[Mimedefang] SendmailMacros, greylisting and filter_recipient

Lucas Albers admin at cs.montana.edu
Wed Dec 3 03:39:39 EST 2003 

> On Sat, 8 Nov 2003, Michael Faurot wrote:
>
>> Having run into the situation of how to exempt SMTP authenticated
>> users previously, with respect to SpamAssassin, I added some logic
>> to use $SendmailMacros{'auth_authen'} to the filter_recipients()
>> function.  After some research[2] through the list archives, I
>> discovered this won't work because SendmailMacros aren't available
>> within filter_recipient().
>

--pertinent information for guru Dave Skoll deleted on how to perform this--
--code modified based on his code in mimedefang.pl on how to do this.--


This adds code to check if a user is authenticated to ignore for
greylisting. Trivial to add to existing code I posted , to check this
result. Read archive for earlier posting.
Compiles, and I think it works. (see below)

I have discovered another test based on greylisting to find spammers.
if a host is temp rejected and then attempts delivery with 3 or more other
relays in a short period of time, it is spammer. They are switching mail
relays to allow delivery.  Normal senders should never have delivery
through more then 2 relays in a short period of time.
It is possible the sending MTA is attempting relay through a backup mx
mail server.
Can anyone find fault with my reasoning, does this appear to be a good test?


Dave, if this appears to be a well thought out idea, go ahead and code it
into canit. :)

The other idea I considered was looking at the name of the relaying server,
if it is a match ip-wise of the ip address it is probable a good
indication it is is a dialup, or if it has the word dialup or dsl in it.
At the best this could only add a few points into SA, but every point helps.
example:
 mnch-001-248.dialup.iowatelecom.net
 dialup-67.31.168.144.dial1.denver1.level3.net [67.31.168.144]


---------------------------------------------------------------------------
sub authenticated_user(){
        # Read command files
    if (!open(IN, "<COMMANDS")) {
        fatal("Cannot open COMMANDS file from mimedefang: $!");
        #i am rejecting mail if it can't open commands
        #return -1;
        return 0;
    }

        my $seenF = 0;

    while(<IN>) {
        chomp;
        my $rawcmd = $_;
        my $cmd = percent_decode($rawcmd);
        my $arg = substr($cmd, 1);
        $cmd = substr($cmd, 0, 1);
        my $rawarg = substr($rawcmd, 1);
        if ( $cmd eq "F") {
            $seenF = 1;
            last;
        }
        elsif ($cmd eq "=") {
            my($macro, $value);
            ($macro, $value) = split(' ', $rawarg);
            $value = "" unless defined($value);
            $macro = "" unless defined($macro);
            if ($macro ne "") {
                $macro = percent_decode($macro);
                $value = percent_decode($value);
                $SendmailMacros{$macro} = $value;
                md_syslog('err',
"SendmailMacro:$SendmailMacros{$macro},$value,$macro");
            }
        } else {
            md_syslog('warning', "Unknown command $cmd from mimedefang");
        }
    }
    close(IN);
        if (exists ($SendmailMacros{'auth_authen'})) {
                return 1;
        }
        else {
                return 0;
        }

    if (!$seenF) {
        md_syslog('err', "COMMANDS file from mimedefang did not terminate
with 'F' -- check disk space in spool directory");
    }
}


--luke

More information about the MIMEDefang mailing list