[Mimedefang] SendmailMacros, greylisting and filter_recipient
Lucas Albers
admin at cs.montana.edu
Wed Dec 3 03:39:39 EST 2003
> On Sat, 8 Nov 2003, Michael Faurot wrote:
>
>> Having run into the situation of how to exempt SMTP authenticated
>> users previously, with respect to SpamAssassin, I added some logic
>> to use $SendmailMacros{'auth_authen'} to the filter_recipients()
>> function. After some research[2] through the list archives, I
>> discovered this won't work because SendmailMacros aren't available
>> within filter_recipient().
>
--pertinent information for guru Dave Skoll deleted on how to perform this--
--code modified based on his code in mimedefang.pl on how to do this.--
This adds code to check if a user is authenticated to ignore for
greylisting. Trivial to add to existing code I posted , to check this
result. Read archive for earlier posting.
Compiles, and I think it works. (see below)
I have discovered another test based on greylisting to find spammers.
if a host is temp rejected and then attempts delivery with 3 or more other
relays in a short period of time, it is spammer. They are switching mail
relays to allow delivery. Normal senders should never have delivery
through more then 2 relays in a short period of time.
It is possible the sending MTA is attempting relay through a backup mx
mail server.
Can anyone find fault with my reasoning, does this appear to be a good test?
Dave, if this appears to be a well thought out idea, go ahead and code it
into canit. :)
The other idea I considered was looking at the name of the relaying server,
if it is a match ip-wise of the ip address it is probable a good
indication it is is a dialup, or if it has the word dialup or dsl in it.
At the best this could only add a few points into SA, but every point helps.
example:
mnch-001-248.dialup.iowatelecom.net
dialup-67.31.168.144.dial1.denver1.level3.net [67.31.168.144]
---------------------------------------------------------------------------
sub authenticated_user(){
# Read command files
if (!open(IN, "<COMMANDS")) {
fatal("Cannot open COMMANDS file from mimedefang: $!");
#i am rejecting mail if it can't open commands
#return -1;
return 0;
}
my $seenF = 0;
while(<IN>) {
chomp;
my $rawcmd = $_;
my $cmd = percent_decode($rawcmd);
my $arg = substr($cmd, 1);
$cmd = substr($cmd, 0, 1);
my $rawarg = substr($rawcmd, 1);
if ( $cmd eq "F") {
$seenF = 1;
last;
}
elsif ($cmd eq "=") {
my($macro, $value);
($macro, $value) = split(' ', $rawarg);
$value = "" unless defined($value);
$macro = "" unless defined($macro);
if ($macro ne "") {
$macro = percent_decode($macro);
$value = percent_decode($value);
$SendmailMacros{$macro} = $value;
md_syslog('err',
"SendmailMacro:$SendmailMacros{$macro},$value,$macro");
}
} else {
md_syslog('warning', "Unknown command $cmd from mimedefang");
}
}
close(IN);
if (exists ($SendmailMacros{'auth_authen'})) {
return 1;
}
else {
return 0;
}
if (!$seenF) {
md_syslog('err', "COMMANDS file from mimedefang did not terminate
with 'F' -- check disk space in spool directory");
}
}
--luke
More information about the MIMEDefang
mailing list