Hello *,
The problem:
Between 2009-02-25 and 2009-02-27 I was spamed by more then 270000 spams
where the most ones whrere not detected as spam by spamassassin.
Spamassassin detect one of the trusted server (e.g. <murphy.debian.org>)
and let the spam through...
This is <argh> and <grmpf>.
OK, now I have a list of whitelisted domains with one host per line.
What I want to do is something like:
formail -czx Received: |grep --invert-match --file=${WHITELIST}
and then check the remaining Received: headers.
So if I have something like this spam:
----[ STDIN ]-----------------------------------------------------------
Received: from localhost (server7.pinguin-hosting.de [127.0.0.1])
by server7.pinguin-hosting.de (Postfix) with SMTP id D1EFC613E6
for <XXXXXXXX(_dot_)bts4michelle(_at_)tamay-dogan(_dot_)net>; Thu, 26
Feb 2009 22:19:21 +0100 (CET)
Received: from master.debian.org (master.debian.org [70.103.162.29])
by server7.pinguin-hosting.de (Postfix) with ESMTP id 913EF59FF2
for <XXXXXXXX(_dot_)bts4michelle(_at_)tamay-dogan(_dot_)net>; Thu, 26
Feb 2009 22:19:21 +0100 (CET)
Received: from qa by master.debian.org with local (Exim 4.63)
(envelope-from
<bounces+20090226-XXXXXXXXXX(_dot_)bts4michelle=tamay+2Ddogan(_dot_)net(_at_)packages(_dot_)qa(_dot_)debian(_dot_)org>)
id 1LcndY-00026z-C0
for XXXXXXXX(_dot_)bts4michelle(_at_)tamay-dogan(_dot_)net; Thu, 26 Feb
2009 21:19:20 +0000
Received: from powell.debian.org ([87.106.64.223]) by master.debian.org
with esmtp (Exim 4.63) (envelope-from <citations(_at_)uncem(_dot_)it>)
id
1LcndX-00026J-89 for
vim_contact(_at_)packages(_dot_)qa(_dot_)debian(_dot_)org; Thu,
26 Feb 2009 21:19:19 +0000
Received: from host77-252-dynamic.35-79-r.retail.telecomitalia.it
([79.35.252.77] helo=xmbxcws.telecomitalia.it) by powell.debian.org
with
smtp (Exim 4.69) (envelope-from <citations(_at_)uncem(_dot_)it>) id
1LcndT-0005qV-Ff for vim(_at_)packages(_dot_)debian(_dot_)org; Thu, 26
Feb 2009 21:19:17
+0000
------------------------------------------------------------------------
and I have whitelistet:
----[ '~/.tdprocmail-tools/whitelist_domains' ]-------------------------
tamay-dogan.net
server7.pinguin-hosting.de
debian.org
------------------------------------------------------------------------
the spam would never had reached my mailbox if I use <zen.spamhaus.org>.
Any suggestions how to realize this in procmail?
or is it realy better to use an external BaSH script which in effect
could run a loop over more then one DNS and being more configurable.
e.g.
----8<------------------------------------------------------------------
#!/bin/bash
SRV_DIR=${HOME}/.tdtools-procmail/servers_dns
WL=${HOME}/.tdtools-procmail/whitelist_domains
RECV_HDR=$(formail -czx Received: |grep --invert-match --file=${WL})
(echo ${RECV_HDR}) |
while read LINE
do
IP_SED=$(echo "${LINE}" |sed
's|\(.*\[\)\(.*[0-9]\..*[0-9]\..*[0-9]\..*[0-9]\)\(\] .*\)|\2|')
IP_REV=$(echo ${IP_SED} |sed
's|\(.*[0-9]\).\(.*[0-9]\).\(.*[0-9]\).\(.*[0-9]\)|\4.\3.\2.\1|')
for SRV in $(ls ${SRV_DIR}/*) ; do
. ${SRV}
RET=$(host ${REV_IP}.${SRV})
...do_something_with_RET...
done
done
----8<------------------------------------------------------------------
and since the SRV files in ${SRV_DIR}/* are sourced, I can put
instructions how to evaluate the retunvalues of "host".
Any suggestions welcome.
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
24V Electronic Engineer
Tamay Dogan Network
Debian GNU/Linux Consultant
--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
<http://www.tamay-dogan.net/> <http://www.can4linux.org/>
Michelle Konzack Apt. 917 ICQ #328449886
+49/177/9351947 50, rue de Soultz MSN LinuxMichi
+33/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail