>>>>> "Marc" == Marc Perkel <marc@???> writes:
Marc> Just a thought in the never ending battle against spam.
Marc> Whould it be possible - or could it be added to exim - a way to
Marc> look up the nameservers of a given host? In other words - when
Marc> a host connects to deliver email - I want to know what name
Marc> server has the authority over the domain it is coming from - or
Marc> perhaps claim to come from.
Marc> If I am a spammer and I've registered domains - I have to point
Marc> those domains at my own name server which has a fixed IP
Marc> address. Maybe there is a clue there for identifying spam.
here are some acls from a configuration I've been experimenting
with. Note, this is all strictly experimental stuff at this stage; I
do no more than log the results, and if you try rejecting mail with
any of this I disclaim all responsibility. (In particular, none of
these probably handle temporary failures all that well, and having too
many of anything will result in problems due to recursion depth. Some
of these should probably be changed to be iterative rather than
recursive. There are probably other bugs.)
# Given a domain in acl_c0, find the nearest zone cut, and return the zone
# base in c0, and the NS records in c1
check_domain_ns:
warn set acl_c1 = ${lookup dnsdb {NS=$acl_c0}{$value}{}}
warn condition = ${if eq{$acl_c1}{} {yes}{no}}
condition = ${if match{$acl_c0}{\N\.\N} {yes}{no}}
set acl_c0 = ${substr{${strlen:${extract{1}{.}{$acl_c0}}}}{$acl_c0}}
set acl_c0 = ${s_1:$acl_c0}
acl = check_domain_ns
# given a newline-delimited list of addresses in $acl_c0, look them all up
# in the dnslist $acl_c1, stopping if we find one (returned in c0). This one
# should be changed to be iterative rather than recursive.
check_addresses:
deny condition = ${if eq{$acl_c0}{} {yes}{no}}
warn set acl_c2 = ${extract{1}{\n}{$acl_c0}}
set acl_c0 = ${substr{${strlen:$acl_c2}}{$acl_c0}}
set acl_c0 = ${s_1:$acl_c0}
warn set acl_c3 = ${sg{4.3.2.1}{\N(\d)\N}{\N${extract{$1}{.}{$acl_c2}}\N}}
accept dnslists = $acl_c1/$acl_c3
set acl_c0 = $acl_c2
accept acl = check_addresses
# given a newline-delimited list of NS names in acl_c0, see if any are
# considered bad by local policy.
check_nameservers:
warn set acl_c0 = ${sg{$acl_c0}{\N(.+)\n?\N}\
{\N${lookup{$1}\
partial()lsearch{EXIM_HOME/bad_ns_domains}\
{,$1.$2}{}}\N}}
set acl_c0 = ${s_1:$acl_c0}
accept condition = ${if !eq{$acl_c0}{} {yes}{no}}
# Example of how to use the above to check the envelope sender domain
# (sets acl_m8 to a rejection reason). Replace $sender_address_domain
# with $sender_host_address or $sender_helo_name to construct acls to
# check them too.
# Usage in a rcpt acl might be something like:
# deny acl = check_sender_domain
# message = $acl_m8
check_sender_domain:
warn set acl_c0 = $sender_address_domain
deny condition = ${if eq{$acl_c0}{} {yes}{no}}
warn acl = check_domain_ns
warn set acl_m7 = $acl_c1
warn set acl_c0 = ${sg{$acl_c1}\
{\N(.+)(\n?)\N}\
{\N${lookup dnsdb {A=$1}{$value$2}{}}\N}}
accept set acl_c1 = sbl.spamhaus.org
acl = check_addresses
set acl_m8 = bad sender: $sender_address_domain NS $acl_c0 on $dnslist_domain $dnslist_value: $dnslist_text
log_message = $acl_m8
accept set acl_c0 = $acl_m7
acl = check_nameservers
set acl_m8 = bad sender: $sender_address_domain NS $acl_c0 is locally banned
log_message = $acl_m8
--
Andrew, Supernews
http://www.supernews.com
