also posted on vsnag-list(_at_)vsnag(_dot_)spamless(_dot_)us
Hallo
i try to block known virus sender with folowing rc and vsnag
and the access.db from sendmail
ok its looks a bit like a dos hack but it works
to cleanup the folder with ip adresses VIRUS_SENDER_IP i will use
a shell script and let crontab trigger it to delete all entrys older than 24h
still have to learn how to do something like this on freebsd:)
#######################################################################
############# block.virus.rc #########################################
#######################################################################
VERBOSE=on
:0 # i use VS_ZIPMAX 100000 byte to exclude zip's > 100kb from beeing vsanged
* VS_OUT ?? zip^^
* >$VS_ZIPMAX
{ VS_OUT }
:0 E # () look for an IP address in top Received i took some code from
vsnag.rc:)
* $ ^Received:[$WS]*from[$WS]+\/[^$WS].+[$WS]by[$WS]
* $ $GO^0 MATCH ?? [[]\/$DOTQUAD
* $ $GO^0 MATCH ?? ()\/$DOTQUAD
{ H_TOP_CLIENT = "$MATCH" }
VIRUS_SENDER_IP=/var/spool/virus_sender_ip/
SPAM_BLOCK_ACCESS=/etc/admin/antispam/spam_block_access
:0
* $ VS_OUT ?? $TRUE
{
LOG = "$NL ======> Virus Sender: $H_TOP_CLIENT <====== $NL"
:0
|echo -e $H_TOP_CLIENT "\t" 550 Mail Rejected please check for virus
infection "\n" >"$VIRUS_SENDER_IP$H_TOP_CLIENT"
:0
|rm -f $SPAM_BLOCK_ACCESS
:0 #
|find $VIRUS_SENDER_IP*.*.*.* -exec cat '{}' >> $SPAM_BLOCK_ACCESS \;
:0
|cat /etc/mail/access $SPAM_BLOCK_ACCESS > /etc/mail/test_access
:0
|/usr/sbin/makemap hash /etc/mail/access < /etc/mail/test_access
}
my questions:
why are
procmail: Executing "echo "$H_TOP_CLIENT 550 Mail
Rejected please check for virus infection" >"$VIRUS_SENDER_IP$H_TOP_CLIENT""
procmail: Error while writing to "echo "$H_TOP_CLIENT 550
Mail Rejected please check for virus infection"
"$VIRUS_SENDER_IP$H_TOP_CLIENT""
procmail: Assigning "LASTFOLDER=echo "$H_TOP_CLIENT 550
Mail Rejected please check for virus infection"
"$VIRUS_SENDER_IP$H_TOP_CLIENT""
Errors showing up after executing the action line, i think it is because the
pipe dies?
and i am not realy satisfied with the H_TOP_CLIENT variable
how to get the client ip passed from the sendmail macro ${client_addr) to
procmail
the thing for REMOTEIP with Mlocal A=env .......... in the sendmail.cf leads to
errors on my system ?
also i like your comment to this in general
Matthias
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail