HOW TO: On-the-fly Disposable/Catchall Addresses with Blacklisting
Posted: 2016-02-29 13:19
(Take Note: This script is tested on 5.6.x but untested on version Hmailserver 5.7. Although I dont envisage any compatibility problems, pending modifications to 5.7 regarding 'routes' may alter the functional effectiveness and need script modification. https://github.com/hmailserver/hmailserver/issues/74. 2 May 2016.)
INTRODUCTION
On-the-fly Disposable Addresses
"On-the-fly" disposable addresses allow you to use disposable addresses without the need to *set up* these addresses on Hmailserver first. This means that users simply register the chosen new address with the company/website just by supplying it to them as your preferred email address.
Disposable addresses allow you to have individual email addresses for your individual contacts. They are linked to your main email address but this main address remains secret from those contacts. It's similar to setting up a separate address to give to a particular contact/website/company and then using a filter to redirect it to your main account when you receive an email from them. Unlike regular email addresses, however, they are 'disposable' and can be terminated without fear of affecting your main email address.
This script provides the function of 'On-the-fly Disposable and Catchall Addresses with Blacklisting' for Hmailserver. They are 'disposable' by placing the unwanted/disposed address on a Blacklist. Any emails sent to the blacklisted addresses will be REJECTED at SMTP point of delivery. By rejecting at delivery, it might even serve to help remove the addresses of lists further helping their reduction in frequency. A further benefit is that no rules are needed to handle such emails.
Benefits
Disposable addresses are specifically beneficial in that:
a, it reveals your real 'main account' (which gives you problems if it gets compromised or on the 'wrong type of list')
b, the format means that abusers can send in anything they want knowing it is likely to be received.
Further information can be found by simply Googling "disposable addresses" and "plus addressing".
Examples of using Disposable Addresses
Imagine you are registering your contact details to a new company website or contact (and your business domain is 'mycompany.com'):
DHL Ltd: you could register with 'dhl@mycompany.com'
Pens Office Stationery Ltd: you could register with 'pens@mycompany.com'
Acme Ltd: you could give them your contact address as 'acme@mycompany.com'
In all cases, those contacts would contact you on the addresses given but you will receive their emails in to your main user account that you nominate as the 'catchall' account (eg, "purchasing@mydomain.com") but the email contact doesnt get to see this main account address.
Attention:
By it's nature (and also similar to 'plus-addressing'), the feature uses a 'Catchall' account. This means that all emails that is not addressed to a valid 'main account' in the specific domain in Hmailserver will be still accepted and placed in to the nominated 'catchall' account. Some have reservations about using 'catchall' accounts and believe that they may attract unwanted spam. The good news is my system below utilises a 'blacklist' so that you can add any email addresses that you frequently receive unwanted mail from and prevent them from being received. In the interest of balance, I can tell you I have been using this system for 4 years and have only had to blacklist 3 non-declared addresses.
Note to CATCHALL account users
If you currently already use a CATCHALL account, then this script gives you the additional benefit of applying a blacklist of chosen addresses.
IMPLEMENTATION
Note that the setup is on a 'per DOMAIN' basis and that only ONE account can be nominated as the receiving account for all disposable addresses coming in to that domain. However, with the addition of RULES you can further filter and distribute the emails to different users. You can also nominate a PUBLIC mode distribution list as the nominated receiving main account address which in turn will distribute the email to its nominated members.
The feature utilises the 'distribution list' facility to maintain the blacklist thereby allowing administrator control of blocking addresses. The 'Members' tab will contain the blacklist of addresses. (The distribution list is not actually used as a sendout 'distribution list' - you must keep its name secret from users to avoid it being referred to).
Three easy steps to set up:
1, Set up a Distribution List (which ultimately will contain the blacklist of addresses):
IMPORTANT: On line 3 of the script, you must change your Hmailserver administrator password accordingly.
3, Set up a dummy ROUTE. (This is required to avoid certain 'quirks' of Hmailserver and allows the script to work. Note that the route will not actually be used or route any email anywhere). Actions:
INSTRUCTIONS TO USE
Once in place and all enabled, users can simply state anything they choose as their choice of email address for that contact (without the need for it to be set up first). Remember that all disposable addresses issued will be received in to the real main account specified as your catchall account (in 1d above).
