Re: [Exim] Reading the nameserver info from remote host

Pàgina inicial
Delete this message
Reply to this message
Autor: Andrew - Supernews
Data:  
A: exim-users
Assumpte: Re: [Exim] Reading the nameserver info from remote host
>>>>> "Marc" == Marc Perkel <marc@???> writes:

Marc> Just a thought in the never ending battle against spam.


Marc> Whould it be possible - or could it be added to exim - a way to
Marc> look up the nameservers of a given host? In other words - when
Marc> a host connects to deliver email - I want to know what name
Marc> server has the authority over the domain it is coming from - or
Marc> perhaps claim to come from.


Marc> If I am a spammer and I've registered domains - I have to point
Marc> those domains at my own name server which has a fixed IP
Marc> address. Maybe there is a clue there for identifying spam.


here are some acls from a configuration I've been experimenting
with. Note, this is all strictly experimental stuff at this stage; I
do no more than log the results, and if you try rejecting mail with
any of this I disclaim all responsibility. (In particular, none of
these probably handle temporary failures all that well, and having too
many of anything will result in problems due to recursion depth. Some
of these should probably be changed to be iterative rather than
recursive. There are probably other bugs.)

# Given a domain in acl_c0, find the nearest zone cut, and return the zone
# base in c0, and the NS records in c1
check_domain_ns:
  warn    set acl_c1 = ${lookup dnsdb {NS=$acl_c0}{$value}{}}
  warn    condition = ${if eq{$acl_c1}{} {yes}{no}}
          condition = ${if match{$acl_c0}{\N\.\N} {yes}{no}}
          set acl_c0 = ${substr{${strlen:${extract{1}{.}{$acl_c0}}}}{$acl_c0}}
          set acl_c0 = ${s_1:$acl_c0}
          acl = check_domain_ns


# given a newline-delimited list of addresses in $acl_c0, look them all up
# in the dnslist $acl_c1, stopping if we find one (returned in c0). This one
# should be changed to be iterative rather than recursive.
check_addresses:
  deny    condition = ${if eq{$acl_c0}{} {yes}{no}}
  warn    set acl_c2 = ${extract{1}{\n}{$acl_c0}}
          set acl_c0 = ${substr{${strlen:$acl_c2}}{$acl_c0}}
          set acl_c0 = ${s_1:$acl_c0}
  warn    set acl_c3 = ${sg{4.3.2.1}{\N(\d)\N}{\N${extract{$1}{.}{$acl_c2}}\N}}
  accept  dnslists = $acl_c1/$acl_c3
          set acl_c0 = $acl_c2
  accept  acl = check_addresses


# given a newline-delimited list of NS names in acl_c0, see if any are
# considered bad by local policy.
check_nameservers:
  warn    set acl_c0 = ${sg{$acl_c0}{\N(.+)\n?\N}\
                           {\N${lookup{$1}\
                                  partial()lsearch{EXIM_HOME/bad_ns_domains}\
                                  {,$1.$2}{}}\N}}
          set acl_c0 = ${s_1:$acl_c0}
  accept  condition = ${if !eq{$acl_c0}{} {yes}{no}}


# Example of how to use the above to check the envelope sender domain
# (sets acl_m8 to a rejection reason). Replace $sender_address_domain
# with $sender_host_address or $sender_helo_name to construct acls to
# check them too.
# Usage in a rcpt acl might be something like:
#   deny  acl = check_sender_domain
#         message = $acl_m8


check_sender_domain:
  warn    set acl_c0 = $sender_address_domain
  deny    condition = ${if eq{$acl_c0}{} {yes}{no}}
  warn    acl = check_domain_ns
  warn    set acl_m7 = $acl_c1
  warn    set acl_c0 = ${sg{$acl_c1}\
                           {\N(.+)(\n?)\N}\
                           {\N${lookup dnsdb {A=$1}{$value$2}{}}\N}}
  accept  set acl_c1 = sbl.spamhaus.org
          acl = check_addresses
          set acl_m8 = bad sender: $sender_address_domain NS $acl_c0 on $dnslist_domain $dnslist_value: $dnslist_text
          log_message = $acl_m8
  accept  set acl_c0 = $acl_m7
          acl = check_nameservers
          set acl_m8  = bad sender: $sender_address_domain NS $acl_c0 is locally banned
          log_message = $acl_m8


--
Andrew, Supernews
http://www.supernews.com