Validate incoming mails recipients against defined target MX before accepting them.
This plugin lets you define delivery routes based on target domain and will probe the target MX for recipients validity before accepting to relay the mail.
Recipient validation is done by connecting to target MX via SMTP and checking that it accepts the recipient, using EHLO, MAIL FROM and RCPT TO commands. This is kinda similar as what Postfix's Recipient address verification provides.
The validation result is then stored in a redis cache for a configurable amount of time. While this is optional, it is highly recommended as it will lower pressure on the target MXes.
In order to successfully use this plugin, you will need:
- A working Haraka instance (obviously)
- Haraka Outbound mail enabled and configured
- A list of the domains you want to route mails for and their target MXes
cd /path/to/local/haraka
npm install haraka-plugin-recipient-routes-probe
echo "recipient-routes-probe" >> config/plugins
service haraka restart
Copy the sample config file from the distribution into your haraka config dir and then modify them:
cp node_modules/haraka-plugin-recipient-routes-probe/config/recipient-routes-prob*.ini config/
The plugin is configured via two configuration files:
- The main plugin configuration file
config/recipient-routes-probe.ini
; Optional redis configuration for this particular plugin
; Defaults to global Haraka redis plugin configuration
[redis]
;host=127.0.0.1
;port=6379
;password=changeme
;database=0
; SMTP probe settings (default: 5 seconds)
[probe]
;timeout=5
; Redis caching settings
[cache]
;enabled=true
;ttl=86400
;negative_ttl=300
- The list of target domains and their MXes
config/recipient-routes-probe-domains.ini
; Format is domain.tld=protocol://target_mx:target_port
cooldomain.com=smtp://somemx.example.com:25
nicedomain.com=lmtp://192.168.0.10:24
; If protocol is omitted, it defaults to smtp
greatdomain.com=othermx.example.com:25s to smtp
somedomain.com=mx.example.com:25
Cached redis entries consists of redis keys in the format of probe:[email protected]
.
The value of the redis key contains the result code (numeric value of either OK
, DENY
, DENYSOFT
code) associated with the message returned by the target MXes.
Additionally, the keys are given a time to live in seconds, configurable in [cache]
section of main config file.
Redis will then automatically expire keys that are older than their TTL in order to maintain fresh clean cache.
You can of course list and delete entries from the cache manually, if you need to. Below an example with redis-cli
select 0
127.0.0.1:6379[0]> KEYS probe:*
1) "probe::[email protected]"
2) "probe::[email protected]"
3) "probe::[email protected]"
4) "probe::[email protected]"
127.0.0.1:6379[0]> DEL probe::[email protected]
(integer) 1
Written by Sébastien Riccio. Most of the code is outrageously inspired by Matt Simerson's recipient-routes plugin though. Thanks !