Any email address that is no longer required and you wish to stop receiving under can be blacklisted by entering the address under the DisposableBlacklist 'Members' tab. Any disposable address entered in here will be REJECTED from delivery. Note: this also applies to local users attempting to send to a blacklisted address (their 'send' will be rejected at the email client connection stage). All addresses entered must be in the form "user@maindomain.com". Do NOT enter addresses to any alias addresses such as "user@aliasdomain.com" and expect it to work.
In order to keep a track or 'hit rate' of blacklisted addresses being sent in, the script writes an entry in to the 'Hmailserver_EVENTS.log' (headed as "SMTP - DISPOSABLE BLACKLIST......)"
If you would like the emails to be further filtered and distributed to various internal users based on the incoming email address (so that they don't all appear in the single nominated main 'catchall' account), then you can use RULES within HMS to forward the emails accordingly. You may find this thread here with useful tips on using REGEXP to manage this easily.
It should be noted that there are a number of usernames for email addresses that spambots regularly attempt to send spam in to as they think they are most likely to exist on a domain. For example, "contact@yourdomain.com" or "info@yourdomain.com". Unless you are a user of these addresses within your business/domain, I recommend you start by adding these addresses to the blacklist from the outset. These words include: 'contact', 'sales', 'info', 'webmaster', 'enquiry', 'office', 'admin', 'fax' and 'test'. There may be others that become apparent as you go on. (I have results on confirming the limited risk of using catchall here: https://www.hmailserver.com/forum/viewt ... 64#p185264 - in short: Over 28 days I received only 23 spam emails in total coming in on invalid addresses (being caught by catchall), and they all came in to the same five email addresses; five is nothing compared to the benefits of using this routine).
The code
Add this to the bottom of EVENTHANDLERS.VBS
Now add the call "DisposableBlacklist(oMessage)" to the "OnSMTPData" and "OnDeliveryStart" subsections with EVENTHANDLERS.VBS:
eg,
v3.1
INTRODUCTION
On-the-fly Disposable Addresses
"On-the-fly" disposable addresses allow you to use disposable addresses without the need to *set up* these addresses on Hmailserver first. This means that users simply register the chosen new address with the company/website just by supplying it to them as your preferred email address.
Disposable addresses allow you to have individual email addresses for your individual contacts. They are linked to your main email address but this main address remains secret from those contacts. It's similar to setting up a separate address to give to a particular contact/website/company and then using a filter to redirect it to your main account when you receive an email from them. Unlike regular email addresses, however, they are 'disposable' and can be terminated without fear of affecting your main email address.
This script provides the function of 'On-the-fly Disposable and Catchall Addresses with Blacklisting' for Hmailserver. They are 'disposable' by placing the unwanted/disposed address on a Blacklist. Any emails sent to the blacklisted addresses will be REJECTED at SMTP point of delivery. By rejecting at delivery, it might even serve to help remove the addresses of lists further helping their reduction in frequency. A further benefit is that no rules are needed to handle such emails.
Benefits
Disposable addresses are specifically beneficial in that:
- * You are able to use the address for individual contacts
* You can identify from who the email is from purely from the incoming address as it appears in your email client without the need to read the email contact first.
* If the disposable address begins to get abused (due to uncontrollable marketing or spam) you can immediately 'dispose' (delete) of it without affecting any of your other contacts/registrations, and also you are able to identify with which company/contact the address got abused or compromised with.
* Unlike 'plus-addressing' the format of the email does not advertise it as 'write anything you want' address as it is in standard format 'words@domain.com'.
a, it reveals your real 'main account' (which gives you problems if it gets compromised or on the 'wrong type of list')
b, the format means that abusers can send in anything they want knowing it is likely to be received.
Further information can be found by simply Googling "disposable addresses" and "plus addressing".
Examples of using Disposable Addresses
Imagine you are registering your contact details to a new company website or contact (and your business domain is 'mycompany.com'):
DHL Ltd: you could register with 'dhl@mycompany.com'
Pens Office Stationery Ltd: you could register with 'pens@mycompany.com'
Acme Ltd: you could give them your contact address as 'acme@mycompany.com'
In all cases, those contacts would contact you on the addresses given but you will receive their emails in to your main user account that you nominate as the 'catchall' account (eg, "purchasing@mydomain.com") but the email contact doesnt get to see this main account address.
