}@footnote{See @uref{http://www.sendmail.org}} as a
@command{Milter} filter.
@dfn{Sender address verification} allows you to block a sender
address if it is not deliverable, thereby cutting off a large amount
of spam. It is also useful to block mail for undeliverable recipients,
for example on a mail relay host that does not have a list of all the
valid recipient addresses. This prevents undeliverable junk mail from
entering the queue, so that your MTA doesn't have to waste resources
trying to send @samp{MAILER-DAEMON} messages back.
@node Overview, Limitations, Intro, Top
@chapter How Address Verification Works
A sender address is verified by probing its MX servers for that
address, until one of them gives a definite (positive or negative)
reply. Let's illustrate how it works on an example:
@cindex Standard address verification
Suppose that the user @samp{<jsmith@@somedomain.net>} is trying to
send mail to one of your local users. The remote machine connects to
your MTA and issues @code{MAIL FROM: <jsmith@@somedomain.net>}
command. However, your MTA does not have to take its word for it, so
it uses @command{mailfromd} to verify the sender address
validity. @command{Mailfromd} strips the domain name from the address
(@samp{somedomain.net}) and queries DNS for MX records for that
domain. Suppose, it receives the following list
@itemize @bullet
@item 10 relay1.somedomain.net
@item 20 relay2.somedomain.net
@end itemize
It then connects to first MX server and asks it if it knows
something about user @samp{jsmith}. This is called sending a
@dfn{probe message}. If the server replies positive, the incoming mail
is accepted. Otherwise, if it replies negative the mail is
rejected. If the MX server cannot be connected, @command{mailfromd}
selects next server from the list and continues the described process
until it finds answer or the list of servers is exhausted.
The @dfn{probe message} is like a normal mail except that no data
are ever being sent. The probe message in our example might look as
follows (@samp{S:} meaning messages sent by remote MTA, @samp{C:}
meaning those sent by @command{mailfromd}):
@smallexample
C: HELO mydomain.net
S: 220 OK, nice to meet you
C: MAIL FROM: <>
S: 220 <>: Sender OK
C: RCPT TO: <jsmith@@somedomain.net>
S: 220 <jsmith@@remote.net>: Recipient OK
C: QUIT
@end smallexample
Probe messages are never delivered, deferred or bounced; they are
always discarded.
@cindex Strict address verification
The described method of address verification is called
@dfn{standard} method throughout this document. @command{Mailfromd}
also implements a method we call @dfn{strict}. When using strict
method, @command{mailfromd} first resolves IP address of sender
machine to a
|