At 20:36 2004-04-16 +0200, Paul R wrote:
Probably a simple question: I want a distribution list on my domain. But, to
prevent spammers to use it, I want some security (example the ip-number I
sent the mail from). So what I like to do in pseudocode:
Reconsider. Any of your users could become infected with a virus, and by
merit of their computer sending the messages, you'll accept their
spew. Further, if any users are on a dynamic IP, they won't be able to
send to you whenever their IP has changed (unless, say, each user is
registering their IP with a dynamic DNS service and you're using their DDNS
to look up their IP).
Limiting submissions by submitting IP address may be marginally better than
requiring submissions come from subscribed addresses (which are easily
forged, though more typically by viruses), but it seems to me that simply
requiring a keyword line at the top of messages would be easier to implement.
:0
* ^TO_yoursubmission_addr
{
:0
* B ?? ^^Passphrase:[ ]*our_passphrase
{
# delete the passphrase line
:0bfw
| sed -e 1d
# for this list
:0
! addr1 addr2 addr3
}
# bogus message - passphrase not matched.
:0:
ubusers.mbx
}
You could change the passphrase any time (you could even add it as a footer
text on the outbound messages). A spam or viral message isn't likely to
formulate with that passphrase line at the top of the body, even though a
viral message might originate from a subscribers' IP.
If you really wanted to limit based on sender's IP, you'd change the first
inner braced recipe:
:0
* ^Received:.*\[(111\.111\.111\.111\|222\.222\.222\.222|other_ips)]
! addr1 addr2 addr3
if sender's ip = 111.111.111.111
then forward this mail to user1, user2, user3 etc.
You can set up MTA aliases which can only be accessed from local senders
(this is a common way to secure the outbound lists for regular discussion
lists, such as Majordomo - basically, you have an inherent OK for
localhost, and reject messages TO that MTA alias. Since the localhost
won't he held to the same rejection rule, it can access the alias fine.
FTR, ANYONE operating a mailing list which uses MTA aliases should be doing
this, because viruses and spammers who cull messages for address-looking
things WILL find those aliasea and end up sending their junk there.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail