NAME

check_user - lookup existing recipients (users) in a database

DESCRIPTION

Enable user-level validation of addresses so that qpsmtpd can readily bounce invalid messages at the smtp level.

It does this by looking up the recipient address resp. user and host part of the email address in a database.

The inspiration of this module comes from a mailer setup with qpsmtpd and exim, where exim is used to manage virtual accounts in a database as described on http://flakey.info/mailserver/ or http://www.xmn-berlin.de/~marte/exim/exim4.conf.php

go top

CONFIGURATION

/etc/qpsmtpd/plugins

In the main configuration file the line check_user must be placed before the line rcpt_ok, because it returns only DENY, DECLINED or DENYSOFT but never OK.

After changing the configuration in /etc/qpsmtpd/check_user, qpsmtpd must be restartet, because the connection to the database and the preparing of the SQL statements takes place on startup. The connection to the database server is hold open resp. uses auto reconnect (MySQL).

On errors in /etc/qpsmtpd/check_user, missing database connection etc. qpsmtpd won't start.

/etc/qpsmtpd/check_user

All following entries must be present:

driver=driver name

By now it's only tested with driver=mysql

database=database name

The name of your database, e.g. database=maildb

user=user name

User to log into database.

passwd=[password]

Database password - can be empty, depending on your database configuration (listening only on localhost etc.)

email_table=table name

The name of the table to look up the email address.

domain_table=table name

The name of the table to look up the domain part of the email address. It can be the same table as email_table but using another field.

email_address=field name

email_user=field name

email_domain=field name

These entries tell check_user which database fields to use for the lookup in the table email_table.

If the field email_address is given, email_user and email_domain are ignored and vice versa.

domain_domain=field name

This entry tells check_user which database field to use for the lookup in the table domain_table.

How the fields are used

An example should make this clear. Given recipient address: 'user@domain.de':

        email_address   lookup 'user@domain.de' in email_table  1)
resp.
        email_user      lookup 'user'           in email_table  2)
        email_domain    lookup 'domain.de'      in email_table  2)
and
        domain_domain   lookup 'domain.de'      in domain_table
                1) ignored, if email_user and email_domain defined in config
                2) ignored, if email_address defined in config

The resulting SQL queries are:

        SELECT count(*) AS `success` FROM `$email_table`
                WHERE `$email_address`='user@domain.de';
resp.
        SELECT count(*) AS `success` FROM `$email_table`
                WHERE `$email_user`='user' AND `$email_domain`='domain.de';
and
        SELECT count(*) AS `success` FROM `$domain_table` WHERE `$domain_domain`='domain.de';

go top

RESULT VALUES

The result values are the same as for qpsmtpd plugins:

DENYSOFT

reject temporarily the message with a "4xx Internal error - try later" response.

This will happen on errors, e.g.: The database server went down after start of qpsmtpd.

DENY

reject the message with a "5xx Address '...@...' doesn't exist on this server" response.

The message will be denied, if the domain is one of ours, but the user can't be found.

DECLINED

no decision whether the message should be accepted or rejected.

Following lines could be found in the log using debug logging:

 Local address '...@...'   if the email address belongs to a virtual user of our domain(s)
 Foreign address '...@...' if the email address is not in our domain(s)

The message will be passed on to the next plugin, e.g. rcpt_to, which will decide whether relaying is allowed or not.

go top