Date: Fri, 30 May 1997 14:29:21 -0700 From: Alex Huppenthal <alex@comsys.com> To: Poul-Henning Kamp <phk@dk.tfs.com> Cc: isp@FreeBSD.ORG Subject: Re: stopping mailspam without tears... Message-ID: <338F46B1.2781E494@comsys.com> References: <1057.865023994@critter.dk.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Anti-SPAM Wish list:
How about forwarding your spam to a mail parser on your server that
sets the appropriate filters in sendmail and always nukes email from
that address?
Better still add an email address/parser that sends an anti-spam message
to the
source of the SPAM, Postmaster, and administrator for that domain.
-Alex
Poul-Henning Kamp wrote:
>
> A local ISP here had the problem that they were being used as a
> relay for various mail-spammers.
>
> Here is a summary of the solution I am implementing.
>
> The reason I think it is interesting is that it doesn't involve
> sendmail.cf :-)
>
> Life is too short for sendmail.cf.
>
> If anybody has the time to work on this to make it a suitable
> option in /etc/sysconfig for freebsd... nudge, nudge, wink, wink!
>
> Poul-Henning
>
> Cookbook:
> ---------
>
> Make a directory /var/spool/mqueue_in, set owner, group & modes right.
>
> Start sendmail with
>
> -bd -O QueueDirectory=/var/spool/mqueue_in -O DeliveryMode=q
>
> this makes sendmail store all incomming mail in your new directory
> instead of delivering it.
>
> Start another sendmail with
> -q5m
> or similar.
>
> Now write a small script in a language of your choice, which looks
> at the qf* and df* files in /var/spool/mqueue_in and if you like the
> contents, you move them to /var/spool/mqueue for delivery.
>
> The format of the qf* files are descibed in Appendix B in
> src/usr.sbin/sendmail/doc/op/op.me
>
> TADA!
>
> Yes, I know all the drawbacks of this scheme, but I can make checks
> this way that none of the sendmail patches I have seen yet allows
> me to do.
>
> You can check all recipients all header lines and envelope information,
> and you even have access to the message itself, at the same time!
>
> Emails from spammers will just be /dev/nulled.
>
> I include my (Tcl!) script here for all to work from
>
> #!/usr/bin/tclsh
> #
> # ----------------------------------------------------------------------------
> # "THE BEER-WARE LICENSE" (Revision 42):
> # <phk@FreeBSD.org> wrote this file. As long as you retain this notice you
> # can do whatever you want with this stuff. If we meet some day, and you think
> # this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
> # ----------------------------------------------------------------------------
> #
> # $Id$
> #
>
> set spool_in /var/spool/mqueue_in
> set spool_out /var/spool/mqueue
> set spool_spam /var/tmp/spam
> set spool_problem /var/spool/mqueue_problem
>
> #################
>
> proc Process {id qf df} {
> global spool_in spool_out spool_spam spool_problem
> set f [open $qf]
>
> if {![file size $qf]} {
> if {[file mtime $qf] + 600 < [clock seconds]} {
> puts "$id Stale zero size queue file"
> MoveTo $id $spool_problem
> }
> return
> }
> set rcount 0
> set triggers 0
> while {[gets $f a] >= 0} {
> # We can risk seing anything in these, so be carefull
> if {[regexp {^HSubject: } "$a"]} continue
> if {[regexp {^HX} "$a"]} continue
>
> # Count recipients
> if {[regexp {^R} "$a"]} {incr rcount}
>
> # Look for telltale signs
> if {[regexp {^HReceived.*000\.000\.000\.000} "$a"]} {incr triggers}
> if {[regexp {@savetrees\.com} "$a"]} {incr triggers}
> if {[regexp {@fun\.com} "$a"]} {incr triggers}
> if {[regexp {@public\.com} "$a"]} {incr triggers}
> if {[regexp {@mary-world\.com} "$a"]} {incr triggers}
> if {[regexp {Received: from "Cyber-Bomber"} "$a"]} {incr triggers}
> if {[regexp {Received: .*sallynet\.com} "$a"]} {incr triggers}
> if {[regexp {Received: .*marynet\.com} "$a"]} {incr triggers}
> if {[regexp {earthlink\.net} "$a"]} {incr triggers}
>
> }
> close $f
> puts "$id $rcount $triggers"
> if {$rcount > 10 && $trigger} {MoveTo $id $spool_spam}
> MoveTo $id $spool_out
> }
>
> #################
>
> proc MoveTo {id where} {
> global spool_in
> puts "moving $id to $where"
> exec sh -c "mv $spool_in/??$id $where"
> }
>
> #################
>
> while 1 {
> set list [glob -nocomplain $spool_in/qf*]
> if {![llength $list]} {
> exec sleep 30
> } else {
> foreach i $list {
> puts "doing $i"
> regsub "$spool_in/qf(.*)" $i {\1} b
> if {[file exists $spool_in/tf$b]} continue
> if {![file exists $spool_in/qf$b]} continue
> if {![file exists $spool_in/df$b]} continue
> set error [catch "Process $b $spool_in/qf$b $spool_in/df$b" ret]
> if {$error} {
> puts "ERROR ON ID $b MOVED TO PROBLEM"
> puts "$error"
> puts "$ret"
> MoveTo $b $spool_problem
> }
> }
> exec sleep 10
> }
> }
>
> --
> Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team.
> http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox.
> whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc.
> Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?338F46B1.2781E494>