procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: system-wide reject?

1999-05-13 13:24:19
from [Philip Guenther] [Permanent Link] 
Dave Robbins <dave(_at_)magic(_dot_)geol(_dot_)ucsb(_dot_)edu> writes:

I've just been notified that my users are being spammed by someone
sending mail to 
Undisclosed(_dot_)Recipients(_at_)magic(_dot_)geol(_dot_)ucsb(_dot_)edu (my 
server).
Rather than get all of our users to add the sender to their killfile,
is there a way to delete the spam and return EXITCODE 77 to the spammer
with either sendmail (8.9.3) or procmail (3.11pre4)?  Procmail is my 
local mailer but I've never heard of a system-wide .procmailrc -- 
probably wouldn't be kosher.


To quote the procmail(1) manpage's second paragraph:

     If no rcfiles and no -p have been specified on  the  command
     line,  procmail  will,  prior  to reading $HOME/.procmailrc,
     interpret commands from /etc/procmailrc (if present).   Care
     must  be  taken  when  creating /etc/procmailrc, because, if
     circumstances  permit,  it  will  be  executed   with   root
     privileges   (contrary  to  the  $HOME/.procmailrc  file  of
     course).


So a system-wide .procmailrc (namely, /etc/procmailrc) _is_ kosher.  In
fact, it's a great tool for eliminating non-kosher e-mail products such
as spam.  (Feel free to boo.)


Anyway, to have the spammer get the error when they try this you'll
have to do it in sendmail, as by the time procmail sees it, sendmail
has accepted it and the bounces will just end up in the "postmaster"
mailbox on your machine.

Here's the .cf stuff I hook into the check_mail ruleset on the machines
I manage.  It doesn't accept message whose envelope sender is a
non-existant local account (this is usually a misconfigured mail client
around here, but it also catches spam and would catch your problem
mailer):


Kusers_ok user -m -a<>
SLocal_check_mail
# check for deferred delivery mode
R$*                     $: < ${deliveryMode} > $1
R< d > $*               $#OK
R$*                     $: <?> $>ParseRecipient $1      strip relayable hosts
R<?> $+ < @ $=w >       $: <LOCAL> $1
R<?> <@>                $@ mailer-daemon
R<?> $+ < @ $* >        $@ not-local
R<$-> $*                $: <?> $2
R<?> $+ + $*            $: <?> $2                       strip +detail
R<?> $+                 $: < $(users_ok $1 $: ? $) > $1
R<?> $+                 $: < $(aliases $1 $: ? $) > $1
R<?> $*                 $#error $@ NOUSER $: "Invalid envelope sender"


The ruleset is name "Local_check_mail" as that's the hook defined by
the M4 config file generations tools that come with the open source
version of sendmail.  I don't know whether the Solaris default
sendmail.cf has a hook on the check_mail script for local additions, or
what they name it, so you may need to tweak the above to match that of
to allow other particular addresses through, but it should give you
ideas.


Philip Guenther
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How can I ..., Philip Guenther
Next by Date:  Re: How to send From: Subject: and body < 512 bytes to another program?, Rajeev Yadav
Previous by Thread:  Re: system-wide reject?, Liviu Daia
Next by Thread:  Re: system-wide reject?, Harry Palmer
Indexes:  [Date] [Thread] [Top] [All Lists]