Environment

chkuser works with qmail 1.03 or netqmail 1.05, and vpopmail > 5.3.*.

External database libraries used by vpopmail are automatically integrated.

Recipients checked

chkuser checks, at SMTP level, if the message is going to be delivered to valid recipients, otherwise the message is rejected.

Recipients checked:

accounts (vpopmail accounts)
aliases (.qmail format)
aliases (valias format)
EZMLM mailing lists
mailman mailing lists

Additional checkings

Additionally, other checks may be done:

valid format of sender address
valid MX domain of sender address
valid format of recipient address
valid MX domain of recipient address
check if recipient has bouncing flag enabled

RFC 2476: Submission port

chkuser may help dedicating a port (like 587) to receive only authenticated SMTP traffic.

Tarpitting and logging

chkuser performs customized tarpitting and logging actions:

delay on wrong recipients
delay on wrong senders
give always error if too much wrong recipients have been used
give always error if too much recipients have been used
define initial delay time
define increments of delay for each additional wrong recipient
logging of accepted/rejected senders
logging of accepted/rejected recipients
logging of accepted/rejected senders
logging of additional informations on systems and users trying to deliver

Safe security model

Checking of users, aliases and mailing-lists requires qmail-smtpd running as vpopmail user.

qmail-smtpd, patched with chkuser, may run in secure mode, switching between qmaild and vpopmail users (so running as vpopmail only when needed); it may also be started directly as vpopmail, for compatibility with SSL patches.

Further customizations

chkuser may also be customized to:

check for user's quota
accept user extensions on recipients (ex. TMDA)
accept further characters in sender address
be enabled in several ways, in order to be usable by maildrop or other delivery agents not compatible woth vdeliver, or to be enabled always despite of single domains settings.