procmail
[Top] [All Lists]

spam from dynamic IP's

2004-06-27 11:57:23
Hello, 

Curently I am using the attached INCLUDERC to get the SPAM's from 
listed IP's. But the Hists are very rare (2-5%). For example it 
does not find the dynamic IP's from "t-dialin.net" which is the 
german ISP "T-Online". 

Curently I have gotten more the 600.000 Rassist-SPAM's from germany. 
All coming from dynamic IP's and not found by the attached INCLUDERC. 

Now I have the idea to check the dynamic ip against port 25 and not 
for DUL, which mean, if the SPAM is send from a virus Infected system, 
I will get no answer, if I check teh port 25 of the sending IP. 

The question is:        Which tool must I use ?

Greetings
Michelle

  ____ ( '/home/michelle/.procmail/FLT_spamhaus' ) _____________________
 /
|  SUB1=`formail -zxSubject:`
|  DATE1=`date +"%d/%m/%Y %T"`
|  
|  #####################################################################
|  # Open Relay check 
|  #####################################################################
|  #### first IP ####
|  :0H
|  * Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
|  { 
|      RECEIVIP=${MATCH} 
|      
|      :0
|      * ! RECEIVIP ?? 127.0.0.1
|      {
|          :0
|          * RECEIVIP ?? ()\/[0-9]+
|          {
|              QUAD1=${MATCH}
|              :0
|              * RECEIVIP ?? [0-9]+\.\/[0-9]+
|              {
|                  QUAD2=${MATCH}
|                  :0
|                  * RECEIVIP ?? [0-9]+\.[0-9]+\.\/[0-9]+
|                  {
|                   QUAD3=${MATCH}
|                      :0
|                      * RECEIVIP ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
|                      {
|                          RECEIVIPREV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
|                      }
|                  }
|              }
|              :0
|              { REVCHECKIP=`host ${RECEIVIPREV}.relays.ordb.org 2>&1 | grep -v 
'not found.'` }
|              
|              :0
|              * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0 fhw
|                  | formail -i "Subject: *****relays.ordb.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****relays.ordb.org*****)
|                  ATTENTION/relays.ordb.org/
|              }
|              
|              :0
|              { REVCHECKIP=`host ${RECEIVIPREV}.opm.blitzed.org 2>&1 | grep -v 
'not found.'` }
|              
|              :0
|              * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****opm.blitzed.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****opm.blitzed.org*****)
|                  ATTENTION/opm.blitzed.org/
|              }
|              
|              :0
|              { REVCHECKIP=`host ${RECEIVIPREV}.list.dsbl.org 2>&1 | grep -v 
'not found.'` }
|              
|              :0
|              * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****list.dsbl.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****list.dsbl.org*****)
|                  ATTENTION/list.dsbl.org/
|              }
|              
|              :0
|              { REVCHECKIP=`host ${RECEIVIPREV}.sbl-xbl.spamhaus.org 2>&1 | 
grep -v 'not found.'` }
|              
|              :0
|              * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****sbl-xbl.spamhaus.org*****)
|                  ATTENTION/sbl-xbl.spamhaus.org/
|              }
|              
|              :0
|              { REVCHECKIP=`host ${RECEIVIPREV}.cbl.abuseat.org 2>&1 | grep -v 
'not found.'` }
|              
|              :0
|              * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****cbl.abuseat.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****cbl.abuseat.org*****)
|                  ATTENTION/cbl.abuseat.org/
|              }
|              
|              :0
|              { REVCHECKIP=`host ${RECEIVIPREV}.dul.dnsbl.sorbs.org 2>&1 | 
grep -v 'not found.'` }
|              
|              :0
|              * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****dul.dnsbl.sorbs.org*****)
|                  ATTENTION/dul.dnsbl.sorbs.org/
|              }
|              
|              :0
|              { REVCHECKIP=`host ${RECEIVIPREV}.blackholes.mail-abuse.org 2>&1 
| grep -v 'not found.'` }
|              
|              :0
|              * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****blackholes.mail-abuse.org***** 
$SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****blackholes.mail-abuse.org*****)
|                  ATTENTION/blackholes.mail-abuse.org/
|              }
|              
|              :0
|              { REVCHECKIP=`host ${RECEIVIPREV}.dialups.mail-abuse.org 2>&1 | 
grep -v 'not found.'` }
|             
|              :0
|              * $ REVCHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****dialups.mail-abuse.org***** 
$SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****dialups.mail-abuse.org*****)
|                  ATTENTION/dialups.mail-abuse.org/
|              }
|          }
|      }
|  }
|    
|  #### second IP ####
|  :0H
|  * Received: from.*\[.*\](.*$)+Received:.*\[\/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
|  { 
|      RECEIVIP2=${MATCH} 
|      
|      :0
|      * ! RECEIVIP2 ?? 127.0.0.1
|      {
|          :0
|          * RECEIVIP2 ?? ()\/[0-9]+
|          {
|              QUAD1=${MATCH}
|              :0
|              * RECEIVIP2 ?? [0-9]+\.\/[0-9]+
|              {
|                  QUAD2=${MATCH}
|                  :0
|                  * RECEIVIP2 ?? [0-9]+\.[0-9]+\.\/[0-9]+
|                  {
|                      QUAD3=${MATCH}
|                      :0
|                      * RECEIVIP2 ?? [0-9]+\.[0-9]+\.[0-9]+\.\/[0-9]+
|                      {
|                          RECEIVIP2REV="${MATCH}.${QUAD3}.${QUAD2}.${QUAD1}"
|                      }
|                  }
|              }
|  
|              :0
|              { REV2CHECKIP=`host ${RECEIVIP2REV}.relays.ordb.org 2>&1 | grep 
-v 'not found.'` }
|    
|              :0
|              * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0 fhw
|                  | formail -i "Subject: *****relays.ordb.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****relays.ordb.org*****)
|                  ATTENTION/relays.ordb.org/
|              }
|  
|              :0
|              { REV2CHECKIP=`host ${RECEIVIP2REV}.opm.blitzed.org 2>&1 | grep 
-v 'not found.'` }
|            
|              :0
|              * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****opm.blitzed.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****opm.blitzed.org*****)
|                  ATTENTION/opm.blitzed.org/
|              }
|  
|              :0
|              { REV2CHECKIP=`host ${RECEIVIP2REV}.list.dsbl.org 2>&1 | grep -v 
'not found.'` }
|            
|              :0
|              * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****list.dsbl.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****list.dsbl.org*****)
|                  ATTENTION/list.dsbl.org/
|              }
|  
|              :0
|              { REV2CHECKIP=`host ${RECEIVIP2REV}.sbl-xbl.spamhaus.org 2>&1 | 
grep -v 'not found.'` }
|            
|              :0
|              * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****sbl-xbl.spamhaus.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****sbl-xbl.spamhaus.org*****)
|                  ATTENTION/sbl-xbl.spamhaus.org/
|              }
|  
|              :0
|              { REV2CHECKIP=`host ${RECEIVIP2REV}.cbl.abuseat.org 2>&1 | grep 
-v 'not found.'` }
|            
|              :0
|              * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****cbl.abuseat.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****cbl.abuseat.org*****)
|                  ATTENTION/cbl.abuseat.org/
|              }
|  
|              :0
|              { REV2CHECKIP=`host ${RECEIVIP2REV}.dul.dnsbl.sorbs.org 2>&1 | 
grep -v 'not found.'` }
|            
|              :0
|              * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****dul.dnsbl.sorbs.org***** $SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****dul.dnsbl.sorbs.org*****)
|                  ATTENTION/dul.dnsbl.sorbs.org/
|              }
|  
|              :0
|              { REV2CHECKIP=`host ${RECEIVIP2REV}.blackholes.mail-abuse.org 
2>&1 | grep -v 'not found.'` }
|            
|              :0
|              * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****blackholes.mail-abuse.org***** 
$SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****blackholes.mail-abuse.org*****)
|                  ATTENTION/blackholes.mail-abuse.org/
|              }
|  
|              :0
|              { REV2CHECKIP=`host ${RECEIVIP2REV}.dialups.mail-abuse.org 2>&1 
| grep -v 'not found.'` }
|            
|              :0
|              * $ REV2CHECKIP ?? 127\.0\.0\.(2|4)
|              {
|                  :0fhw
|                  | formail -i "Subject: *****dialups.mail-abuse.org***** 
$SUB1"
|  
|                  :0
|                  * ^Subject:.*(*****dialups.mail-abuse.org*****)
|                  ATTENTION/dialups.mail-abuse.org/
|              }
|          }
|      }
|  }
 \______________________________________________________________________




-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/ 
Michelle Konzack   Apt. 917                  ICQ #328449886
                   50, rue de Soultz         MSM LinuxMichi
0033/3/88452356    67100 Strasbourg/France   IRC #Debian (irc.icq.com)

Attachment: signature.pgp
Description: Digital signature

____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
<Prev in Thread] Current Thread [Next in Thread>