HSL Mail Recipient
The Mail Recipient extension to the HSL is used when designing flows handling the MAIL FROM/RCPT TO stage of an SMTP session. This script is executed once for each recipient. The result of the execution, such as Accept(), Reject() or Defer(), is given to the sender. If a scripting error occurs Defer() will be called.
Contents |
Pre-defined variables
These are the read-only pre-defined SMTP-derived variables that mailpolicyd makes available for each RCPT TO-request.
| Name | Example | Description |
|---|---|---|
| $sender | "test@example.com" | E-mail address of sender |
| $senderdomain | "example.com" | Domain part of sender address |
| $recipient | "user@example.com" | E-Mail address of recipient |
| $recipientdomain | "example.com" | Domain part of recipient address |
| $senderip | "10.0.0.1" | IP address of the sending server/client |
| $senderhelo | "mail.example.com" | HELO message of sender |
| $serverid | "mailserver:1" | ID of the incoming listener. |
| $transportid | "mailtransport:1" | ID of the outgoing transport to be used listener. |
| $saslauthed | false | Value of true if the SMTP session is SASL-authenticated |
| $saslusername | "mailuser" | Current authenticated user, or empty |
Context-specific functions
Most of the usable functions for Mail Authentication flows are core functions. These are the functions made available by the mailpolicyd process specifically to handle MAIL FROM/RCPT TO commands.
Blacklist()
This function will do a blacklist check against the user managed blacklist configured in the quarantine.
| Result | Description |
|---|---|
| -1 | Error |
| 0 | Neutral |
| 1 | Blacklisted |
if (Blacklist() == 1) {
Reject("Blacklisted");
}
Accept()
If you want to accept a recipient, use the function Accept(). This is a final action, the execution of the script will terminate after a final action.
Accept();
Reject($reason)
If you want to permanently reject a user (5xx error). This is a final action, the execution of the script will terminate after a final action.
if (!in_file($recipient, "file://users.txt"))
{
Reject("User Unknown");
}
Defer($reason)
If you want to temporary reject a user (4xx error). Should be used to indicate temporary errors. This is a final action, the execution of the script will terminate after a final action.
// This example is NOT a good practice :)
$time = number(strftime("%H"));
if ($time < 8 and $time > 16)
{
Defer("Mail server closed! (open between 8-17");
}
Code examples
This code verifies (but un-cached) if a users exists on the back-end mail server before accepting the user. This is the preferred way of accepting recipients, to avoid back-scatter.
switch(smtp_lookup_rcpt("mailtransport:1", $sender, $recipient)) {
case 1:
Accept();
break;
case 0:
Reject("Unknown User");
break;
case -1:
Defer("Temporary Error");
break;
}
Rejects mail based on SPF result
if (spf($senderip, $senderhelo, $sender) == 100)
Reject("SPF Violation");
