Writing a script for a mailserver

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

This is a project I haven't had any experience with, so rather than looking for scripts or exact examples on how this is done, I'm just looking for ideas and how I would go about something like this. Don't leave a message saying "Why don't you go with a premade system" or "Don't do it" or "You can't do this", I'm looking for replies which aid me in the development of this application, not steer me away.

I am writing a mail script for a server (not sure which server yet), but the basic object of this program is to:
1) For the first time ANY email address emails ANY user on the mail server (anyone *@mydomain.com)
2) The autoreply will be an text-image writer, much like Yahoo! and other big companies use so people can't automate their forms. The user is required to type in this validation key and the form submits back to this script and tells the server "Okay, this is a real email address.. let it through"
3) Send an email (if the user isn't verified) to the recipient with a generic. "A user named $name tried to email you a message on $date that was $emailsize kb in size. The email will be delivered once their email account is verified".

Basically, this is a kill-all spam disallowing ANY user to email a person at my domain until they verify their account through a web form which generates image keys.

My questions:
1) How do I write a script for a mail server? I can write Perl/CGI scripts for the most part without a problem, but I have never had to deal with this before. How do I force a mail server to use this script for each email it recieves?
2) What dependencies are there? What information do I need to know about the mailserver/server it's running on before looking deeper into this project?
3) Is Image::Magick the best way to go for the image-text writer? Thanks for your help everyone.

Comment on Writing a script for a mailserver

Replies are listed 'Best First'.
Re: Writing a script for a mailserver by toma (Vicar) on Jan 18, 2004 at 19:00 UTC
On a basic unix/linux mail server, you create a file called `.forward` in your home directory. All mail can then be run through a program as specified in this file. Since this feature of unix can be used for mischief, many systems only allow you to only use a restricted set of programs as the filter. This is not a problem as long as a program called `procmail` is on the approved list. You can easily hook up your program so that procmail will run your perl program. See the docs for procmail. Also, procmail can help with some other problems that you might run into, such as the need to do file locking. Image::Magick is a reasonable choice, it should work. The challenge will be to get some people to read your response. I receive many mail bounces like the ones that you want to create, but I filter them out, because they are aimed at spammers who have forged a return address that ends up getting forwarded to me. To deal with the large number of these, I use aggressive mail filters that remove almost all such autoreplies. It should work perfectly the first time! - toma	[reply] [d/l] [select]
Re: Writing a script for a mailserver by pg (Canon) on Jan 18, 2004 at 18:29 UTC
"What dependencies are there? What information do I need to know about the mailserver/server it's running on before looking deeper into this project?" If I am doing this, the first thing I will try to find out is whether your mail server provides interface to user programs, and allows you to easily hook your own customization with it. (It might not be stated in any document, but still doable. Eventually, you may find that, the most practical way is to trap its communication thru socket programming.) Technically speaking, those things you are trying to do are not difficult, but if there is no way to hook your program, then all your effort will be wasted. So consult your mail server documentation first, or do some investigation. If the mail server is home made, or you have the source code, your life would be much easier.	[reply]
Re: Writing a script for a mailserver by CountZero (Bishop) on Jan 18, 2004 at 20:08 UTC
I once implemented a similar system on a Mercury mailserver and PegasusMail mailreader. Not so sophisticated as you are planning, but similar in idea: a "human" must send back a response to the challenge issued by the mailserver before mail was allowed through. The amount of abuse this has generated was appaling. Few of the people who mailed me even read my friendly message asking them to send an email to a certain address to verify they were not spammers. Most of them took heavy umbrage of their precious emails not being allowed in without further ado. I finally discarded this system for a classic automated filtering approach. So be prepared that few users will appreciate your efforts. CountZero "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law	[reply]
Re: Re: Writing a script for a mailserver by Anonymous Monk on Jan 19, 2004 at 03:26 UTC
Consider also that if you're coding for a commercial application you may be running afoul of accessibility laws, by only allowing non-blind persons to email you.	[reply]
Re: Writing a script for a mailserver by elwarren (Priest) on Jan 19, 2004 at 22:17 UTC
You could use the ImagePwd module (available on CPAN) to generate the password image for you. Checkout the procmail website. They have links right off the frontpage to their faqs and tips and tricks, which have recipes for similar ideas you want to implement. There are recipes there for responding only to the first email as well as maintaining a killfile and even password reply authentication systems. Everyone here has already expressed their concerns about a project like this, so I won't repeat them. Looking at the procmail page it occurred to me that people that maintain subscriber-only mailling lists have already dealt with this problem. You sign up for a mailing list, the ask you to verify your address somehow, and after that only subscribers are allowed to post to the mailling list. Along the same lines, how will you handle notifications and mailling-list type messages that don't have humans behind them to reply? I suppose you could add them to your subscription list by hand... How will you know that the address that's attempting to sign up isn't somebody else's address, thus making you spam somebody else that doesn't want it? What will you do with messages from people that haven't authenticated yet? Send them right to /dev/null? I'm sure half of my family members "just wouldn't get it." and all of my friends would refuse to sign up, cuz that's what your buddies are for :-) I'd make a simple procmail filter that moves all of your unauthenticated mail into a junk folder, leaving only the good messages in your inbox. Procmail can do this by password on subject line or by a list of valid users. Then you could empty that folder on a weekly or monthly basis. Your only perl portion would be generating the password image, you'd never see anything you didn't want, and you could recover a message you may be expecting or let it die a silent death. Good luck.	[reply]
Re: Writing a script for a mailserver by MidLifeXis (Monsignor) on Jan 19, 2004 at 18:04 UTC
This is CRM (Challenge / Response mail), which is starting to be compared to spam, because it does not scale, it places the burden of spam detection on other, possibly innocent, bystanders. Please search the archives of spam-l, or n.a.n.e.a or n.a.n.e for further information. See also Re: (OT) Fighting spam. Otherwise, best of luck to you. --MidLifeXis	[reply]