Attention:
By it's nature (and also similar to 'plus-addressing'), the feature uses a 'Catchall' account. This means that all emails that is not addressed to a valid 'main account' in the specific domain in Hmailserver will be still accepted and placed in to the nominated 'catchall' account. Some have reservations about using 'catchall' accounts and believe that they may attract unwanted spam. The good news is my system below utilises a 'blacklist' so that you can add any email addresses that you frequently receive unwanted mail from and prevent them from being received. In the interest of balance, I can tell you I have been using this system for 4 years and have only had to blacklist 3 non-declared addresses.
Note to CATCHALL account users
If you currently already use a CATCHALL account, then this script gives you the additional benefit of applying a blacklist of chosen addresses.
IMPLEMENTATION
Note that the setup is on a 'per DOMAIN' basis and that only ONE account can be nominated as the receiving account for all disposable addresses coming in to that domain. However, with the addition of RULES you can further filter and distribute the emails to different users. You can also nominate a PUBLIC mode distribution list as the nominated receiving main account address which in turn will distribute the email to its nominated members.
The feature utilises the 'distribution list' facility to maintain the blacklist thereby allowing administrator control of blocking addresses. The 'Members' tab will contain the blacklist of addresses. (The distribution list is not actually used as a sendout 'distribution list' - you must keep its name secret from users to avoid it being referred to).
Three easy steps to set up:
1, Set up a Distribution List (which ultimately will contain the blacklist of addresses):
- a, Under the chosen domain, choose "Distribution Lists"
b, Create a new list called "DisposableBlacklist"
c, Tick "ANNOUNCEMENTS - only allow messages from the following:"
d, Enter your chosen real main receiving account address in the email address box (ie, your chosen 'catchall' account that will be receiving the emails). Note this can also be a valid PUBLIC 'mode' distribution list address (for multiple copies delivered to several main accounts listed as its members).
e, Ensure that 'ENABLED' is ticked.
f, Save
g, if you already have a CATCHALL account enabled (in "DOMAINS - Advanced tab") then REMOVE it.
IMPORTANT: On line 3 of the script, you must change your Hmailserver administrator password accordingly.
3, Set up a dummy ROUTE. (This is required to avoid certain 'quirks' of Hmailserver and allows the script to work. Note that the route will not actually be used or route any email anywhere). Actions:
- a, in SETTINGS - PROTOCOLS - SMTP - Routes, click 'Add' (to add a new route).
b, Enter the following values:- "Domain": enter your actual domain this applies to (eg, "yourdomain.com"). This is essential to match your domain.
"Target SMTP host": you can enter dummy information here. Recommendation: "127.0.0.1". Note: an entry is NEEDED but will never be used. (Entering 127.0.0.1 or 'localhost' will help in avoiding errors in the case of incorrect configuration due to an absent 'Announcement Address' in 1d above.)
IMPORTANT: If you operate an 'alias' domain (as found in the NAMES tab of your real domain), and you choose to accept disposable addresses to this alias domain then you must also create a dummy route for the Alias domain too. Remember that the 'user@' part is what is tested and will be checked against the main domain address BlackList. - "Domain": enter your actual domain this applies to (eg, "yourdomain.com"). This is essential to match your domain.
INSTRUCTIONS TO USE
Once in place and all enabled, users can simply state anything they choose as their choice of email address for that contact (without the need for it to be set up first). Remember that all disposable addresses issued will be received in to the real main account specified as your catchall account (in 1d above).
Any email address that is no longer required and you wish to stop receiving under can be blacklisted by entering the address under the DisposableBlacklist 'Members' tab. Any disposable address entered in here will be REJECTED from delivery. Note: this also applies to local users attempting to send to a blacklisted address (their 'send' will be rejected at the email client connection stage). All addresses entered must be in the form "user@maindomain.com". Do NOT enter addresses to any alias addresses such as "user@aliasdomain.com" and expect it to work.
In order to keep a track or 'hit rate' of blacklisted addresses being sent in, the script writes an entry in to the 'Hmailserver_EVENTS.log' (headed as "SMTP - DISPOSABLE BLACKLIST......)"
