[Mimedefang] Blocking messages from two relays back
David F. Skoll
dfs at roaringpenguin.com
Fri Nov 8 16:20:02 EST 2002
On Fri, 8 Nov 2002, Stefano McGhee wrote:
> Now I'm noticing spammers going to the third MX, our ISP, instead. [...]
> Can I evaluate the HEADERS file and look for relays listed in the
> access_db?
Yes; the first "Received:" header should contain the IP address of the
original relay (assuming you trust your ISP's host.) You can parse
this out and handle it in filter_relay. I don't know any Perl hooks
to do lookups in Sendmail's access table, but I bet there's a way to do it,
even if it's as brute-force an approach as running "sendmail -bt" and feeding
it a /map command, and then looking at the result. Eg:
$mapresult = `echo /map access $relay_addr_from_headers | sendmail -bt`
# Now $mapresult contains a line like:
# > map_lookup: access (127.0.0.1) returns RELAY (0)
You want to be careful about parsing $relay_addr_from_headers. Make sure
it matches the regexp /^\d+\.\d+\.\d+\.\d+$/ or you could have security
issues.
Regards,
David.
More information about the MIMEDefang
mailing list