You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Norman Maurer (JIRA)" <se...@james.apache.org> on 2006/05/25 20:31:29 UTC
[jira] Created: (JAMES-510) Check for valid RCPT before accept
email
Check for valid RCPT before accept email
----------------------------------------
Key: JAMES-510
URL: http://issues.apache.org/jira/browse/JAMES-510
Project: James
Type: New Feature
Reporter: Norman Maurer
Assigned to: Norman Maurer
We should try to check for the existens of the recipient before accept the email. Accepting emails with invalid recipient is a bad thing.
Maybe we could also create a new commandhandler for this which checks a special sql table,virtual user table and userstore. So this feature can be used for rejecting such emails also when use as relay.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
re: Check for valid RCPT before accept email
Posted by "Noel J. Bergman" <no...@devtech.com>.
Does it make sense to track how many valid & invalid addresses are provided for a message, and allow a threshold to consider that spam?
Although not as frequently as in the past, I still see messages coming in with dictionary attacks, e.g.,
RCPT <na...@domain.tld>
RCPT <ne...@domain.tld>
RCPT <no...@domain.tld>
RCPT <no...@domain.tld>
and perhaps one of those happens to have a hit. It might be nice to reject it because all of the others failed.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
[jira] Resolved: (JAMES-510) Check for valid RCPT before accept
email
Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.
[ http://issues.apache.org/jira/browse/JAMES-510?page=all ]
Norman Maurer resolved JAMES-510.
---------------------------------
Resolution: Fixed
> Check for valid RCPT before accept email
> ----------------------------------------
>
> Key: JAMES-510
> URL: http://issues.apache.org/jira/browse/JAMES-510
> Project: James
> Issue Type: New Feature
> Reporter: Norman Maurer
> Assigned To: Norman Maurer
> Fix For: 3.0
>
>
> We should try to check for the existens of the recipient before accept the email. Accepting emails with invalid recipient is a bad thing.
> Maybe we could also create a new commandhandler for this which checks a special sql table,virtual user table and userstore. So this feature can be used for rejecting such emails also when use as relay.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
[jira] Resolved: (JAMES-510) Check for valid RCPT before accept
email
Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.
[ http://issues.apache.org/jira/browse/JAMES-510?page=all ]
Norman Maurer resolved JAMES-510.
---------------------------------
Fix Version/s: 3.0
Resolution: Fixed
> Check for valid RCPT before accept email
> ----------------------------------------
>
> Key: JAMES-510
> URL: http://issues.apache.org/jira/browse/JAMES-510
> Project: James
> Issue Type: New Feature
> Reporter: Norman Maurer
> Assigned To: Norman Maurer
> Fix For: 3.0
>
>
> We should try to check for the existens of the recipient before accept the email. Accepting emails with invalid recipient is a bad thing.
> Maybe we could also create a new commandhandler for this which checks a special sql table,virtual user table and userstore. So this feature can be used for rejecting such emails also when use as relay.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
[jira] Reopened: (JAMES-510) Check for valid RCPT before accept
email
Posted by "Norman Maurer (JIRA)" <se...@james.apache.org>.
[ http://issues.apache.org/jira/browse/JAMES-510?page=all ]
Norman Maurer reopened JAMES-510:
---------------------------------
Norman Maurer wrote:
> Noel J. Bergman wrote:
>>> private void checkValidRcpt(SMTPSession session) {
>>> MailAddress rcpt =
session.getState().getSMTPSession.CURRENT_RECIPIENT);
>>> boolean invalidUser = true;
>>>
>>> if (session.getConfigurationData().getUsersRepository()
>>> .contains(rcpt.getUser()) == true
>>> || recipients.contains(rcpt.toString().toLowerCase())
>>> || domains.contains(rcpt.getHost().toLowerCase())) {
>> Check to see if you are doing virtual user mapping, and map the user
>> first; THEN do the check. And if there is a valid mapping, then I
>> would consider that to imply a valid user for remote purposes, so
>> that we don't have to deal with adding domains for mapped forwarding
>> addresses.
> Can you explain a bit more ? I not understand what exactly you want to do.
Well, we can optimize the order for performance, but for clarity, I had in
mind something like:
if ((mapping && map(rcpt) != null) // there is a valid mapping
// or there is a local POP3 box of this name
// --- BUT IT COULD BE WRONG, so allow disabling
|| (useRepository &&
(session.getConfigurationData().getUsersRepository().contains(rcpt.getUser()
) == true))
// explicit, and most likely fake, recipient, e.g., a mailing list
address
|| (recipients != null &&
recipients.contains(rcpt.toString().toLowerCase()))
// explicit domain, e.g., one for which we merely forward
|| (domains != null &&
domains.contains(rcpt.getHost().toLowerCase()))) {
invalidUser = false;
}
NOTA BENE: the mapping code needs to make be aware of "error:" and similar
strings that can be in the target field, and do NOT imply a successful
mapping.
We might want to restructure the code to keep the mapping result so that we
don't need to map it again in the pipeline, although we don't want to expose
the mapping in the Received: header we'll generate. Therefore, perhaps it
would be best to put virtual mapping into a RCPT handler that is inserted in
the handler chain before the ValidRcptHandler, and which can short-circuit
the chain in the event of an invalid recipient.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org
> Check for valid RCPT before accept email
> ----------------------------------------
>
> Key: JAMES-510
> URL: http://issues.apache.org/jira/browse/JAMES-510
> Project: James
> Issue Type: New Feature
> Reporter: Norman Maurer
> Assigned To: Norman Maurer
> Fix For: 3.0
>
>
> We should try to check for the existens of the recipient before accept the email. Accepting emails with invalid recipient is a bad thing.
> Maybe we could also create a new commandhandler for this which checks a special sql table,virtual user table and userstore. So this feature can be used for rejecting such emails also when use as relay.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org