[exim.git] / configs / config.samples / F002

Date: Tue, 03 Mar 1998 15:45:24 -0500
From: Dan Birchall <djb@16straight.com>

History:

In early 1997, I wrote a little PERL program which refused
mail from unknown addresses until they mailed me promising
not to spam me.  (This ran on my account as an end-user
solution.)  It was very effective, but didn't scale well.

Recently, I'd been thinking of adding some similar 
functionality to my Exim filter file.  Someone on another
list mentioned that they were going to work on doing the
same in their Sendmail config, and since I'd already 
thought through how to do it in Exim, and knew it'd be
slightly easier than falling out of bed, I went ahead and
did it.  I mentioned having done it, and Piete bugged me
to send it here too. :)

Structure:

There are two (optionally three) flat files involved, plus
a system-wide filter file and one (optionally two) shell
script(s).

The first flat file contains a list of recipient e-mail
addresses handled by my server, with parameters stating
whether they do or do not wish to be afforded some degree
of protection from spam through various filters.  An
excerpt:

djb@16straight.com: spam=no
djb@mule.16straight.com: spam=no untrusted=no
djb@scream.org: spam=no relay=no untrusted=no

Various filters in my filter file read this, and based
on the values of certain parameters, will take certain
measures to prevent spam from reaching an address.  This
particular filter works on the "untrusted" parameter.

The second flat file contains a list of IP addresses for
hosts that the server has been instructed to trust.  (At
this point, this is a system-wide list; if a host is
trusted, it's trusted for all addresses.  It should be
fairly similar to arrange for some sort of user-specific
list, but I haven't had the need.)  An excerpt:

206.214.98.16: good=yes
205.180.57.68: good=yes
204.249.49.75: good=yes

The filter is as follows:

if
${lookup{$recipients:untrusted}lsearch{/usr/exim/lists/shield}{$value}}
is "no"
and
${lookup{$sender_host_address:good}lsearch{/usr/exim/lists/good_hosts}{$value}}
is ""
then freeze endif

Basically, if $recipients is found in the first file, with
an "untrusted=no" parameter, and the sending host's IP
address is *not* in the second file, or does not have a
"good=yes" parameter next to it, the message is frozen.

I then come along as root and run this script, with the
Exim message ID as the only argument:

echo -n `grep host_address /usr/exim/spool/input/$1-H |cut -f2 -d" "` >>
/usr/exim/lists/good_hosts
echo ": good=yes" >> /usr/exim/lists/good_hosts
sendmail -M $1

This adds the sending host's IP to the good_hosts file and
forces delivery of the message.

Options:

The other optional file is a blacklist; the other optional
script puts the sending host's IP in *that* file and deletes
the message.

This is just yet another fun little way to play with spam.
(Looks like meat, tastes like play-doh... or is it the 
other way around?)

Bugs:

Yes, there are weaknesses.  Specifically:

* multi-address $recipients will probably get by this
* scalability is always a concern
* large ISP's that generate lots of mail _and_ spam...

This is near the top of my filter file, though, and
there are several other filters below it to catch any
stuff it might miss.
Commit	Line	Data
e0f3765a PH	1	Date: Tue, 03 Mar 1998 15:45:24 -0500
	2	From: Dan Birchall <djb@16straight.com>
	3
	4	History:
	5
	6	In early 1997, I wrote a little PERL program which refused
	7	mail from unknown addresses until they mailed me promising
	8	not to spam me. (This ran on my account as an end-user
	9	solution.) It was very effective, but didn't scale well.
	10
	11	Recently, I'd been thinking of adding some similar
	12	functionality to my Exim filter file. Someone on another
	13	list mentioned that they were going to work on doing the
	14	same in their Sendmail config, and since I'd already
	15	thought through how to do it in Exim, and knew it'd be
	16	slightly easier than falling out of bed, I went ahead and
	17	did it. I mentioned having done it, and Piete bugged me
	18	to send it here too. :)
	19
	20	Structure:
	21
	22	There are two (optionally three) flat files involved, plus
	23	a system-wide filter file and one (optionally two) shell
	24	script(s).
	25
	26	The first flat file contains a list of recipient e-mail
	27	addresses handled by my server, with parameters stating
	28	whether they do or do not wish to be afforded some degree
	29	of protection from spam through various filters. An
	30	excerpt:
	31
	32	djb@16straight.com: spam=no
	33	djb@mule.16straight.com: spam=no untrusted=no
	34	djb@scream.org: spam=no relay=no untrusted=no
	35
	36	Various filters in my filter file read this, and based
	37	on the values of certain parameters, will take certain
	38	measures to prevent spam from reaching an address. This
	39	particular filter works on the "untrusted" parameter.
	40
	41	The second flat file contains a list of IP addresses for
	42	hosts that the server has been instructed to trust. (At
	43	this point, this is a system-wide list; if a host is
	44	trusted, it's trusted for all addresses. It should be
	45	fairly similar to arrange for some sort of user-specific
	46	list, but I haven't had the need.) An excerpt:
	47
	48	206.214.98.16: good=yes
	49	205.180.57.68: good=yes
	50	204.249.49.75: good=yes
	51
	52	The filter is as follows:
	53
	54	if
	55	${lookup{$recipients:untrusted}lsearch{/usr/exim/lists/shield}{$value}}
	56	is "no"
	57	and
	58	${lookup{$sender_host_address:good}lsearch{/usr/exim/lists/good_hosts}{$value}}
	59	is ""
	60	then freeze endif
	61
	62	Basically, if $recipients is found in the first file, with
	63	an "untrusted=no" parameter, and the sending host's IP
	64	address is not in the second file, or does not have a
65	"good=yes" parameter next to it, the message is frozen.
66
67	I then come along as root and run this script, with the
68	Exim message ID as the only argument:
69
70	echo -n `grep host_address /usr/exim/spool/input/$1-H \|cut -f2 -d" "` >>
71	/usr/exim/lists/good_hosts
72	echo ": good=yes" >> /usr/exim/lists/good_hosts
73	sendmail -M $1
74
75	This adds the sending host's IP to the good_hosts file and
76	forces delivery of the message.
77
78	Options:
79
80	The other optional file is a blacklist; the other optional
81	script puts the sending host's IP in that file and deletes
82	the message.
83
84	This is just yet another fun little way to play with spam.
85	(Looks like meat, tastes like play-doh... or is it the
86	other way around?)
87
88	Bugs:
89
90	Yes, there are weaknesses. Specifically:
91
92	* multi-address $recipients will probably get by this
93	* scalability is always a concern
94	* large ISP's that generate lots of mail _and_ spam...
95
96	This is near the top of my filter file, though, and
97	there are several other filters below it to catch any
98	stuff it might miss.