procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How do I detect mail of inexistent receipient? (User slamming?)

2005-09-26 09:05:59
from [Ruud H.G. van Tol] [Permanent Link] 
Eric Wood:


I need to somehow test to To:,CC:, BCC: for the existence of a bad
recipient or some kind of "user-slamming" technique.


The Bcc: header is normally not there, or is empty.



So if I have an email come in with:

To: eric(_at_)interplas(_dot_)com, erik(_at_)interplas(_dot_)com, 
erika(_at_)interplas(_dot_)com,
tom(_at_)xyz(_dot_)com, tommy(_at_)xyc(_dot_)com

I need that message to fail because erik and erika doesn't exist, yet
the message gets through to me, eric.


That should be done that at the SMTP-level, where you can actually
reject the message.

If you do it later, the only proper way to make the message fail is to
discard it.



So I need some kind of loop to:
1. Eliminate all recipients except interplas.com people. So I end of
with eric, erik, and erika.
2. Test that all recipients belong in my $USERS list.


I don't consider that the right way to counter it.
DNSBL will take care of most of the unwanted messages.
You could set up a filter 'at the gate' (like in sendmail.cf) that
rejects all messages with more than 1 invalid user.


But OK, if you are not able to solve this at the SMTP-level, try
something like this:

  :0:
  *$ ! H_TOCC ?? (^|,|<)${RE_USERS}(_at_)interpals\(_dot_)com(>|,|$)
  .IN.spam.not2us


The variable H_TOCC needs to be filled with the values of the To and Cc
header fields, so look in the archives for H_TOCC.

With google, I found
http://www.mhonarc.org/archive/html/procmail/2005-05/msg00125.html
which has a line
  H_TOCC = "$H_TO$H_CC"
that I would change to
  H_TOCC = "$H_TO,$H_CC"
Suggestion: read that whole thread, see links to the other messages at
the bottom; Bart mentions SmartList.


The variable RE_USERS should contain a regex with all the allowed
userids, for example:

  RE_USERS = '(eric|johnx|johnz|pete)'

or lay it out like

  RE_USERS = '(\
eric|\
johnx|\
johnz|\
pete|\
@)'

You could also fill that variable from a file, you can use sed to
transform a file with one userid per line into the regex.

Adjust LINEBUF if needed.


Oops, there is a bug in
http://www.xs4all.nl/~rvtol/procmail/basic/pm/H_vars.inc
because both H_ToCc and H_To_Cc are used.

-- 
Grtz, Ruud


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  How do I detect mail of inexistent receipient? (User slamming?), Eric Wood
Next by Date:  Re: Procmail lock, Cerebus the Aardvark
Previous by Thread:  How do I detect mail of inexistent receipient? (User slamming?), Eric Wood
Next by Thread:  Re: How do I detect mail of inexistent receipient? (User slamming?), William Park
Indexes:  [Date] [Thread] [Top] [All Lists]