[Mimedefang] Blocking messages from two relays back

[David F. Skoll]

On Fri, 8 Nov 2002, Stefano McGhee wrote:

> Now I'm noticing spammers going to the third MX, our ISP, instead. [...]
> Can I evaluate the HEADERS file and look for relays listed in the
> access_db?

Yes; the first "Received:" header should contain the IP address of the
original relay (assuming you trust your ISP's host.)  You can parse
this out and handle it in filter_relay.  I don't know any Perl hooks
to do lookups in Sendmail's access table, but I bet there's a way to do it,
even if it's as brute-force an approach as running "sendmail -bt" and feeding
it a /map command, and then looking at the result.  Eg:

	$mapresult = `echo /map access $relay_addr_from_headers | sendmail -bt`
	# Now $mapresult contains a line like:
	# > map_lookup: access (127.0.0.1) returns RELAY (0)

You want to be careful about parsing $relay_addr_from_headers.  Make sure
it matches the regexp /^\d+\.\d+\.\d+\.\d+$/ or you could have security
issues.

Regards,

David.