procmail
[Top] [All Lists]

Re: Simplest Whitelist?

2003-11-28 11:55:20
On Fri, Nov 28, 2003 at 11:27:37PM +0700, Tim Rice wrote:
In your message dated Fri, 28 Nov 2003 16:49:11 +0100, Dallman said that ...

My point was that if "dman(_at_)aol(_dot_)com", for example, is in your
whitelist but a spammer pretends to be "goldman(_at_)aol(_dot_)com", it
will get through.

Ok, I understand now. I dont think it's possible to avoid this when
greping a text file is it?

Perhaps the way to avoid this is to list the addresses in the recipe
using word separators, if they work like this, that is.

* ^From:.*\<(tim(_at_)thaistuff\(_dot_)com \
      joe(_at_)whatever\(_dot_)com \
      sam(_at_)new\(_dot_)com \
      me(_at_)etc\(_dot_)com)

Imo, the best way to avoid it is to whitelist entire strings
that you can check, if you are using grep, with the x flag or,
at worst, the w flag.

I have whitelists.  I use a completely other algorithm,
however.  I don't use grep at all:

  * ? test -x "$GREEN/$RP"

That's my whitelist.  (Okay, greenlist.)  That is, filenames
under $GREEN/ are a hash.

$RP is the Return-Path:, captured earlier via MATCH.

It works excellently, is low-impact, and has many other advantages.
For example, last-access-time tells me when the person last wrote me!
Create-time tells me when the party first wrote me.  If I wanted to,
I could write dots to the (currently empty) file to tell me how
many times the party wrote me.

I keep my own address(es) out of there, because spammers tend to try to
co-opt one's own (i.e., their victim's) address when they send their
crap.

I've been using this system for a year.  I love it!  Much better than
grep in my experience, and easier to manage.  I have a Bourne script
that checks new candidates and adds an x-flag to them when I approve
them.  The names expire automatically, via a cron job, after so many
days (I think I have it set to 90).  I also have a second file-perms
flag I can set with my approval script to make the greenlisted address
permanent, rather than expiring automatically.  I use that sometimes for
people that write me rarely.

If and when spammers screw with me and try to counterfeit my friends'
names -- which they have yet to do, and I get some serious amounts of
spam and have been targetted by spammers with vendettas -- I have a
secret Plan B augmentation system ready.

-- 
dman

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>