Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 





     АРХИВ :: Inet-Admins
Inet-Admins mailing list archive (inet-admins@info.east.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [inet-admins] pop mail


On Sun, 8 Feb 1998, Slawa V. Olhovchenkov wrote:
> On Sun, Feb 08, 1998 at 02:51:22PM +0300, Andy Igoshin wrote:
> > > > Идея такова, чтобы _не_принимать_ почту для юзеров, которых нет. Отвергать
> > > > прием на этапе SMTP. Оно это может.
> > > Толи лыжи не едут, то ли я тормоз... Народ, откуда вы такие sendmailы откопали,
> > > которые патчить надо? У меня стандартный sendmail со стандартным конфигом
> > > отвергает такое. Именно на этапе SMTP.
> > Не. Просто оно, на мой взгляд, несколько более умное, чем стандартный
> > sendmail'овский вариант.
> Чем?

Тут приаттачен кусок моего конфига и readme к патчу.


						Last update: README: 19-Aug-97
							     Source: 21-Aug-97
							     Level:  s-4

 Patches to reject eMail-SPAM

 (C) Copyright 1996,1997 by A.Zinser (fifi@hiss.org)

 For sendmail-8.6.12, -8.7.3, -8.8.x -- other versions and releases
 available on demand. See below for further information regarding known
 bugs, changes to prior patch versions, installation and so on.
 IMPORTANT: with p-beta5 the filter.cf data format has changed!

 Please appreciate that I am not able to check out all combination
 of features these patch offers. There may be bugs and I'm sure, there
 are any (do you know a completely bug-free piece of software?). Please
 tell me if you have problems and be patient if I don't respond
 immediately. If I don't respond within two weeks, do it again. I won't
 be angry about repeated questions cause I know that some mail gets
 forgotten in my mail folder. Sorry, there is too much to do these
 spammy days :-(

 *** ANNOUNCEMENT *** ftp://ftp.spam-archive.org/pub/spam/spam-archive - a
        collection of recent spams as distributed via
        spam-list@toby.han.de (send a mail to majordomo@hiss.org with
        'info spam-list' in the body). WWW interface and search engine
        at http://www.spam-archive.org/.

 *** smail-3.1.29 *** This is a pre-pre-pre-alpha-release! The only
			feature already running is filtering by
			envelope sender during SMTP receipt!

	! First at all: this is no replacement for the features
	  of sendmail-8.8.*. This filter has been created before
	  sendmail-8.8 was available and independend of it and it
	  includes in the meantime more features than sendmal-8.8.*.
	* Filtering by eMail-Adress, Sitename, Domain and/or IP-Address
	  (SMTP only).
	* Refusing mail during the RCPT phase of SMTP connections as
	  well as during delivery.
	* As many filter targets (recipients) as you want, specified
	  either by eMail-address, sitename or domain.
	* Configuration in a seperate file (filter.cf). Frozen config
	  file to speed up sendmail.
	* Macros and includes supported.
	* Sender to a blacklisted address get notified that they won't
	  receive an answer.
	* Received: lines are checked for blacklisted users, sites
	  and ip addresses (since q-beta1)
	* Exceptions from blacklists by [user[@[host[.domain]]]]+
	  (Suffixed '+')
	* From:, To: and Reply-To: header lines are ckecked during
	  delivery too (cation: differing syntax for To: checking!)
	* Incoming mail must contain a really valid address (A/MX
	  DNS record has to be defined)
	* A check to deny unwanted relaying - in opposite to check_compat
	  offered by sendmail this is done before the mail has been

	If you use the TEERGRUBE feature, the sender/recipient pairs must
	be given directly, if the sender is given by a macro and the mark
	has been done within the macro definition, it is ignored!

		Wrong:	UCE=-user@domain, -user@domain2
			$ME: $UCE

		Right:	UCE=user@domain
			$ME: -$UCE

	* Adress checking will be done by a seperate daemon to reduce
	  waste of time by reading the config file and the amount of
	  memory cause of the size of it.
	* Other header fields (From:/Sender:) will be checked too.
	* Regular expressions (optional).

 	* All patches up to and including p-beta2:
 	  Since I added blanks as seperators in the cf file I didn't
	  mention the trouble caused of sick code. If you run this
	  filter, _never_ mix ',' and ' ' as seperators in the same
	  line! Fixed with p-beta3
	* p-beta/p-beta2:
	  Not all duplicate entries have been deleted while writing
	  the frozen filter.fc. Minor bug, fixed with p-beta3
	* p-beta up to p-beta5:
	  `sendmail -bF' first opens the frozen filter config for
	  writing and then starts to read the filter.fc file.
	  Any call to sendmail during writing the fc file will cause
	  in a warning (wrong magic found). Minor bug, fixed with
	* Up to and including q-beta2: delivering mail to a blacklisted 
	  site causes a notification to the sender every time the queue 
	  is processed. He may get a lot of mail if the blacklisted site
	  isn't reachable
	* Up to and including q-beta2: the warning message in the case
	  above seems to be a little confusing. Try to get a better one.
	* Up to and including q-beta2: there has been a bug while
	  optimizing for the fc file. Fixed with q-beta3
	* Up to q-beta3: defining MAILFILTER without FILTERLOG caused
	  compiler errors
	* Up to r-beta: filter exceptions have been wrong ducumented.
	  It's a suffixed '+', not a prefixed!

        These patches have been created before sendmail-8.8 was
        available because of massive eMail-spamming from lsat.com and
        *friends*@aol.com. At the beginning the filter acted global for
        all sites, but massive protests from several people in our
        domain caused me to create a site dependend filter.cf. The
        features of this configuration file surpass those of
        sendmail-8.8 (as far as I know :-)) and I hope to get a frontend
        like changesys to permit our domain members changing their
        entries by themselves. Beside the filtering of mail I included
        this filter into CNews, but I still have not enough time to
        continue with it...

	BUT: Be carefully! Filtering email is a dangerous way to get
	     rid of unwanted mail. SMTP-server can be abused to work
	     as mail exploders and to filter mail from those sites (by
	     given domain name or IP address) can result in filtering
	     mail from just normal users!
	AND: If you decide to filter email either using this patches
	     or any other method, you have to keep your config file
	     at an actual state. Maybe I'll create a mailing list
	     for exchanging config files and so on, but beside of this
	     you have to act fast to prevent spamming your users,
	     because some spammers change their email address as
	     fast as I do so with my underwear...

 How it works:
	It's really simple. During receipt (RCPT phase of SMTP connections)
        and delivery (if you receive mail via UUCP for example) sender
        and recipient addresses are check against a list of connections.
        If the test matches the mail is refused with `551 Mail refused
        due to request of the recipient host or user.'. Sender and
        recipient may be single users (`user@host.domain'), sites
        (`host.domain'), domains (`.domain'), ip adresses (`[A.B.C.D]',
        sender only!) or ip address fragments (`[A.B.C', sender only!).
        The configuration is placed in a seperate file (typically
        `filter.cf') and may contain rules as well as macros:

		hiss.han.de:	CocaColaTs@aol.com
        causes blocking of all mail from `CocaColaTs@aol.com' to any
        user at `hiss.han.de' and

		NATUREPLUS=	health@natureplus.com, health@moneyworld.com,
		RECIPIENTS=	hiss.han.de, nutsy.han..de, fifi@kaa.han.de


	affects every mail from natureplus adressed to one of the sites
	mentioned in the macro RECIPIENTS. To blacklist domains with
	a lot of spammers as well as ordinary users you may define
	postive entries like

		hiss.han.de:	salynet.com, +postmaster@alberta.salynet.com
        Everything from or via salynet.com except of mail from
        postmaster@alberta.salynet.com is denied. The expansion of
        macros is done while reading the filter.cf file every time
        sendmail is coming up. Additionaly it costs a lot of time to
        ignore duplicate or obsolete entries in the configuration file.
        To speed up the system you can build a frozen configuration
        file. Because of the macro expansion this file can grow very
        large, but it's cheaper to read a large file in e few chunks
        without any cpu processing like parsing and macro expansion than
        reading a small file with a great amount of calculation.

	For testing the patches you may create a config file like

		nobody@foo.bar:	spammer@hell
	Restart your sendmail and type

		$ telnet localhost 25
		220- ...
		220 ESMTP spoken here
		MAIL FROM: <spammer@hell>
		250 <spammer@hell>... Sender ok
		RCPT TO: <nobody@foo.bar>
		551 <nobody@foo.bar>... Mail refused due to request of the 					recipient host or user.

