At 10:18 2005-09-26 -0400, Eric Wood wrote:
I need to somehow test to To:,CC:, BCC: for the existence of a bad
recipient or some kind of "user-slamming" technique.
I can get my entire list of valid recipients from my system files by doing
this:
$USERS=`cat passwd.interplas.com aliases.interplas.com | cut -f1 -d: | sort
| uniq`
So if I have an email come in with:
To: eric(_at_)interplas(_dot_)com, erik(_at_)interplas(_dot_)com,
erika(_at_)interplas(_dot_)com,
tom(_at_)xyz(_dot_)com, tommy(_at_)xyc(_dot_)com
I need that message to fail because erik and erika doesn't exist, yet the
message gets through to me, eric.
I don't do that check, but here's one I do. You could modify it to be
called iteratively for each apparent recipient at your domain, instead of
using the sender. Note that this relys upon a diagnostic output of
sendmail - if you use a different MTA, check to see what sort of options
you have there. i prefer this over looking for local users in a password
file. This handily deals with aliases and virtusertable expansions.
# 20041213
# if the From: address claims to be from a user or the local system,
# check sendmail to see if the user parses as valid.
# This is intended to catch random username forgeries.
:0
* FROM_DOMAIN ?? ^((host|anotherhost)\.)?yourdomain\.tld$
{
VALIDRESULT=`$SENDMAIL -bv $CLEANFROM`
:0
* ! VALIDRESULT ?? deliverable:
{
SPAMVAL="+180"
SPAMMISHNESS="${SPAMMISHNESS}${SPAMVAL}"
SPAMNOTES="${SPAMNOTES}SPAM: ${SPAMVAL} spoofed local user
${CLEANFROM}${NL}"
}
}
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail