greytrapping and sendmail

Thorsten Glaser Tue, 13 Jan 2009 03:21:42 -0800

Hi all,

imagine you have an address like "junk@<mydomain>" added to
the list of traps. Now, someone sends mails to you (or, via
spamlogd, vice versa) then spams the trap address. Sendmail
will let him pass, and either reject junk@ or have it alia-
sed to /dev/null. Not with me b:


Diffs slightly hand-edited to only contain relevant material.

======
/etc/changelist diffs (-OLD  +NEW)
======
--- /var/backups/etc_changelist.current Tue Aug 12 22:51:27 2008
+++ /etc/changelist     Mon Jan 12 15:48:29 2009
@@ -56,14 +56,15 @@
 /etc/mail.rc
 /etc/mail/access
 /etc/mail/aliases
 /etc/mail/genericstable
 /etc/mail/helpfile
+/etc/mail/junk.sh
 /etc/mail/local-host-names
 /etc/mail/localhost.cf
 /etc/mail/mailertable
 /etc/mail/relay-domains
 /etc/mail/sendmail.cf
 /etc/mail/spamd.conf
 /etc/mail/submit.cf
 /etc/mail/trusted-users
 /etc/mail/virtusertable

======
/etc/mail/aliases diffs (-OLD  +NEW)
======
--- /var/backups/etc_mail_aliases.current       Fri Jan  9 14:54:44 2009
+++ /etc/mail/aliases   Mon Jan 12 15:20:26 2009
@@ -81,3 +81,4 @@
 # msgs: "|/usr/bin/msgs -s"

 root:          [b&]
+junk:          "|/bin/mksh /etc/mail/junk.sh"

======
/etc/sudoers diffs (-OLD  +NEW)
======
--- /var/backups/etc_sudoers.current    Wed Jan  7 14:59:29 2009
+++ /etc/sudoers        Mon Jan 12 15:37:54 2009
@@ -42,3 +42,5 @@
 # Samples
 # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
 # %users  localhost=/sbin/shutdown -h now
+
+%daemon                ALL=(root) NOPASSWD: /usr/sbin/spamdb


The sudoers line is needed to make c/etc/mail/junk.shc
 able
to delete the whitelisting line and add a TRAPPED entry. It
runs as daemon, as itbs listed in /etc/mail/aliases (do not
forget to (cd /etc/mail; sudo make) after editingB9), although
I considered adding a LOCAL_MAILER to openbsd-proto.mc espe-
cially for this.


Now, herebs junk.shB2:

-----BEGIN CUTTING HERE MAY DAMAGE YOUR SCREEN SURFACE-----
#!/bin/mksh

export
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/mpkg/bin:/usr/mpkg/sbi
n:/usr/local/bin:/usr/local/sbin

# yeah, we all love regular expressions and shell scripts like this one b:
# you are not expected to understand this
# b" change all "`" to "_"
# b" change all newline to "`"
# b" change all "` " (space or tab at beginning of line) to just a space
# b" change back "`" to newline (above ones were joined)
# b" take the first line beginning with "Received"
# b" get the IPv4 or IPv6 address of the sender, without the "IPv6:" praefix
# you are not expected to understand the above textual description
# eitherB3, just look at the actual shell script line then :C>
ip=$(tr '`\n' '_`' | sed 's/`[   ]/ /g' | tr '`' '\n' | \
    grep '^Received' | head -1 | \
    sed -n 's/^[^(]*: from [^(]* ([^]]*\[\(IPv6:\)*\([^]]*\)\]) by .*$/\2/p')

if [[ -n $ip ]]; then
        # delete from whitelist
        sudo spamdb -d "$ip"
        # trap for 24 hours
        sudo spamdb -t -a "$ip"
fi
exit 0
-----END CUTTING HERE MAY DAMAGE YOUR SCREEN SURFACE-----

If anyone has a better method for extracting the IPv4 or IPv6 address,
Ibd be delighted to hear it. Using a custom mailer would actually make
some macros available, but I donbt know if the sender socket address
is among them.


bye,
//mirabilos

b  Kudos to OpenBSD for adding a Makefile there, by the way.
  Nice idea.
b! While I did install http://mirbsd.de/mksh on the box, oksh
  (OpenBSD /bin/ksh) _might_ also work. Actually, should.
  I have an unofficial port for mksh waiting for anyone to commit itb&
b" Like some of my colleagues b;
--
tarent Gesellschaft fC<r Softwareentwicklung und IT-Beratung mbH

Heilsbachstr. 24, 53123 Bonn  | Poststr. 4-5, 10178 Berlin
fon: +49(228) / 52675-0       | fon: +49(30) / 27594853
fax: +49(228) / 52675-25      | fax: +49(30) / 78709617

GeschC$ftsfC<hrer
Boris Esser, Elmar Geese
HRB AG Bonn 5168
Ust-ID: DE122264941

greytrapping and sendmail

Reply via email to