smtp_cbv – SMTP Callback Verification
The smtp_cbv module allows Momentum to perform SMTP Callback Verification (CBV) in its validation process. If this module is loaded, for every inbound message, Momentum will attempt to connect back to the sender domain to determine if the sender address is valid.
The following is an example configuration:
smtp_cbv "smtp_cbv1" {
phase = "mailfrom"
mailfrom = ""
map = [
yahoo.net = "yahoo.com"
]
}
Note
This module is not currently supported in a multiple event loop configuration. Future support is planned.
The following configuration options are available:
- mailfrom
-
Specifies the mailfrom address to use in the SMTP Callback Verification. If not specified, a null sender address will be used.
- map
-
If the sending domain matches the value listed on the left hand side, Momentum will attempt SMTP CBV with the domain listed on the right hand side.T his option supports both
mailfromandrcptto. - phase
-
Specifies the SMTP phase to start SMTP Callback Verification. Valid values are
mailfromorrcptto.
The smtp_cbv module sets the following message context variable:
- smtp_cbv_result
-
If the address was verified, that is, if the remote MTA did not permanently reject the CBV attempt, the
smtp_cbv_resultvariable will be set to the stringpass. Other possible values areerrorandtransient, reflecting permanent and transient errors during the CBV attempt.You may act on the context variable from a script or from other validation modules as part of your site policy.
Using SMTP CBV can abuse a remote MTA if a large number of inbound messages are forged to look like they have been sent from a third party's domain. Exercise caution before deploying this module.