[EXIM] Deferring initial mail from "untrusted" hosts.

Startseite
Nachricht löschen
Nachricht beantworten
Autor: DJB
Datum:  
To: exim-users
Betreff: [EXIM] Deferring initial mail from "untrusted" hosts.
History:

In early 1997, I wrote a little PERL program which refused
mail from unknown addresses until they mailed me promising
not to spam me. (This ran on my account as an end-user
solution.) It was very effective, but didn't scale well.

Recently, I'd been thinking of adding some similar
functionality to my Exim filter file. Someone on another
list mentioned that they were going to work on doing the
same in their Sendmail config, and since I'd already
thought through how to do it in Exim, and knew it'd be
slightly easier than falling out of bed, I went ahead and
did it. I mentioned having done it, and Piete bugged me
to send it here too. :)

Structure:

There are two (optionally three) flat files involved, plus
a system-wide filter file and one (optionally two) shell
script(s).

The first flat file contains a list of recipient e-mail
addresses handled by my server, with parameters stating
whether they do or do not wish to be afforded some degree
of protection from spam through various filters. An
excerpt:

djb@???: spam=no
djb@???: spam=no untrusted=no
djb@???: spam=no relay=no untrusted=no

Various filters in my filter file read this, and based
on the values of certain parameters, will take certain
measures to prevent spam from reaching an address. This
particular filter works on the "untrusted" parameter.

The second flat file contains a list of IP addresses for
hosts that the server has been instructed to trust. (At
this point, this is a system-wide list; if a host is
trusted, it's trusted for all addresses. It should be
fairly similar to arrange for some sort of user-specific
list, but I haven't had the need.) An excerpt:

206.214.98.16: good=yes
205.180.57.68: good=yes
204.249.49.75: good=yes

The filter is as follows:

if
${lookup{$recipients:untrusted}lsearch{/usr/exim/lists/shield}{$value}}
is "no"
and
${lookup{$sender_host_address:good}lsearch{/usr/exim/lists/good_hosts}{$value}}
is ""
then freeze endif

Basically, if $recipients is found in the first file, with
an "untrusted=no" parameter, and the sending host's IP
address is *not* in the second file, or does not have a
"good=yes" parameter next to it, the message is frozen.

I then come along as root and run this script, with the
Exim message ID as the only argument:

echo -n `grep host_address /usr/exim/spool/input/$1-H |cut -f2 -d" "` >>
/usr/exim/lists/good_hosts
echo ": good=yes" >> /usr/exim/lists/good_hosts
sendmail -M $1

This adds the sending host's IP to the good_hosts file and
forces delivery of the message.

Options:

The other optional file is a blacklist; the other optional
script puts the sending host's IP in *that* file and deletes
the message.

This is just yet another fun little way to play with spam.
(Looks like meat, tastes like play-doh... or is it the
other way around?)

Bugs:

Yes, there are weaknesses. Specifically:

* multi-address $recipients will probably get by this
* scalability is always a concern
* large ISP's that generate lots of mail _and_ spam...

This is near the top of my filter file, though, and
there are several other filters below it to catch any
stuff it might miss.

-Dan

--
Dan Birchall (djb@???) http://www.16straight.com
Internet Systems Administrator - 16 Straight Communications
A single source for graphic design, site design and hosting
609-231-7887 / 888-416-7878 - Begone, foul spammers! Away!

--
*** Exim information can be found at http://www.exim.org/ ***