procmail
[Top] [All Lists]

Re: catching spam with invalid users

2006-07-10 23:43:07
At 15:40 2006-07-10 -0400, Eric Wood wrote:
----- Original Message -----
From: "R.G. Ball"
I'd be pretty upset if my sysadmin dumped legit mail to me just because
the sender
typed eirc(_at_)myorg rather than eric(_at_)myorg in the cclist.

But I have far more people upset about the inverse situation.  The majority
rules in my environment.

If you're doing this filtering from within /etc/procmailrc, I've posted in 
the past about some techniques you can use to allow users to opt-in or out 
of individual filters (or classes of filters).  Having the rcfile check for 
the presence of a file in the users homedir is one technique.  A broader 
one (but which the user can't manipulate directly) is to place users into 
groups for the purpose of filtering and check for their membership in those 
groups to determine whether certain classes of filters should be 
applied.  Then there's producing a web interface which the users can use to 
toggle individual filters, and have procmail call a helper to interrogate 
the database (or, since it'd be a trusted app taking the user options and 
creating the backend data, it COULD just create user-specific files you 
could includerc to get settings from).

So I'm experimenting with this and am having good results so far:

* ? formail -x"X-Apparently-To:" -x"Delivered-To:" -x"To:" -x"From:" \
-x"Sender:" -x"Reply-To" -x"Return-Path:"  | awk 'BEGIN { RS=" " } {
print }' \
| sed -e '/mydomain\.com/!d;s/<//g;s/>//g;s/,//g;s/@mydomain\.com//g' \
| grep -i -v -f /etc/vmail/valid_users.mydomain.com

FYI, given an email address in $ADDRESS:

         VALIDRESULT=`$SENDMAIL -bv $ADDRESS`
         :0
         * ! VALIDRESULT ?? deliverable:
         {
                 SPAMVAL="+180"
                 SPAMMISHNESS="${SPAMMISHNESS}${SPAMVAL}"
                 SPAMNOTES="${SPAMNOTES}SPAM: ${SPAMVAL} bogus local 
recipient ${ADDRESS}${NL}"
         }

(I don't personally use this recipe to check recipients)

You wouldn't even have to break multiple addresses out into individual 
invocations, as sendmail (the real thing) will happily check deliverability 
given the following syntaxes:

sendmail -bv addr
sendmail -bv addr addr2
sendmail -bv addr, addr2                (with and without space after comma)

The addresses of course would have to be _cleaned_ -- no comments, just 
addresses.

Where multiple addressees resolve to the same recipient, sendmail will omit 
the dupes.

You _would_ need to modify to use scoring to count the number of lines in 
the output NOT reporting "deliverable:" (minus perhaps one for a 
non-privledged user making the check, but if calling from /etc/procmailrc 
you probably don't have that problem).

---
  Sean B. Straw / Professional Software Engineering

  Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
  Please DO NOT carbon me on list replies.  I'll get my copy from the list.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

<Prev in Thread] Current Thread [Next in Thread>