Hi,
On Sun, Mar 02, 2003 at 11:59:58AM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> I would like it if an incoming mail would automatically cause a dsbl.org
> and/or ordb.org check & listing, but I haven't been able to find such a
> test program so far (there are some, but they expect me to specify the
> IP - and I haven't got time to write a Received: header parser right
> now.
I use a program that does that to complement qmail's standard measures,
i.e. RBL checking to decide whether to spawn the real SMTP server or go
into reject-only mode.
The problem was that even with that in place, I got a lot of spam
through a backup MTA that didn't apply those RBLs.
The attached perl script is intended to be used in a .qmail delivery
instructions file and checks each IP adress in each Received header that
is not in a whitelist, against a number of RBLs. If it gets a match, it
tells qmail that it shouldn't follow further delivery instructions,
preventing actual delivery.
So, my .qmail files look like this:
|/usr/local/bin/rcvchk
./Maildir/
The mentioned rcvchk script looks like this:
#!/usr/bin/perl -w
#
# RCVCHK (C) 2002 Emile van Bergen. Redistribution of this file is permitted
# under the conditions detailed in the GNU General Public License (GPL).
#
# This script is intended for use in .qmail files. It scans a message's
# Received: headers for IP addresses and checks each IP address that is not in
# an explicit permitted prefix list, against a configurable number of realtime
# DNS blacklists. The headers are scanned using 822field from djb's mess822
# package; the DNS lookups are done using dnstxt from djbdns.
#
# If a message is accepted, 0 is returned, allowing qmail-local to continue
# processing the .qmail file. If a message is rejected, a log entry is made and
# 99 is returned, preventing qmail-local from executing further delivery
# instructions.
#
# In both cases, the input message is read and discarded to end, to prevent
# qmail-local from flagging a broken pipe error.
#
# History: 2002/09/03 - EvB - initial version
$VERBOSE=1;
@RBLS=qw{
bl.spamcop.net
relays.ordb.org
relays.osirusoft.com
};
@ERRIPS=qw{
194.151.214.
194.109.3.11
};
@OKIPS=qw{
10.
172.16.
172.17.
172.18.
172.19.
172.20.
172.21.
172.22.
172.23.
172.24.
172.25.
172.26.
172.27.
172.28.
172.29.
172.30.
172.31.
192.168.
194.109.
127.0.0.1
};
open(HDRS, "-|", "/usr/local/bin/822field Received") or exit(111);
my $reject = 0;
LINE: while(<HDRS>) {
/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/ or next LINE;
my $fwd="$1.$2.$3.$4";
my $rev="$4.$3.$2.$1";
$VERBOSE and print STDERR "Checking $fwd\n";
foreach my $errip (@ERRIPS) {
if (substr($fwd, 0, length($errip)) eq $errip) {
print STDERR "rejecting, matches $errip\n";
$reject = 1;
last LINE;
}
}
foreach $okip (@OKIPS) {
if (substr($fwd, 0, length($okip)) eq $okip) {
$VERBOSE and print STDERR " skipping, matches $okip\n";
next LINE;
}
}
RBL: foreach $rbl (@RBLS) {
my $res=`/usr/local/bin/dnstxt $rev.$rbl`;
$VERBOSE and print STDERR " against $rbl: $res";
$res =~ /\S/ or next RBL;
$VERBOSE or print STDERR "$fwd fails $rbl: $res";
$reject = 1;
last LINE;
}
}
close(HDRS) or exit(111);
while(<>) { }
if ($reject == 0) {
$VERBOSE and print STDERR "Message accepted.\n";
exit 0;
}
$VERBOSE and print STDERR "Message REJECTED.\n";
exit 99;
Cheers,
Emile.
--
E-Advies / Emile van Bergen | emile@e-advies.info
tel. +31 (0)70 3906153 | http://www.e-advies.info
Attachment:
pgpc4l2ZTsry7.pgp
Description: PGP signature