Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] General procmail question
- Date: Sat, 4 Jan 2003 13:25:29 +0100
- From: Godwin Stewart <gstewart@example.com>
- Subject: [tlug] General procmail question
- Organization: Nope, none here, it's a mess ;o)
Hi there,
Is there a way to get a procmail recipe's condition to be dependent on an
external condition?
Let me explain.
I have a list of blacklisted subnets in /usr/local/etc/rdbl.list with
entries like this:
# Blacklisted subnets for iptables and for mfilter.pl
# kornet (kr)
61.78.0.0/15
61.80.0.0/14
61.84.0.0/15
211.222.212.0/22
61.72.0.0/14
168.126.0.0/16
# boranet (kr)
61.32.0.0/13
61.40.0.0/14
# hananet (kr)
211.200.78.0/23
# more Korean shit
211.77.64.0/18
# capital network (cn)
211.101.128.0/17
211.102.0.0/17
# chinacomm (cn)
211.157.96.0/19
etc...
This list serves two purposes:
Firstly, these subnets are processed by my firewall script and connections
from them to port 25 of my box are -j DROP'ped. This prevents them from
spamming me directly. However, it does not prevent them from spamming me
indirectly, i.e. through a different e-mail address which relays back to me.
Even spamcop.net doesn't catch that much of it. Therefore.....
Secondly, I have a Perl script called mfilter.pl, which takes the headers of
an incoming mail, parses the "Received:" headers and zaps any chain
inconsitencies (thus removing any spoofed "Received:" headers), and compares
the hosts through which the mail has passed with the contents of rdbl.list.
It then returns "0" to the shell if all is clear, or "1" if the mail has
been through any of the hosts in the subnets listed in rdbl.list.
Mail which is retrieved from remote POP3 servers (by a fetchmail replacement
I wrote a while back) is passed through this script and an
"X-SpamTagged-By:" header is added if need be. This header is then picked up
by this procmail recipe:
:0:
* ^X-SpamTagged-By:.*
spam
and the mail is diverted to a different mbox. Eventually, "spam" will be
replaced with "/dev/null" but for the moment this filter's behaviour is
still under observation :)
So far so good. The problem is solved for mail popped off remote servers and
for mail delivered directly by SMTP. It does not, however, solve the problem
of mail delivered INdirectly by SMTP (eg: spammer -> gstewart@example.com ->
gstewart@example.com).
It's easy enough to get procmail to check against any particular host (or a
subnet with a /n mask where n is a multiple of 8) in a recipe's regex, but
if we expand all the subnets in my rdbl.list file, we're talking about more
than 2 million hosts. That number of recipes is *not* going to make a pretty
procmailrc or one that's easy to process swiftly.
What I therefore need to do is get procmail to use mfilter.pl somehow.
Any ideas?
--
G. Stewart -- gstewart@example.com
gstewart@example.com
Registered Linux user #284683
GnuPG key : BA3D01C6 (pgp.mit.edu)
Fingerprint: C3DF C686 6572 6E59 E3E4 0F40 2B9A 2218 BA3D 01C6
---------------------------------------------------------------
Let's call it an accidental feature.
-- Larry Wall
- Follow-Ups:
- Re: [tlug] General procmail question
- From: Godwin Stewart
- Re: [tlug] General procmail question
- Prev by Date: [tlug] release for gnome2
- Next by Date: Re: [tlug] UPS
- Previous by thread: Re: [tlug] release for gnome2
- Next by thread: Re: [tlug] General procmail question
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |