Archive-name: mail/anti-ube-pointer
URL: ftp://cs.uta.fi/pub/ssjaaa/pm-tips.html
Maintainer: Jari Aalto <jari(_dot_)aalto(_at_)poboxes(_dot_)com>
Announcement: "Anti-UBE pointers"
This is an excerpt from a bigger document. There is only one
software pointer in this announcement: `rblcheck' which has
proven to be very efficient, fast and system load friendly
for ISPs that filter mail at MTA level. See at the end of
this message. Other Spam tools like "SpamGuard, Spam Be Gone"
are listed in the full document.
You can also order the text version from file server with,
but note that the size of the file is big (over 450K)
To: <jari(_dot_)aalto(_at_)poboxes(_dot_)com>
Subject: send pm-tips.txt (try also "send help")
2.0 UBE in Internet
2.1 Terms used and foreword
[Part of this have been excerpted from the Email Abuse Faq]
._UBE_ = Unsolicited Bulk Email
._UCE_ = (subset of UBE) Unsolicited Commercial Email
_Spam_ = Spam describes a particular kind of Usenet posting (and
canned spiced ham), but is now often used to describe many kinds of
inappropriate activities, including some email-related events. It
is technically incorrect to use "spam" to describe email abuse,
although attempting to correct the practice would amount to tilting
at windmills.
_Spam_ = definition by Erik Beckjord. "Some people decide that Spam
is anything you decide you want to ban if you can't handle the
intellectual load on a list." Remember, Not to be confused with
real spam, which is unwanted bulk mail.
The thing where people are nowadays seeking for cure is stopping
and handling UBE. And that can be easily done with procmail (by
you) and and with sendmail by your sysadm. In order to select the
right stragegy against UBE messages, you should read this section
and then decide how you will be using your procmail to deal with it.
2.2 UBE strategies
[Excerpted from the Email Abuse Faq]
4g. I asked to be "removed" - guess what? I got another U*E
Not surprisingly, many UBE outfits treat a "remove" request as
evidence that the address is "live"; a "remove" request to some
bulk emailers will actually guarantee that they will send more to
you. For many others, the remove procedure does not work, either by
chance or design. At this point perhaps you're starting to get a
feel for the type of people with whom you are dealing.
Also, getting removed doesn't keep you from being added the next
time they mine for addresses, nor will it get you off other copies
of the list that have been sold or traded to others. In summary,
there is no evidence of "remove" requests being an effective way to
stop UBE.
4h. I asked to be "removed" - guess what? The message bounced
Probably the remove procedure was false. Any remove procedure that
tells you to send remove requests to AOL, CompuServe, Prodigy,
Hotmail, or Juno is certainly false. The bulk emailers are an
unpopular lot; they forge headers, inject messages into open SMTP
ports, use temporary accounts, and pull other stunts to avoid the
tirade of complaints that follow every mailing.
2.3 UBE and bouncing message back
Has anyone found that bouncing spam does any good at all?
[sean] I had a whole policy message written up that would be sent
out to spammers. Nothing but a waste of my resources. Most return
paths are either completely bogus, or end up bouncing pretty damn
soon after the spam, which just brings you more junk to deal with.
Instead, I choose to send messages occasionally to administrators
and upline providers of domains which spew. "Agreement by action"
is one of the legal standards I like to use (for "should you
continue to send mail to me, that constitutes acceptance of the
terms herein").
InterNIC recently 1997-07 removed the root files for .com, .org,
and .net (I think) from access at their ftp server. Too many
spammers were using them for the purpose of generating mailing
lists. Access to the files now requires an assigned FTP account
from InterNIC. When I get a domain-style spam, I immediatley do a
whois to get DNS info on the domain, then grep the root files to
obtain a list of domains serviced by the same DNS. If they appear
spammy (as spam domains tend to), I add these to a list of domains
to filter (egrep) in my primary domain-based ruleset. Works for
me, though the list is getting big.
[Kimmo Jaskari <kimmo(_at_)alcom(_dot_)aland(_dot_)fi>] Another good
reason is
that all those bounces, which get ignored by the spammer/recipient
anyway, still take up needless bandwith on the net. The spam is bad
enough for that, bouncing it back with some more stuff added is just
plain silly. You become part of the problem rather than the solution.
If the bounce even gets to the spammer, the spammer drops it on the
floor unseen.
2.4 UBE and "I don't mind" attitude
...whenever you see a spam you don't want, hit the delete key and
move on. Grow up and get a life, folks. The spams just don't
bother me. Why the hell does everyone have to go up in arms
everytime someone sends a spam? Spams are harmless! Spams even
sometime are interesting and/or useful!
[Responses from thread in procmail mailing list 1995-10 to
"FREE 1 yr. Magazine" spam.]
[Soren Dayton <csdayton(_at_)midway(_dot_)uchicago(_dot_)edu>]
The simplest reason against UBE is that it is rude. It costs some
people money to get email on some commercial services. This is
fundamentally different than junk snail mail for this reason and
too much spam can prevent people from getting mail (mailboxes can
fill up). So it is both an intrusion into my life _and_ it can
coneivably end in me either loosing money or loosing mail (which is
far more important). It is a burden on the receiver _far_ beyond
just hitting the delete key.
[Mark Seiden <mis(_at_)seiden(_dot_)com>]
people who are able to monitor the incoming machines of one of the
larger online services (like me) can see a sizeable increase in
system load average and volume directly resulting from spams. this
competition for fixed resources inevitably translates to reduced
service for "first class" mail.
It is impossible to engineer a mail system that can cope with an
unlimited amount of abuse. this is in addition to the difficulties
of doing so on a fixed price economic model, and the difficulties
of keeping up with the successful rapid expansion of the population
to be served.
Even if you, an individual, aren't charged anything per piece of
mail, there are costs borne by your service provider per piece of
mail, and these are *somehow* passed on to you. (They've calculated
an average across their entire user population to come up with a
"monthly cost of Internet mail".)
Spamsters and bulk mailers are not at all concerned about
efficiency. as proof of that, many of them are not even courteous
enough to supply a proper return address, so they can prune their
lists of undeliverable mail. all they care about is getting their
message across without their paying anything whatsoever for that
service.
Watch how this will inevitably translate into increased costs for
you, the consumer, unless we change the mechanisms by which bulk
mail is delivered as well as putting an appropriate economic model
in place.
[Steve Simmons <scs(_at_)lokkur(_dot_)dexter(_dot_)mi(_dot_)us>]
If you tolerate spamming, it will only get worse. Spamming has been
stopped again and again. Almost without exception, the spammers
have been tracked down and, via one means or another, have been
convinced to stop spamming.
Spams are harmless? I've already seen the 'Magazine Sub' message
10 or 12 times. I have a low bandwidth line. If I continue to
tolerate spamming, I will pay a very real penalty in performance as
tens, then thousands of spammers do it. Not to mention the
personal time involved in taking care of the crap.
Don't think that the time involved is signficant? Just wait. My
wife and I are fairly generous with our time and money. As a
result, we were getting an average of five telephone calls *per
night* asking for money for various causes. A year ago, I adopted
a new policy -- I will not under any circustances give money to a
caller, and will only consider it upon written solicitiation. I
ask them to put me on their `do not call list'. If they do
*anything else* to continue the conversation, I hang up on them.
My wife opposed this, and we agreed to disagree -- if they ask for
her, they get her. If they ask for me, they get my speech. After
a year, she is getting 2-3 calls per night and I'm getting one or
two a week.
My point here is that individual action *does* get re-action from
the mailers. For them, I copy their internet providers on my
complaints and call their Better Business Bureau. It works.
If one does this politely and consistantly, 98% of the spammers
will stop. The remaining 2% will discover that they're in a
different world from direct mail or telephone solicitation. Their
mailboxes will be overloaded with complaints (when it takes a
single keystroke to invoke your complain macro, you're very likely
to complain). Then their suppliers mailboxes will be overloaded
with complaints. The free magazine folks, who've been hiding
behind false ids and forging mail, will find that they're on the
wrong side of the law. I'm considering contacting their local
legal officials and urging them to investigate, because it sure
looks like fraud to me (read `Consumer Reports' for a similar case
by surface mail). Should a few more like this come in, I *will*
contact their legal authorities. We have their fax number; it's
all we need to find them.
[Carl Payne <cpayne(_at_)optical(_dot_)fiber(_dot_)net>]
Um, I don't know about you or anyone else here, but this cutesy,
"it's-okay-by-me" spam has been circulated under half a dozen
different user names and "domains" on as many mailing lists. It's
obvious to me the sender is trying to make people pissed off--how
can he possibly think someone will buy that crap, and why does he
think it's okay to send 19 and 20K files over a billion groups?
AFAIC, it has to stop. Now. I'm tired of the spam, I'm tired of
the "Who cares" attitude about spam, I'm tired of ISPs letting
people spam, I'm tired of the jetwash of spam, and I'm tired of the
bleedinghearts that say, "Golly, just ignore it, and it'll go
away."
I've got news for you all: when this method of spamming becomes the
preferred method of "marketing" on the internet, and people like us
are the bad guys because we're not allowing such litter to fly
across the fiber, you will care. You will say something, most
probably, "Why didn't we do something about this sooner?"
The guy in the next cube from you, who's paying a per-message
charge through his ISP, is probably going, "Dammit, over three
dollars this month on mail I've itemized as being spam." While
that doesn't seem like a lot, I revert to my earlier statement: if
this becomes the preferred method, his bill (and yours) will go up,
and everyone will wonder why it's too out of control to do anything
about.
Spam has the letters *m-a-s* in it, which en Espanol, means "more."
I say no. Not only no, but hell no. And, I refuse to be told that
my thinking is out of line just because I don't want my mailbox
flooded. Do something now. Do anything now. But, don't be quiet
and listen to anything that sounds like an endorsement of litter
2.5 Is one or two UBE messages acceptable
Ray Everett-Church <ray(_at_)everett(_dot_)org>, Attorney/Online
Consultant
Co-Founder & Congressional Liaison <http://www.everett.org>
Coalition Against Unsolicited Commercial Email; article 1997-12
in remailer politics mailing list
In developing what eventually became the Smith Bill, CAUCE
discussed this rather extensively among our drafting committee. The
bill gives a cause of action againts the advertiser, not any of the
pathways taken between you and them. This is consistent with the
interpretation of the fax law (and many other laws for that matter)
wherein the advertiser -- not the advertiser's agent -- is
responsible for the act committed.
As for the single UCE versus bulk issue, the general concensus has
been that while a single piece of spam does not do much damage, it
is fundamentally no less a cost shift than 10 identical messages,
or 100, or 1000, or a million. The only difference is that the
costs being shifted are greater and greater. We discussed many cut
off points... would 50 spams be acceptable? 25? 10? One really well
crafted, hand written, heartfelt and personalized spam be
permissable? And in the end we felt like we were discussion angels
on the heads of pins.
While virtually nobody's system will crash because of one piece of
spam (although George Nemeyer had trouble with three or four pieces
as I recall), what is the ultimate difference if you only get one
piece from each of 15 different advertisers a day? If one spam is
ok, but two are bad, what is the interval... a day, a week?
Enforcement depends on knowing when the threshold is crossed.
So here's a scenario: you receive three spams from what is,
unbeknownst to you, the same person (one advertising weightloss
pills from WeightLoss Associates at PO Box 1, one for an MLM from
MLM Company at PO Box 2, and Bee Pollen from Pollen Partnership at
PO Box 3). Each were individually crafted and appeared to be mailed
only to you.
Under the scenario above, if the law permits one spam, will you
sue?
Would you risk suing one or all of them, gambling that they sent
the spam to anyone other than you (or whatever the threshold is...
10, 25, 50)? Would you risk suing one or all of them on the chance
that they were somehow related? What if there was a chance that
you'd find out that the three companies were really different? What
if you did sue and found that they were owned by the same person,
but were legally organized seperate entities and were therefore
each entitled to one spam a piece?
In short... if one spam is permitted, it could make enforcement
incredibly cumbersome, difficult and unlikely, and would present
spammers with many reasons to violate the law knowing the odds of a
suit and successful enforcement are greatly reduced. While bulk
spam is really bad on many levels, whether it's parsed out in very
small volumes makes little or no difference to the ultimate
recipients as far as the diminished utility, cost, and annoyance.
We need a clear, bright line. And the Smith Bill is that.
3.0 Anti-UBE pointers
3.1 NoCEM, CAUCE and others
"NoCEM"
http://www.cm.org/
"Dougal's NoCeM-E"
http://advicom.net/~dougal/antispam/
... Dougal is sysadm for an ISP. His page has wealth of information
about Anti-SPAM Tools. You also find his mailing list for NoCeM-E.
"The Coalition Against Unsolicited Commercial Email (CAUCE)"
http://www.cauce.org/faq.html
...The Problem: Unsolicited commercial email, more commonly known as
"spam", is a growing problem on the Internet. If you've used the
Internet for any length of time, you've probably received
solicitations via email to purchase products or services.
A Solution: A group of Internet users who are fed up with spam have
formed a coalition whose purpose is to amend 47 USC 227, the
section of U.S. law that bans "junk faxing", so that it will cover
electronic mail as well.
"Teergrubing against Spam"
http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
...`Teergrubing' It's German and means Tar-Pit. Once you have been
stuck you can't get out. ...slow down internet connections in order
to stop UBE abuse. Several hundred teergrubes are able to block
spamming worldwide without blocking any e-mail. How do I start: If
you are the admin of a MX host, install a teergrube.
"Lot of good articles about spam"
http://www.sun.com/sunworldonline/swol-12-1997/swol-12-spam.html
"(anti-spam Law) US Representative Chris Smith's statement on junk
e-mail"
http://www.sun.com/sunworldonline/swol-08-1997/swol-08-junkemail.html
...considerable variation in the approaches at the federal level,
and state legislation varies widely as well. Professor David Sorkin
of John Marshall Law School, who summarized and provided links to
the major spam-related lawsuits noted above, also provides status
summaries and links to state and federal legislation
...State of Washington just passed an anti-spambill
http://www.leg.wa.gov/cgi-bin/print_hit_bold.pl/pub/billinfo/house/2750-2774/2752-s_pl_030798?unsolicited
"Select email court cases -- Lots of them"
http://www.jmls.edu/cyber/cases/spam.html
America Online, Inc. v. Cyber Promotions, Inc.,
Compuserve Inc. v. Cyber Promotions, Inc., etc.
3.2 General Filtering pages (more than procmail)
"Nancy McGough's Mail Filtering FAQ"
http://ssil.uoregon.edu/~trenton/autopage/page7547.html
http://www.ii.com/internet/faqs/launchers/mail/filtering-faq/
"Information Filtering Resources"
http://www.ee.umd.edu/medlab/filter/ Doug Oard
<oard(_at_)glue(_dot_)umd(_dot_)edu>
...This page lists all known internet-accessible information
filtering resources.
3.3 Junk email and spam
"Spam FAQ"
ftp://rtfm.mit.edu/pub/usenet/alt.spam/
http://www.cs.ruu.nl/wais/html/na-dir/net-abuse-faq/spam-faq.html
"The email abuse FAQ"
http://members.aol.com/emailfaq/emailfaq.html
What is UBE, UCE, EMP, MMF, MLM, Spam, it is all explained here.
"Against Spam -- The garbage collecting."
http://www.spam-archive.org/
To support this archive please forward email spam to
<spam-list(_at_)toby(_dot_)han(_dot_)de>. Everybody is invited to
bounce Mail-Spam
he/she has got to this list. This is a mailinglist to distribute
actual spam-eMail. All incoming mail will be checked by subject and
from/sender-address wether it has already been distributed or not.
No discussions in this list. To discuss about this list please
subscribe to <spam-list-d(_at_)hiss(_dot_)org>.
To subscribe to _blacklist-update_ mailing list
TO: <Majordomo(_at_)hiss(_dot_)han(_dot_)de>
BODY: subscribe blacklist-update you(_at_)somewhere(_dot_)com
Mail <postmaster(_at_)spam-archive(_dot_)org> to discuss about
blacklist if
your name is on it. (maintained by Axel Zinser
<fifi(_at_)sis(_dot_)han(_dot_)de>)
Get the updated blacklist from
ftp://ftp.spam-archive.org/spam/blacklist/
"Doug Muth Page"
http://bounce.to/dmuth
... "The SPAM-L FAQ" - A FAQ for SPAM-L, an anti-spam mailing list.
This FAQ discusses how to join the list and what to post there, AND
it also delves into the technical aspects of spam. For instance,
the various kinds of forgeries seen in spams are discussed here,
along with information on how to recognise them. If you hate spam,
this is something worth checking out... "TheGoodsites List" - I
maintain this list, which is part of the Spam Boycott, to show
which Internet providers out there act responsibly when dealing
with spam. If you're looking for an ISP and want to know where they
stand on spam, this is the list for you.
Send an email message to
<LISTSERV(_at_)peach(_dot_)ease(_dot_)lsoft(_dot_)com>
with the words "subscribe SPAM-L <First name> <Last name>" in the
body of the message (no quotes). f you would like to contact the
owner, the convention is the same as with all LISTSERV lists. Just
send e-mail to
<spam-l-request(_at_)peach(_dot_)ease(_dot_)lsoft(_dot_)com>
"Dealing with Junk Email"
...What you should do (and not do) when you have been victimized by
a junk emailer. This document teaches you how to read headers in
order to trace the origin of junk email, and includes detailed
examples to show you how it is done. Headers are designed for
computers to read, not people, so they can be a little hard to
follow. Therefore, I hereby grant permission to print or
electronically save a copy of this page on your local machine for
your personal use while tracing junk email. Please check back for
updates and corrections, though.
o What Not To Do: Stuff that doesn't work
o What to do: effective techniques, including how to trace junk
email back to its source
o Stay Calm (take a deep breath...)
o Stay Mad (don't get discouraged)
o How to identify the sender and who gives them Internet access
o Who to complain to, abuse addresses, online services
o What to say and how to say it, effective complaining
http://www.mcs.com/~jcr/junkemaildeal.html
"How to fight back."
http://www.oeonline.com/~edog/spamstop.html
. Look at the header of the advertising message. Find the
"Message-ID" line. (You might have to tell your e-mail program to
display this.)
. The words after the @ sign are the sender's real--not
faked--Internet Service Provider, or ISP. (Spammers often try to
disguise their address, but the Message-ID is a good clue.)
. Write a complaint to the postmaster of that ISP, similar to the
one below. (If the ISP is junkmail.com, then let
postmaster(_at_)junkmail(_dot_)com hear from you.)
"Practical Tools to Boycott Spam"
...We have been actively engaged in fighting spam for years. Recent
events, including pending court battles, prompt us to present this
page to the public. Fight spam to keep the Internet useful for
everyone. We have been actively engaged in fighting spam for
years. Recent events, including pending court battles, prompt us
to present this page to the public
o Filtering mail to your personal account
o Blocking spam email for an entire site
o Blocking Usenet spam for an entire site
o Blocking IP connectivity from spam sites
o Other tools and techniques for limiting spam
o Sample Acceptable Use Policy statements for ISPs
http://spam.abuse.net/spam/
"Spam -- stop that!"
http://www.accessnt.com.au/faqs/spam.htm
http://com.primenet.com/spamking/buyerbeware.html
"The Campaign to stop junk email web site"
http://www.mcs.com/~jcr/junkmail.html
...we will attempt to teach victims and potential victims (that's
everyone with an email address) the most effective methods of
prevention and retribution.
"news.admin.net-abuse.* Homepage"
http://www.math.uiuc.edu/~tskirvin/home/nana/
"The automated spamhandler beta information heap."
http://www.halcyon.com/natew/
"Ian Leicht"
http://www.nags.org/spamfilter.html
http://www.junkbusters.com/
http://www.well.com/~jbremson/spam
"Anti-Spam Provisions in Sendmail 8.8"
URL: http://www.sendmail.org/antispam.html
o Preventing relaying through your SMTP port
o Refuse mail from selected hosts
o Restrict mail acceptance from certain users to avoid mailbombing
"Blocking Email"
http://www.nepean.uws.edu.au/users/david/pe/blockmail.html
o Do you or your users, receive "junk email" (aka., "spam")
o Do you have Sendmail R8.8.5 running at your site?
o Would you like to block known "junk email" senders' addresses?
Now you can - and there's no need to patch any source code, either.
Take advantage of Sendmail's check_mail rule, to see if the
sender's address is a member of a nominated "class" - drawn from
the contents of the named file. Additional information and links:
o Prospective Addresses/Domains to Block
o Limiting Unsolicited Commercial Email
o EFF "Net Abuse and Spamming" Archive
o [U.S.] Court Lets AOL Block Email
o Anti-Spam HOWTO
o Net Abuse FAQ
o Figuring out Fake Email & Posts
o Fight Unwanted Email
o Unsolicited Junk Email - Bad for Business
o Fight Unsolicited Email and Mailing
o Yahoo's Junk Email Resources
o jmfilter
o Complaints Addresses at U.S. ISPs
o news.admin.net-abuse.* Homepage
o Processing Mail With ProcMail
o Panix's rc.shared ProcMail Configuration
o ProcMail Workshop
o Email Self Defence
o The SPAM-L mailing list
"How to chase Usenet spammer."
http://super.zippo.com/~sputum/sputools.htm
Comprehensive list of spammers
[Lars Kellogg-Stedman <lars(_at_)bu(_dot_)edu> 1998-03-25 PM-L] Panix
maintains an excellent spam-catching recipe at:
http://www.panix.com/rc.shared
I take this and run it through perl to produce my own local
spam-handling recipes. Aol publishes their 'preferred mail' list,
which is easy to turn into a procmail filter. You can find that at:
http://www.idot.aol.com/preferredmail
And finally, there is another set of filters based on the panix
filter at:
http://alcor.concordia.ca/topics/email/auto/procmail/spam/tag.html
[...zap...]
3.9 Software: RBL lookup tool
4 Dec 1997 4 Dec 1997, Edward S. Marshall
<emarshal(_at_)logic(_dot_)net> in
prcomail mailing list.
rblcheck is a lightweight C program for doing checks against Paul
Vixie's Blackhole List. It works well in conjunction with
Procmail for filtering unwanted bulk email (under QMail, for
example, you can invoke it with the value of the environment
variable TCPREMOTEIP). rblcheck is extremely simple:
% rblcheck 1.2.3.4
where 1.2.3.4 is the IP address you want to check.
This is a quick note to announce the availability of a new tool for
using Paul Vixie's RBL blacklist (see http://maps.vix.com/rbl/ for
more information about the blacklist itself, if you don't already
know). Most tools which use the blacklist block email on a
site-wide basis. For many networks, this treads on both the ideals
of the administration, and on the perceived freedoms of the end
user.
Personally, I don't care either way. :-)
This tool was to fill the need I had to reject mail personally,
since one of the systems I receive mail through cannot, for various
political reasons, implement the available RBL filters on a
site-wide basis.
"rblcheck" is a simple tool meant to be used from procmail and
other personal filtering systems under UNIX in the absense of a
site-wide filter, as an alternative to imposing site-wide
restrictions, or as a means of imposing restrictions on systems
that cannot support the existing RBL filter patches.
Simply put: you hand it an IP address, and it determines if the IP
is in the RBL filter, providing the caller with a positive or
negative response. With the package, a sample procmail recipe is
provided, and examples of using it under QMail and Sendmail are
given.
.http://maps.vix.com/rbl/
.http://www.isc.org/bind.html The official home page
.http://www.xnet.com/~emarshal/rblcheck/
It is only tested under Linux 2.x and Solaris 2.5.1. Success
stories, patches, questions, suggestions, and flames can be
directed to me at "emarshal(_at_)logic(_dot_)net".
[Aaron Schrab <aaron+procmail(_at_)schrab(_dot_)com>] Here is my rbl
setup, but, this depends both upon the format of the Received:
lines, and the way that mail passes through your mail system.
I currently grab the IP address from the first Received: header
inserted by my ISP (I'm a sysadmin at the ISP, so I have a good
knowledge of how mail gets passed around internally). Here's the
recipe that I use.
# if there's a Received: header from one of these servers, it's
# (probably) the right one
BACKUPSERVER = "([yz]\.mx\.execpc\.com)"
VIRTSERVER = "(vm[0-9]+\.mx\.execpc\.com)"
LOCALSERVER = "([abc]\.mx\.execpc\.com)"
# Match a header containing:
# Received: <anything> [<ip address>]) by <local server>
:0
* $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$s+by$s+${BACKUPSERVER}
* $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$s+by$s+${VIRTSERVER}
* $ 9876543210^0 ^Received:.*\[\/[0-9.]+\]\)$s+by$s+${LOCALSERVER}
{
IP = $MATCH
# trim it down to just the IP address
#
:0
* IP ?? ^^\/[0-9.]+
{
IP = $MATCH
:0 W
* ! ? /home/aarons/bin/rblcheck -q $IP
{ SPAM = "$SPAM $IP is rbl'd$NL" }
}
}
It seems to be a procmail issue with letting the IP info
from sendmail pass through to the rblcheck program. I have not
been able to find anyone using rblcheck successfully with
procmail as a delivery agent...
[Edward S. Marshall <emarshal(_at_)logic(_dot_)net> 1998-03-26 PM-L]
This is a
standard problem; you should be able to change the invocation of
procmail the same way as the example (run env, which in turn runs
procmail). Make sure that there is a '-p' argument passed to
procmail; this preserves the environment you're constructing with
env (newer sendmail revisions sanitize the environment for you, so
that's not really an issue).
If you're still having troubles, make sure you're using the latest
incarnation of rblcheck, with the latest supplied procmail recipe;
earlier revisions had rather insidious bugs.
[Xavier Beaudouin (kiwi) <kiwi(_at_)oav(_dot_)net> 1998-03-26 PM-L]
Also it
seems that sendmail 8.9.0Beta3 have builtins rules for
rbl.maps.vix.com. This is somewhat really efficient. I use it with
sendmail 8.8.8 and tcpwrapper every days and there is about 80%
spam rejected. Sounds very good. In your /etc/hosts.allow just add
the following lines :
sendmail: ALL: spawn /usr/local/bin/rblcheck -q %a && \
exec /usr/sbin/sendmail -bs || /bin/echo \\
"469 Connection refused. You are in my Black List
!!!\r\b\r\n"
&& \
(safe_finger -l @%h 2>&1 | /bin/mail -s "%d-%h %u" root)
In your /etc/inetd.conf just add this line :
smtp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sendmail -bs
And check that your sendmail is _not_ working as a daemon. That's
all Also if you have huge queue you can add a /usr/sbin/sendmail -q
in the root crontab... This should help to send some waiting
messages. It think we can use this to wait for official 8.9.0
sendmail since there is some cf/feature/rbl.m4 there.