Date: Fri, 30 May 1997 14:29:21 -0700 From: Alex Huppenthal <alex@comsys.com> To: Poul-Henning Kamp <phk@dk.tfs.com> Cc: isp@FreeBSD.ORG Subject: Re: stopping mailspam without tears... Message-ID: <338F46B1.2781E494@comsys.com> References: <1057.865023994@critter.dk.tfs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Anti-SPAM Wish list: How about forwarding your spam to a mail parser on your server that sets the appropriate filters in sendmail and always nukes email from that address? Better still add an email address/parser that sends an anti-spam message to the source of the SPAM, Postmaster, and administrator for that domain. -Alex Poul-Henning Kamp wrote: > > A local ISP here had the problem that they were being used as a > relay for various mail-spammers. > > Here is a summary of the solution I am implementing. > > The reason I think it is interesting is that it doesn't involve > sendmail.cf :-) > > Life is too short for sendmail.cf. > > If anybody has the time to work on this to make it a suitable > option in /etc/sysconfig for freebsd... nudge, nudge, wink, wink! > > Poul-Henning > > Cookbook: > --------- > > Make a directory /var/spool/mqueue_in, set owner, group & modes right. > > Start sendmail with > > -bd -O QueueDirectory=/var/spool/mqueue_in -O DeliveryMode=q > > this makes sendmail store all incomming mail in your new directory > instead of delivering it. > > Start another sendmail with > -q5m > or similar. > > Now write a small script in a language of your choice, which looks > at the qf* and df* files in /var/spool/mqueue_in and if you like the > contents, you move them to /var/spool/mqueue for delivery. > > The format of the qf* files are descibed in Appendix B in > src/usr.sbin/sendmail/doc/op/op.me > > TADA! > > Yes, I know all the drawbacks of this scheme, but I can make checks > this way that none of the sendmail patches I have seen yet allows > me to do. > > You can check all recipients all header lines and envelope information, > and you even have access to the message itself, at the same time! > > Emails from spammers will just be /dev/nulled. > > I include my (Tcl!) script here for all to work from > > #!/usr/bin/tclsh > # > # ---------------------------------------------------------------------------- > # "THE BEER-WARE LICENSE" (Revision 42): > # <phk@FreeBSD.org> wrote this file. As long as you retain this notice you > # can do whatever you want with this stuff. If we meet some day, and you think > # this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp > # ---------------------------------------------------------------------------- > # > # $Id$ > # > > set spool_in /var/spool/mqueue_in > set spool_out /var/spool/mqueue > set spool_spam /var/tmp/spam > set spool_problem /var/spool/mqueue_problem > > ################# > > proc Process {id qf df} { > global spool_in spool_out spool_spam spool_problem > set f [open $qf] > > if {![file size $qf]} { > if {[file mtime $qf] + 600 < [clock seconds]} { > puts "$id Stale zero size queue file" > MoveTo $id $spool_problem > } > return > } > set rcount 0 > set triggers 0 > while {[gets $f a] >= 0} { > # We can risk seing anything in these, so be carefull > if {[regexp {^HSubject: } "$a"]} continue > if {[regexp {^HX} "$a"]} continue > > # Count recipients > if {[regexp {^R} "$a"]} {incr rcount} > > # Look for telltale signs > if {[regexp {^HReceived.*000\.000\.000\.000} "$a"]} {incr triggers} > if {[regexp {@savetrees\.com} "$a"]} {incr triggers} > if {[regexp {@fun\.com} "$a"]} {incr triggers} > if {[regexp {@public\.com} "$a"]} {incr triggers} > if {[regexp {@mary-world\.com} "$a"]} {incr triggers} > if {[regexp {Received: from "Cyber-Bomber"} "$a"]} {incr triggers} > if {[regexp {Received: .*sallynet\.com} "$a"]} {incr triggers} > if {[regexp {Received: .*marynet\.com} "$a"]} {incr triggers} > if {[regexp {earthlink\.net} "$a"]} {incr triggers} > > } > close $f > puts "$id $rcount $triggers" > if {$rcount > 10 && $trigger} {MoveTo $id $spool_spam} > MoveTo $id $spool_out > } > > ################# > > proc MoveTo {id where} { > global spool_in > puts "moving $id to $where" > exec sh -c "mv $spool_in/??$id $where" > } > > ################# > > while 1 { > set list [glob -nocomplain $spool_in/qf*] > if {![llength $list]} { > exec sleep 30 > } else { > foreach i $list { > puts "doing $i" > regsub "$spool_in/qf(.*)" $i {\1} b > if {[file exists $spool_in/tf$b]} continue > if {![file exists $spool_in/qf$b]} continue > if {![file exists $spool_in/df$b]} continue > set error [catch "Process $b $spool_in/qf$b $spool_in/df$b" ret] > if {$error} { > puts "ERROR ON ID $b MOVED TO PROBLEM" > puts "$error" > puts "$ret" > MoveTo $b $spool_problem > } > } > exec sleep 10 > } > } > > -- > Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. > http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. > whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. > Future will arrive by its own means, progress not so.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?338F46B1.2781E494>