Spam blocking by Received: IP might be the way to go, but there are
problems. This is not the way to go:
http://www.igs.net/~rleir/dot_procmailrc.html
The IP regex's were discussed on this list a month ago.
What was I trying to do with this mess? The idea was to blackhole
everything from DSL ISP's except mail which was sent through their
official SMTP server. That would cut out mail from Nimda infected
machines and mail from direct spammers.
The problems:
-There are too many net blocks and mail servers on the net to do this
manually. And they change over time. I need to set up a DB.
-Many unix users are sending valid mail direct from their DSL connection,
with dynamic IP. It would be difficult to persuade them to send via
their ISP's SMTP server.
-I can not just use the first Received: header because my ISP receives at
several MX machines, depending on load. When the main SMTP server is
loaded down, mail is received by another machine and forwarded to the
main machine, with an extra Received: header at the front.
-The RIPE whois server does not tell me the whole ISP net block, it just
tells me about little blocks assigned to end-user companies.
The successes:
-Large blocks of IP's for china and such are cut off.
-Large numbers of Nimda infected machines are cut off.
Related work:
-ORBS
Comments please. What is an efficient way to build a list of IP net
blocks, with the associated SMTP server IP's, in a format that procmail
can use?
cheers -- Rick
Rick Leir rleir(_at_)igs(_dot_)net
613-828-8289 http://www.igs.net/~rleir/
I tend to think of C# as Java with Security, Reliability and
Productivity deleted. -- James Gosling
On Tue, 30 Oct 2001, Mike Silbersack wrote:
Hello all, this is my first post to this list, so I apologize if I'm
asking a FAQ; I can't find a clear answer in any of the faqs.
Right now, I'm trying to enhance the blacklist features of spambouncer,
specifically in that I'd like to check the IPs in every received line in
the header. I figure this will allow me to match against open relay
inputs without resorting to blackholing open relay outputs. (I already do
input blocking in my MTA, so that's not an issue.)
My mail is forwarded to my main account through a variety of other
accounts, all of which get spam, and all of which have a different number
of hops to arrive. Therefore, I can't simply check the 1st received line
I encounter.
Ok, finally down to the question:
If I make a regex which matches a single received: line, will it only
match the first received: line it encounters, or is it possible for it to
match every such line and be processed n times?
Thanks,
Mike "Silby" Silbersack
(please CC me, I'm not subscribed to the list.)
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail