[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

alternative anti spam implementation



Greetings,

	As a followup to my previos mail about using router -i to
match addresses against spam database or whatever, I would like to
report some results I've got today. I have enabled ftev style options
in smtpserver.conf and rewritten server function to stop relaying
mail which mx records do not point to our AS address space. Thanks
to canonicalize I can do the check against final recipient or original
sender. Here is the server function which works for me now at our
main mail relays, without impacting the load (well, yet) This code
is in no way to be used as it is, just to give you an idea what I am
talking about:

server_reject=false
server_host=""
server_address=""
server_from=""

relation -lmt btree -f /etc/mail/db/as1890.db as1890 || as1890 () { return 0 }

as1890lookup (address) {
        local a

        ssift "$address" in
        \[(.*)\]
                address=\1
                ;;
        (.*)\.(.*)\.(.*)\.(.*)
                a="$(as1890 \1.\2.\3.\4)" ||
                        a="$(as1890 \1.\2.\3)" ||
                        a="$(as1890 \1.\2)" ||
                        a="$(as1890 \1)"
                ;;
        tfiss

        [ "$a" = "OK" ] && return 0
        return 1
}

server (key) {
        local mx address ip verified

        case $key in
        init)
                server_reject=true
                as1890lookup "$2" && server_reject=false
                server_host="$1"
                server_address="$2"
                return
                ;;
        from|to)
                verified=false
                address="$(canonicalize "$1")"
                tsift "$address" in
                .*<@(.*)>.*
                    for mx in \1 $(elements $(mxhosts "\1"))
                    do
                        ip="$(ipaddress $mx)" &&
                            as1890lookup "$(car $ip)" && {
                                verified=true   
                                break
                            }
                    done
                    ;;
                tfist
        esac

        case $key in
        from)
                if [ $verified = true ]; then
                    $server_reject=false
                fi
                server_from="$1"
                echo "250 "
                ;;
        to)
                if [ "$server_reject" = "true" -a "$verified" = "false" ]; then
                        echo "553 5.7.1 We do not relay"
                        echo "$server_host $server_address $server_from $1" \
                                >> /var/spool/syslog/mail/smtpserver.reject
                        return
                fi
                echo "250 "
                ;;
        esac
}

	Well, and the database would contain something like:

193.78		OK
...

	...that is all address blocks belonging to our
customers.

	Now the question is, perhaps we might want to do all
policy checks through router? We have database faicility built
into it, we can parse an address properly and there is way more
flexibility. I am going to write clean anti spam policy code
in zmsh soon and perhaps if we take this approach we could move
all smtp policy checks into router and weed them out of smtpserver?
Let me know what you think,
							alexis

PS Of course there are way more possible checks which could be
   done in server functions than in the code above...
--
		You can't teach a new mouse old clicks