	If you want to know the current configuration you should enter:

		$ /usr/lib/sendmail -d89.8 -bt
		Version 8.6.12-pa
		<empty list>:
		nobody@foo.bar: spammer@hell

		ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
		Enter <ruleset> <address>
	Sorry, it's still a workaround and will be replaced in a future patch.
	More hints about filter.cf can be found in `filter-sample.cf'.

	Last famous words: no warrenty!
						Fifi (aka Axel)

	* Source available from ftp://ftp.hiss.org/pub/sendmail
	* Infos about updates, changes etc. via Mailinglist
	  filter-news@hiss.org (to subscribe send an email to
	  majordomo@hiss.org which contains `subscribe filter-news'
	  in the body) - currently a dead list, because I'm working
	  on the next patchlevel using a seperate deamon.
	* ftp://ftp.hiss.org/pub/spam/spam-archive - a collection
	  of recent spams (in the meantime already more than 1000 spams
	  in 1997 :-() as distributed via spam-list@toby.han.de (send a
	  mail to majordomo@hiss.org with 'info spam-list' in the
	* ftp://ftp.hiss.org/pub/sendmail/filter.cf.data - a daily updated
	  list of envelope and header sender addresses which can be used
	  as an input for your own filter.cf

	s-4	Prevent abuse as mail relay.

	n	Testing sender/recipient had a lot of overhead.
		Modifications for Cnews
		Recursion check for macro definitions
	o	Warnings & Statistic only using -bi/-bF
		sendmail -bF checks and dumps filter list (replaces
		Recipients, which are associated with the (pseudo) sender
		target `refuse-all-mail' won't get any mail any
	p	-bF writes an optimized frozen config file. If a frozen
		config file exists it will be used instead of the source
		filter.cf. Now pattern like `[127.0.0' to exclude complete
		networks (`' in this case) are permitted. An
	        entry `@@filterlog: SENDER-LIST' causes logging every
	        mail from the mentioned senders (the method of logging
	        mail from any mentioned sender has been turned off with
	        this patch). Filter entries (RHS only) starting with a
	        slash (`/') are interpreted as file names containing
	        addresses (or macros). To get detailed information about
	        obsolete and duplicate entries (filename, line, argno)
	        you have to define `FILTERDEBUG' - but it increases
	        the amount of memory (for the frozen filter file too!).
	        "Dirty" features must be enabled by defining
	        `TEERGRUBE', not to use it decreases the amount of
	        memory. Only sendmail option `-v' gives information
	        about duplicate and obsolete entries (p3). Macros have
	        to be referenced as $MACRO (p4). Source prepared to get
	        included into a mail driven frontend for administration
	        of the filter config file (p4). Sendmail now sends an
	        automatic warning to the sender of a mail adressed to a
	        blacklisted site or user (p5). If FILTERCONTACT is
		defined each sender gets a verbose error message including
		FILTERCONTACT as contact in case of an error.

		cf2fc file speedup:

		i586: cf: 815 macro, 26366 filter entries, 560188 bytes total
			4.69user 0.02system 0:04.74elapsed
		      fc: 0 macro, 24524 filter entries, 505566 bytes total
			0.04user 0.05system 0:00.22elapsed
		mips1: cf: 815 macro, 26366 filter entries, 560188 bytes total
			real 39.36 user 19.95 sys  0.33
		      fc: 0 macro, 24524 filter entries, 505566 bytes total
			real 3.21 user 0.23 sys  0.28

	q	Check Received: lines for any blacklisted host or ip address
		More verbosity while creating frozen config file
		Port to smail (not yet finished!)
		Faster (using sorted lists now)
		If `REFUSE_ALL_SENDER' is defined as `"refuse-all"' (for
		example), an entry `refuse-all: sender-list' causes all
		mail from the mentioned senders to be refused regardless
		of the recipient. You'll have to define `REFUSE_BY_RECIPIENT'
		to enable the per recipient filtering if you have
		defined `REFUSE_ALL_SENDER'!
	r	All defines have been moved to filter-include.h.
		Exception rules supported.
	r-beta1	Header lines can be checked too (FILTERBYRECEIVED has to
		be defined). Reply-To: and From: are handled like the
		envelope sender; To: is handled like the envelope sender
		too, cause it makes no sense to check a forged To: line
		against a envelope sender, but against a recipient.
        s-exp	if CHECKSYNTAX is defined, the FROM part of incoming mail
	        is checked wether it could be correct or no. Mails
	        without or without syntactical correct host part and
	        with pure numeric local parts are refused. If CHECKDNS
	        is defined, all incoming mail will checked against DNS
	        and refused if there is neither an A nor a MX RR defined
	        for this host. ** experimental patch **
	s-4	If LOCAL_DOMAINS are defined all incoming mail is checked
		wether the mailer is abused as mail relay/exploder.

