Hello,
Curently I am using the attached INCLUDERC to get the SPAM's from
listed IP's. But the Hists are very rare (2-5%). For example it
does not find the dynamic IP's from "t-dialin.net" which is the
german ISP "T-Online".
Curently I have gotten more the 600.000 Rassist-SPAM's from germany.
All coming from dynamic IP's and not found by the attached INCLUDERC.
Now I have the idea to check the dynamic ip against port 25 and not
for DUL, which mean, if the SPAM is send from a virus Infected system,
I will get no answer, if I check teh port 25 of the sending IP.
The question is: Which tool must I use ?
Greetings
Michelle
____ ( '/home/michelle/.procmail/FLT_spamhaus' ) _____________________
/
| SUB1=`formail -zxSubject:`
| DATE1=`date +"%d/%m/%Y %T"`
|
| #####################################################################
| # Open Relay check
| #####################################################################
| #### first IP ####
| :0H
| * Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
| {
| RECEIVIP=${MATCH}
|
| :0
| * ! RECEIVIP ?? 127.0.0.1
| {
| :0
| * RECEIVIP ?? ()\/[0-9]+
| {
| QUAD1=${MATCH}
| :0
| * RECEIVIP ?? [0-9]+\.\/[0-9]+
| {
| QUAD2=${MATCH}
| :0
| * RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+
| {
| QUAD3=${MATCH}
| :0
| * RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
| {
| RECEIVIPREV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
| }
| }
| }
| :0
| { REVCHECKIP=`host ${RECEIVIPREV}.relays.ordb.org 2>&1 | grep -v
'not found.'` }
|
| :0
| * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0 fhw
| | formail -i "Subject: *****relays.ordb.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****relays.ordb.org*****)
| ATTENTION/relays.ordb.org/
| }
|
| :0
| { REVCHECKIP=`host ${RECEIVIPREV}.opm.blitzed.org 2>&1 | grep -v
'not found.'` }
|
| :0
| * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****opm.blitzed.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****opm.blitzed.org*****)
| ATTENTION/opm.blitzed.org/
| }
|
| :0
| { REVCHECKIP=`host ${RECEIVIPREV}.list.dsbl.org 2>&1 | grep -v
'not found.'` }
|
| :0
| * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****list.dsbl.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****list.dsbl.org*****)
| ATTENTION/list.dsbl.org/
| }
|
| :0
| { REVCHECKIP=`host ${RECEIVIPREV}.sbl-xbl.spamhaus.org 2>&1 |
grep -v 'not found.'` }
|
| :0
| * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****sbl-xbl.spamhaus.org*****)
| ATTENTION/sbl-xbl.spamhaus.org/
| }
|
| :0
| { REVCHECKIP=`host ${RECEIVIPREV}.cbl.abuseat.org 2>&1 | grep -v
'not found.'` }
|
| :0
| * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****cbl.abuseat.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****cbl.abuseat.org*****)
| ATTENTION/cbl.abuseat.org/
| }
|
| :0
| { REVCHECKIP=`host ${RECEIVIPREV}.dul.dnsbl.sorbs.org 2>&1 |
grep -v 'not found.'` }
|
| :0
| * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****dul.dnsbl.sorbs.org*****)
| ATTENTION/dul.dnsbl.sorbs.org/
| }
|
| :0
| { REVCHECKIP=`host ${RECEIVIPREV}.blackholes.mail-abuse.org 2>&1
| grep -v 'not found.'` }
|
| :0
| * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****blackholes.mail-abuse.org*****
$SUB1"
|
| :0
| * ^Subject:.*(*****blackholes.mail-abuse.org*****)
| ATTENTION/blackholes.mail-abuse.org/
| }
|
| :0
| { REVCHECKIP=`host ${RECEIVIPREV}.dialups.mail-abuse.org 2>&1 |
grep -v 'not found.'` }
|
| :0
| * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****dialups.mail-abuse.org*****
$SUB1"
|
| :0
| * ^Subject:.*(*****dialups.mail-abuse.org*****)
| ATTENTION/dialups.mail-abuse.org/
| }
| }
| }
| }
|
| #### second IP ####
| :0H
| * Received: from.*\[.*\](.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
| {
| RECEIVIP2=${MATCH}
|
| :0
| * ! RECEIVIP2 ?? 127.0.0.1
| {
| :0
| * RECEIVIP2 ?? ()\/[0-9]+
| {
| QUAD1=${MATCH}
| :0
| * RECEIVIP2 ?? [0-9]+\.\/[0-9]+
| {
| QUAD2=${MATCH}
| :0
| * RECEIVIP2 ?? [0-9]+\.[0-9]+\.\/[0-9]+
| {
| QUAD3=${MATCH}
| :0
| * RECEIVIP2 ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
| {
| RECEIVIP2REV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
| }
| }
| }
|
| :0
| { REV2CHECKIP=`host ${RECEIVIP2REV}.relays.ordb.org 2>&1 | grep
-v 'not found.'` }
|
| :0
| * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0 fhw
| | formail -i "Subject: *****relays.ordb.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****relays.ordb.org*****)
| ATTENTION/relays.ordb.org/
| }
|
| :0
| { REV2CHECKIP=`host ${RECEIVIP2REV}.opm.blitzed.org 2>&1 | grep
-v 'not found.'` }
|
| :0
| * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****opm.blitzed.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****opm.blitzed.org*****)
| ATTENTION/opm.blitzed.org/
| }
|
| :0
| { REV2CHECKIP=`host ${RECEIVIP2REV}.list.dsbl.org 2>&1 | grep -v
'not found.'` }
|
| :0
| * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****list.dsbl.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****list.dsbl.org*****)
| ATTENTION/list.dsbl.org/
| }
|
| :0
| { REV2CHECKIP=`host ${RECEIVIP2REV}.sbl-xbl.spamhaus.org 2>&1 |
grep -v 'not found.'` }
|
| :0
| * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****sbl-xbl.spamhaus.org*****)
| ATTENTION/sbl-xbl.spamhaus.org/
| }
|
| :0
| { REV2CHECKIP=`host ${RECEIVIP2REV}.cbl.abuseat.org 2>&1 | grep
-v 'not found.'` }
|
| :0
| * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****cbl.abuseat.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****cbl.abuseat.org*****)
| ATTENTION/cbl.abuseat.org/
| }
|
| :0
| { REV2CHECKIP=`host ${RECEIVIP2REV}.dul.dnsbl.sorbs.org 2>&1 |
grep -v 'not found.'` }
|
| :0
| * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1"
|
| :0
| * ^Subject:.*(*****dul.dnsbl.sorbs.org*****)
| ATTENTION/dul.dnsbl.sorbs.org/
| }
|
| :0
| { REV2CHECKIP=`host ${RECEIVIP2REV}.blackholes.mail-abuse.org
2>&1 | grep -v 'not found.'` }
|
| :0
| * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****blackholes.mail-abuse.org*****
$SUB1"
|
| :0
| * ^Subject:.*(*****blackholes.mail-abuse.org*****)
| ATTENTION/blackholes.mail-abuse.org/
| }
|
| :0
| { REV2CHECKIP=`host ${RECEIVIP2REV}.dialups.mail-abuse.org 2>&1
| grep -v 'not found.'` }
|
| :0
| * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
| {
| :0fhw
| | formail -i "Subject: *****dialups.mail-abuse.org*****
$SUB1"
|
| :0
| * ^Subject:.*(*****dialups.mail-abuse.org*****)
| ATTENTION/dialups.mail-abuse.org/
| }
| }
| }
| }
\______________________________________________________________________
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSM LinuxMichi
0033/3/88452356 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail