#!/bin/bash # # Andrew's kick-ass chkrcpt script for qmail+vpopmail # Author: aschwabe@gmail.com # # This script makes qmail check for the existance of a user before email is accepted. # Will check vpopmail accounts, and look for .qmail* files to determine real accounts. # Logs all checks in the /var/log/maillog, and then refers to it to throttle spammers. set -- $RECIPIENT set -- $SENDER MY_TEST="" #echo `whoami` if [ "$RECIPIENT" == "" ]; then # uncomment these lines and the "echo" lines throughout to test at the command line #echo "sender:" #read SENDER #echo "recipient:" #read RECIPIENT exit 100 fi # email sender addresses explicitly allowed: allowed[1]="soundoff3@iexp.com" allowed[2]="soundoff3@iexp.net" for index in 1 2 do if [ "$SENDER" == "${allowed[index]}" ]; then /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : ok (sender explicitly allowed: ${allowed[index]})" exit 0 fi done USERPART=`echo "$RECIPIENT" |cut -d@ -f1` DOMAIN=`echo "$RECIPIENT" |cut -d@ -f2` # We reject any emails with more than one @ sign THIRDPART=`echo "$RECIPIENT" |cut -d@ -f3` if [ "$THIRDPART" != "" ]; then #echo "Invalid username - multiple or no @ signs" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : illegal username" exit 100 fi # We reject any emails with ! in the name EXCL_CHECK=`echo $USERPART |grep '!' >/dev/null 2>&1; echo $?|grep "1" > /dev/null 2>&1 ; echo $?` if [ "$EXCL_CHECK" == "1" ]; then #echo "Invalid username" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : illegal username" exit 100 fi # We reject any emails with a percent sign in the name PERCENT_CHECK=`echo $USERPART |grep '%' >/dev/null 2>&1; echo $?|grep "1" > /dev/null 2>&1 ; echo $?` if [ "$PERCENT_CHECK" == "1" ]; then #echo "Invalid username" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : illegal username" exit 100 fi # We reject if this sender has had 3 or more bad recipients recently if [ "$SENDER" != "" ]; then SPAMMER_CHECK=`tail -n800 /var/log/maillog|grep vchkrcpt|grep $SENDER |grep 'bounce-no-mailbox'|wc -l` #echo 'result of spammer check:' #echo $SPAMMER_CHECK if [ "$SPAMMER_CHECK" -gt "2" ]; then #echo "Too many invalid recipients. Mail will not be accepted." /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : spammer=bounce-no-mailbox" exit 100 fi fi # check for valid account MY_TEST=`/home/vpopmail/bin/vuserinfo -d $RECIPIENT |/usr/bin/head -n1` if [ "$MY_TEST" == "" ] || [ "${MY_TEST:0:7}" == "no such" ]; then # it wasn't a real pop user, so check if its an alias MY_TEST=`/home/vpopmail/bin/valias $RECIPIENT|/usr/bin/head -n1` # if the address has a dash in it, re-build a default alias address USER_ALIAS_CHECK=`echo $USERPART |grep '\-' >/dev/null 2>&1; echo $?|grep "1" > /dev/null 2>&1 ; echo $?` if [ "$USER_ALIAS_CHECK" == "1" ]; then ALIAS_USERPART=`echo $USERPART | cut -d - -f1` ALIAS_USERPART=$ALIAS_USERPART"-default" ALIAS_RECIPIENT=$ALIAS_USERPART"@"$DOMAIN MY_TEST2=`/home/vpopmail/bin/valias $ALIAS_RECIPIENT|/usr/bin/head -n1` else MY_TEST2="" fi if [ "$MY_TEST" != "" ]; then # this is a valid alias #echo "valid alias" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : alias ok" exit 0 elif [ "$MY_TEST2" != "" ]; then # this is a valid user alias #echo "valid user-alias" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : user-alias ok" exit 0 else # look for a .qmail-default file, and see it if has a real account in it DEFAULT_RECIPIENT="default@"$DOMAIN #echo "default recipient = $DEFAULT_RECIPIENT" DEFAULT_BOUNCE=`/home/vpopmail/bin/valias $DEFAULT_RECIPIENT | /usr/bin/head -n1|grep bounce-no-mailbox \ >/dev/null 2>&1; echo $? |grep "1" > /dev/null 2>&1 ; echo $?` #echo "DEFAULT_BOUNCE result = $DEFAULT_BOUNCE" if [ "$DEFAULT_BOUNCE" == "1" ]; then #echo ".qmail-default = bounce" #echo "invalid recipient" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : catchall=bounce-no-mailbox" exit 100 fi DEFAULT_DELETE=`/home/vpopmail/bin/valias $DEFAULT_RECIPIENT | /usr/bin/head -n1|grep ' delete' \ >/dev/null 2>&1; echo $? |grep "1" > /dev/null 2>&1 ; echo $?` #echo "DEFAULT_DELETE result = $DEFAULT_DELETE" if [ "$DEFAULT_DELETE" == "1" ]; then #echo ".qmail-default = delete" #echo "invalid recipient" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : catchall=delete" exit 100 fi MY_TEST=`/home/vpopmail/bin/valias $DEFAULT_RECIPIENT | /usr/bin/head -n1` #echo "ALIAS DEFAULT result = $MY_TEST" if [ "$MY_TEST" == "" ]; then #echo "invalid recipient (no default alias)" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : catchall=none" exit 100 else #echo "valid recipient (.qmail-default)" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : catchall=ok" exit 0 fi fi else #echo "valid mailbox" /usr/bin/logger -p mail.info -t vchkrcpt "mail from <$SENDER> to <$RECIPIENT> : account ok" exit 0 fi