	* Mail driven front-end to permit all users to modify their
	  individual filter entries.
	* Sending to a blacklisted address removes this address from
	  the filter database (dangerous!).
	* Pseudo recipient target `send-large-response' will cause a very,
	  very large SMTP response (about 40 MBytes) for special sites.
	  Dangerous patch! I'm not really sure wether I should realize that
	  or not. 
	* Pseudo recipient target `send-slow-resonse' will cause a medium
	  size, but very slow SMTP response to lock the sender mailer for
	  a long time. Not yet implemented. If you know what you're
	  doing, you'll know where to insert the three statements. But
	  be carefully: all outgoing stuff will get locally stored in
	  the mqueue directory up to successful delivery and broken pipe
	  notifies can fill up your syslog file!
	* Filtering by contents of the subject line

 Sendmail options (added/modified):
	-bF	Creates a frozen filter.fc file.
	-v	Verbose output (duplicate/obsolete entries)
	-bi	Information about the filter size.

 Debug switches (out of date :-(():
	89.x	Debugging. A lot of information which should not
		be of interest for you.
		255 recsearchpair(), dump all internal lists during processing
		128 readfiltercf() input processing
		25 all function calls
		20 searchsender() calls, addfilter() actions, readfiltercf()
		15 recsearchpair()
		10 recsearchpair() results, addfilter()
		8 dump all internal lists at the end of readfiltercf()
		4 searchpair()
		1 recsearchpair() success

        Run patch or unpack the "related files" archive in the sendmail
        source directory (keep a backup of the unpatched sources :-)).
        Edit `filter-include.h' to define all literals and features. Add
        `-DMAILFILTER' to `ENVDEF=..' in the architecture dependend
        Makefile (`obj..../Makefile'). Then run `makesendmail' and
        `makesendmail install'. That's all. If you use the FILTERCONTACT
        feature keep care that this address is still reachable from all
        blacklisted senders.

	Patch#	OS		sendmail/news		Level
	r-beta	Linux-2.0.27	sendmail-8.8.5		c/t
	r-beta	IRIX-4.0.5	sendmail-8.8.5		c/t/r (just intalled)
	s-4	Linux-2.0.x	sendmail-8.8.7		c/t/r
							c=compiled, t=tested

OUR = @vsu.ru, .vsu.ru, @vucnit.voronezh.su, .vucnit.voronezh.su

# Disable IC newsserv
IC_NEWSSERV = nws@ic.vrn.ru, newsserv@serv.vrn.ru, newsserv@news.vrn.ru, newsserv@ic.vrn.ru

BLOCKED_ADDRESSES = @p0.f57.n5025.z2.fidonet.org, @p9.f23.n5025.z2.fidonet.org, f9.n5025.z2.fidonet.org
$BLOCKED_ADDRESSES:	refuse-all-mail

BA_OUT = w3gate@gmd.de
$BA_OUT:	.fidonet.org, .fido.vsu.ru, avs.vsu.ru


# Complete List
# blacklist
# ---------
# This file is automatically generated and updated by the
# spam sent to spam-list@toby.han.de and archived in The
# Garbage Collection (http://www.spam-archive.org/). It
# is available via ftp from 
# ftp://ftp.spam-archive.org/spam/blacklist/
# The addresses are taken from the envelope sender, reply-to
# and the from line of the spams. They may be forged!!!
# NEVER use this list without a preview! CHECK IT wether
# it contains addresses which must not be blacklisted under
# any cicumstances (mailinglist owners, administrative accounts)
# and send me a mail (postmaster@spam-archive.org) if you
# find any!
# For an automatic notification each time this file has changed
# subscribe to blacklist-changes@hiss.org. To get automatic updates
# to the list subscribe to blacklist-update@hiss.org (Majordomo).



refuse-all:	$SPAMMERS
$SPAMMERS:	refuse-all-mail


Copyright © Lexa Software, 1996-2009.