[Mimedefang] Access to sendmail marco client_addr

Mark Costlow cheeks at swcp.com
Mon May 5 13:03:56 EDT 2014 

I did the same thing here, for exactly the same reasons.  Here are my notes
about which filter function I ended up using:

#
# If the current connection is using auth, determine if that user has
# sent from too many different IPs recently.
#
# This has to be done in filter_sender because:
#
# * In filter_relay() (the obvious choice), no access to SendmailMacros
# * filter_begin() is called too late(!) after the message is accepted
# * filter_recipient() is potentially called multiple times
#

We've found that this approach works and is valuable, although it has
been tricky to determine what a "safe" number of IPs is to allow.  In
particular, smartphones roaming around the city tend to look like they
are connecting from many IPs.  We eventually changed the comparrison to
consider the number of /24 subnets the IPs were from, which helped.
(I.e. 172.14.89.2, 172.14.89.12, and 172.14.89.119, all
count as being from a single subnet).  Of course it lowers the chance
of catching someone who is exploiting a small server farm to send spam,
but in practical use it seems to be working OK).

Oh, and for webmail, we're applying the same logic to something that
watches the webmail's logfiles.

Thanks,

Mark


On Mon, May 05, 2014 at 01:07:42PM +0200, Benoit Panizzon wrote:
> Well, after some more RTFM and stumbling over a thread about documentation 
> issues with global variables:
> http://lists.roaringpenguin.com/pipermail/mimedefang/2010-May/035763.html
> 
> I constate that $RelayAddr is available in filter_begin but read_commands_file 
> is not.
> 
> Benoit Panizzon
> -- 
> I m p r o W a r e   A G    -    
> ______________________________________________________
> 
> Zurlindenstrasse 29             Tel  +41 61 826 93 07
> CH-4133 Pratteln                Fax  +41 61 826 93 02
> Schweiz                         Web  http://www.imp.ch
> ______________________________________________________
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
> 
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

-- 
Mark Costlow    | Southwest Cyberport | Fax:   +1-505-232-7975
cheeks at swcp.com | Web:   www.swcp.com | Voice: +1-505-232-7992

Mail Minder - Intelligent Push Notifications for Email on the iPhone
http://mailminderapp.com/download  or in the App Store

More information about the MIMEDefang mailing list