configs/config.samples/F002

   1 Date: Tue, 03 Mar 1998 15:45:24 -0500
   2 From: Dan Birchall <djb@16straight.com>
   3
   4 History:
   5
   6 In early 1997, I wrote a little PERL program which refused
   7 mail from unknown addresses until they mailed me promising
   8 not to spam me.  (This ran on my account as an end-user
   9 solution.)  It was very effective, but didn't scale well.
  10
  11 Recently, I'd been thinking of adding some similar
  12 functionality to my Exim filter file.  Someone on another
  13 list mentioned that they were going to work on doing the
  14 same in their Sendmail config, and since I'd already
  15 thought through how to do it in Exim, and knew it'd be
  16 slightly easier than falling out of bed, I went ahead and
  17 did it.  I mentioned having done it, and Piete bugged me
  18 to send it here too. :)
  19
  20 Structure:
  21
  22 There are two (optionally three) flat files involved, plus
  23 a system-wide filter file and one (optionally two) shell
  24 script(s).
  25
  26 The first flat file contains a list of recipient e-mail
  27 addresses handled by my server, with parameters stating
  28 whether they do or do not wish to be afforded some degree
  29 of protection from spam through various filters.  An
  30 excerpt:
  31
  32 djb@16straight.com: spam=no
  33 djb@mule.16straight.com: spam=no untrusted=no
  34 djb@scream.org: spam=no relay=no untrusted=no
  35
  36 Various filters in my filter file read this, and based
  37 on the values of certain parameters, will take certain
  38 measures to prevent spam from reaching an address.  This
  39 particular filter works on the "untrusted" parameter.
  40
  41 The second flat file contains a list of IP addresses for
  42 hosts that the server has been instructed to trust.  (At
  43 this point, this is a system-wide list; if a host is
  44 trusted, it's trusted for all addresses.  It should be
  45 fairly similar to arrange for some sort of user-specific
  46 list, but I haven't had the need.)  An excerpt:
  47
  48 206.214.98.16: good=yes
  49 205.180.57.68: good=yes
  50 204.249.49.75: good=yes
  51
  52 The filter is as follows:
  53
  54 if
  55 ${lookup{$recipients:untrusted}lsearch{/usr/exim/lists/shield}{$value}}
  56 is "no"
  57 and
  58 ${lookup{$sender_host_address:good}lsearch{/usr/exim/lists/good_hosts}{$value}}
  59 is ""
  60 then freeze endif
  61
  62 Basically, if $recipients is found in the first file, with
  63 an "untrusted=no" parameter, and the sending host's IP
  64 address is *not* in the second file, or does not have a
  65 "good=yes" parameter next to it, the message is frozen.
  66
  67 I then come along as root and run this script, with the
  68 Exim message ID as the only argument:
  69
  70 echo -n `grep host_address /usr/exim/spool/input/$1-H |cut -f2 -d" "` >>
  71 /usr/exim/lists/good_hosts
  72 echo ": good=yes" >> /usr/exim/lists/good_hosts
  73 sendmail -M $1
  74
  75 This adds the sending host's IP to the good_hosts file and
  76 forces delivery of the message.
  77
  78 Options:
  79
  80 The other optional file is a blacklist; the other optional
  81 script puts the sending host's IP in *that* file and deletes
  82 the message.
  83
  84 This is just yet another fun little way to play with spam.
  85 (Looks like meat, tastes like play-doh... or is it the
  86 other way around?)
  87
  88 Bugs:
  89
  90 Yes, there are weaknesses.  Specifically:
  91
  92 * multi-address $recipients will probably get by this
  93 * scalability is always a concern
  94 * large ISP's that generate lots of mail _and_ spam...
  95
  96 This is near the top of my filter file, though, and
  97 there are several other filters below it to catch any
  98 stuff it might miss.