NAME

Qmail::Deliverable - Determine deliverability of local addresses

SYNOPSIS

In a qpsmtpd plugin:

use Qmail::Deliverable ':all';

return DECLINED if not qmail_local $recip;
return DECLINED if deliverable $recip;
return DENY, "Who's that?";

Probably also pretty useful:

my $dot_qmail_filename = dot_qmail 'foo@example.com';

DESCRIPTION

qmail-smtpd does not know if a user exists. Lots of resources are wasted by scanning mail for spam and viruses for addresses that do not exist anyway, including the annoying backscatter or outscatter phenomenon.

A replacement smtpd written in Perl could use this module to quickly verify that a local email address is (probably) actually in use. Qmail::Delivery uses the same logic that qmail itself (in qmail-send/lspawn/local) uses.

Bundled software

This module comes with a daemon program called qmail-deliverabled and a module called Qmail::Deliverable::Client that provides access to qmail_local and deliverable through via daemon. Typically, the daemon runs as the root user, and the client is used by the unprivileged smtpd.

Functions

All documented functions are exportable, and a tag :all is available for convenience.

Note that addresses and local user names must be in user@domain form, just like qmail internally uses. Comments, angle brackets, etcetera, must be stripped before you pass the address to these functions. Addresses and local user names may not begin with a dot, have two subsequent dots, have a dot before or after the @, have a dot at the beginning, or have any characters that are not in rfc2822's atext definition, with the exception of at most one "@". Given an invalid address, a warning is emitted and an empty list or undef is returned. A single dot at the end is allowed but ignored.

qmail_local $address

Returns the local qmail user for $address, or undef if the address is not local.

Returns $address if it does not contain an @. Returns the left side of the @ if the right side is listed in /var/qmail/control/locals. Returns the left side of the @, prepended with the right prepend string, if the right side is listed in /var/qmail/control/virtualdomains.

qmail_user $address
qmail_user $local

Returns a list of $user, $uid, $gid, $homedir, $dash, $ext according to /var/qmail/users/assign or qmail-getpw.

dot_qmail $address
dot_qmail $user, $uid, $gid, $homedir, $dash, $ext

Returns the relevant dot-qmail filename for the given user info. Returns an empty string if a bare ".qmail" (without extension) does not exist, because that needs to be treated specially (defaultdelivery). Returns undef when the given $address is not local, and when no dot-qmail file was found.

No string validation is done if more than one argument is passed.

deliverable $address
deliverable $local

Returns true if the address is locally deliverable (or temporarily undeliverable), according to rules described in dot-qmail. Also returns true if deliverability could not be determined.

The system default delivery method, and mailbox, maildir, and forward instructions in dot-qmail files, are assumed to always succeed.

Possible return values are:

0x00   Not deliverable

0x11   Deliverability unknown: permission denied for any file
0x12   Deliverability unknown: qmail-command called in dot-qmail file

0x21   Temporarily undeliverable: group/world writable
0x22   Temporarily undeliverable: homedir is sticky

0xf1   Deliverable, almost certainly
0xf2   Deliverable, vdelivermail: directory or catch all exists

0xfe   vpopmail (vdelivermail) detected but no domain was given
0xff   Domain is not local

(These values are, currently, not bitmasks. Do not treat them as such.)

Status 0x12 is returned if any command is found in a dot-qmail file, regardless of its position relative to mailbox, maildir, and forward instructions.

A special case exists for vpopmail. If a dot-qmail file and calls (on the first line) a program with "vdelivermail" in the command name, then 0x00 or 0xf2 is returned. 0x00 is returned if the line also contains "bounce-no-mailbox" and no directory exists by the name of the local part of the address. For this to work, the full address (including @domain) must be given.

reread_config

Re-reads the config files /var/qmail/control/locals, /var/qmail/control/virtualdomains, and /var/qmail/users/assign.

CAVEATS

This module does NOT support user-ext characters other than hyphen (dash). i.e. ".qmail+default" is not supported.

The "percent hack" is not considered.

Although vpopmail's vdeliver is special cased, normally if you have a catch-all .qmail-default and let a program do all the work, this module cannot determine deliverability in a useful way, because it would need to execute the program.

Addresses are lower cased before comparison, but having upper cased user names or domain names in configuration may or may not work.

This module is relatively new and has not been used in production for a very long time.

CDB files are not supported yet. The plain text source files are used.

This is not a replacement for existing relay checks. You still need those.

Don't forget to escape @ as \@ when testing with double quoted strings.

PERFORMANCE

The server on which I benchmarked this, easily reached 10_000 deliverability checks per second for assigned/virtual users. Real users are much slower because they are checked with qmail-getpw: around 200 checks per second. For my needs, this is still plenty fast enough. If you need it faster, you can use qmail-pw2u to build a users/assign file.

UNICODE SUPPORT

This module refuses non-ASCII data. If anyone out there actually uses non-ASCII data or control characters in their mail configuration, I'd like to learn about the circumstances. Please email me.

LEGAL

This software is released into the public domain, and does not come with warranty or guarantee of any kind. Use it at your own risk.

AUTHOR

Juerd Waalboer <#####@juerd.nl>