procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: filtering by IP address

2002-02-20 13:48:14
from [Professional Software Engineering] [Permanent Link] 
At 17:51 2002-02-18 +0000, Pollywog did say:
I am using Junkfilter and it works great except for filtering e-mail by IP address; for some reason, that feature does not work for me. Is there another set of Procmail recipes that allows me to have a list of spammer IP blocks so that mail from those networks is either tagged or sent to /dev/null ?
You might want to check Walter Dnes' RBL checking code. He has a number of IP extraction expressions there: 

        <http://www.waltdnes.org/email/index.html>
Otherwise, the direct method might be to toss the IP address expressions into your text file: 

210\.77\.157\.9
202\.101\.165\.[0-9]+
202\.109\.95\.[0-9]+
218\.6\.[0-9]+\.[0-9]+
Note that these are all regexps, and they're the full dotted quads - this will reduce the likelyhood of a mismatch, though you still might see something on a reverse dotted-quad in a hostname or somesuch, it is highly unlikely. If you need to define a netblock that doesn't fall on an octet boundary, you'll have to define multiple regexps, or longhand some: 

218\.6\.(23|24|25|26)\.[0-9]+

(the above netblocks are all ChinaSPEWers)
With a little bit of work (which I don't have the time for right now), one could write a simple perl script which would take a file containing standard netblock notation and expand it to the necessary regexp formats. You could maintain a plain netblock notation file, and whenever you updated it, you'd just run the script to emit the regexp file (i.e. not on every invocation of the filters). There must certainly be a script to do this already someplace - it isn't very difficult. 

Then, in your procmailrc file:

# add whatever other headers you want to check for addresses in to the
# formail invocation.
:0h
IPMATCH=|formail -xReceived: | egrep -f ips.txt

# check the result - if anything other than blank, we found something.
:0
* ! $IPMATCH ?? ^^^^
{
        # if you want to see the match(es) emitted to the logfile, include
        # these lines (hard return is intenional)
        LOG="IP MATCH LINE(S): $IPMATCH
        "

        :0:
        do_whatever_with_match
}


---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why this filter didn't work....., Professional Software Engineering
Next by Date:  Re: Rule for matching mails from my organization, Professional Software Engineering
Previous by Thread:  filtering by IP address, Pollywog
Next by Thread:  Re: filtering by IP address, Nelson Henry Eric
Indexes:  [Date] [Thread] [Top] [All Lists]