If you would like the emails to be further filtered and distributed to various internal users based on the incoming email address (so that they don't all appear in the single nominated main 'catchall' account), then you can use RULES within HMS to forward the emails accordingly. You may find this thread here with useful tips on using REGEXP to manage this easily.
It should be noted that there are a number of usernames for email addresses that spambots regularly attempt to send spam in to as they think they are most likely to exist on a domain. For example, "contact@yourdomain.com" or "info@yourdomain.com". Unless you are a user of these addresses within your business/domain, I recommend you start by adding these addresses to the blacklist from the outset. These words include: 'contact', 'sales', 'info', 'webmaster', 'enquiry', 'office', 'admin', 'fax' and 'test'. There may be others that become apparent as you go on. (I have results on confirming the limited risk of using catchall here: https://www.hmailserver.com/forum/viewt ... 64#p185264 - in short: Over 28 days I received only 23 spam emails in total coming in on invalid addresses (being caught by catchall), and they all came in to the same five email addresses; five is nothing compared to the benefits of using this routine).
The code
Add this to the bottom of EVENTHANDLERS.VBS
Code: Select all
Function DisposableBlackList(oMessage)
Dim k, i, j, D, A, R, E, aUsername, oApp, oDomain, oDistributionList, cBlacklisted, DomainFound, RecipientDomain, DisposableBLExists
Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate("Administrator", "secretpassword")
R = oMessage.recipients.count
E = 0
For j = 0 To R -1
If oMessage.Recipients(j).IsLocalUser = false Then
aUsername = Split(oMessage.Recipients(j).Address,"@")
DomainFound = 0
RecipientDomain = lcase(aUsername(1))
For D = 0 to oApp.Domains.count-1
For A = 0 To oApp.Domains.item(D).DomainAliases.Count -1
If lcase(oApp.Domains.item(D).DomainAliases.Item(A).Aliasname) = RecipientDomain Then
RecipientDomain = lcase(oApp.Domains.Item(D).name)
End if
Next
if lcase(oApp.Domains.item(D).name) = RecipientDomain then
DomainFound = 1
Set oDomain = oApp.Domains.ItemByName(RecipientDomain)
DisposableBLExists = 0
For k = 0 To oDomain.DistributionLists.Count -1
If lcase(oDomain.DistributionLists.Item(k).Address) = lcase("DisposableBlacklist@" & RecipientDomain) Then
Set oDistributionList = oDomain.DistributionLists.Item(k)
if oDistributionList.Active and not oDistributionList.RequireSenderAddress = "" then
DisposableBLExists = 1
cBlacklisted = 0
For i = 0 To oDistributionList.Recipients.Count -1
If lcase(oDistributionList.Recipients.Item(i).RecipientAddress) = lcase(replace(oMessage.Recipients(j).Address,aUsername(1),RecipientDomain)) Then
Result.Value = 1
cBlacklisted = 1
R=R-1
eventlog.write(now() & " SMTP - CATCHALL BLACKLIST mail blocked to " & oMessage.recipients.item(j).address & " from " & oMessage.fromaddress )
End If
Next
if cBlacklisted = 0 then
ReDim preserve RecordedRecipients(E)
RecordedRecipients(E) = oDistributionList.RequireSenderAddress
E=E+1
End If
else
DisposableBLExists = 0
End If
End If
Next
If DisposableBLExists = 0 then
ReDim preserve RecordedRecipients(E)
RecordedRecipients(E) = oMessage.recipients.item(j).address
E=E+1
End if
End If
Next
if DomainFound = 0 then
ReDim preserve RecordedRecipients(E)
RecordedRecipients(E) = oMessage.recipients.item(j).address
E=E+1
End if
Else
ReDim preserve RecordedRecipients(E)
RecordedRecipients(E) = oMessage.recipients.item(j).address
E=E+1
End If
Next
if R > 0 then
oMessage.clearRecipients
For j = 0 to ubound(RecordedRecipients)
oMessage.AddRecipient "", RecordedRecipients(j)
Next
End if
End Function
eg,
Enjoy.Sub OnSMTPData(oClient, oMessage)
DisposableBlacklist(oMessage)
End Sub
Sub OnDeliveryStart(oMessage)
DisposableBlacklist(oMessage)
End Sub
v3.1