On Wednesday 17 September 2003 12:27, you wrote:
> ----- Original Message -----
> From: "Jesse Guardiani" <[EMAIL PROTECTED]>
>
> > I have written (and currently use in production) a python script
> > designed to block email addresses and/or domains using a flat file/auto
> > generated CDB file.
> >
> > It differs from the badmailfrom file in that it:
> >
> > 1.) Uses a CDB database for bad from address lookups
> > 2.) Checks the envelope sender address of the incoming email (like
> > traditional badmailfrom), AND blocks based on the email header's
> > from address.
> >
> > The script is very efficient (for an interpretted script) and fast.
> > It's also well tested at this point, and relatively bug-free. It
> > runs under qmail-qfilter (a C wrapper for QMAILQUEUE scripts).
> >
> > Let me know if you're interested.
>
> I'm very interested. Please email me the script and any instructions you
> may have.
Here is the script and supporting files:
ftp://ftp.wingnet.net/pub/MAIL/qmail-related/queue-filters/block-forged-sender.tar.gz
And here is a quick patch against qmail-qfilter to make it call qmail-scanner-queue.pl
instead of qmail-queue:
ftp://ftp.wingnet.net/pub/MAIL/qmail-related/queue-filters/qmail-qfilter-scanner.diff
And I have attached my typical setup instructions to this email. Please test this
script
on a test system, NOT a production system! There are MANY things that can go wrong
with a low-level filter script install like this. Use at your own risk!
Note: Most of the block-forged-sender.py script is regurgitated/slightly modified TMDA
code, but there are a few distinctions, like the fact that block-forged-sender.py ONLY
loads the headers of the email into memory, and TMDA actually loads the entire email
into memory. In this respect, block-forged-sender.py is much more efficient than TMDA.
--
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)
http://www.wingnet.net
# -----------------------------------------------------------------
# 29.) do the qmail-qfilter build && install
# -----------------------------------------------------------------
fetch http://untroubled.org/qmail-qfilter/qmail-qfilter-1.5.tar.gz
mkdir qmail-qfilter-scanner-diff
cd qmail-qfilter-scanner-diff
fetch
ftp.wingnet.net/pub/MAIL/qmail-related/queue-filters/qmail-qfilter-scanner.diff
cd ..
tar -xvzf qmail-qfilter-1.5.tar.gz
cd qmail-qfilter-1.5
# --
# Patch qmail-qfilter to call qmail-scanner-queue.pl (virus scanner)
# instead of the qmail-queue binary. qmail-scanner-queue.pl will then
# call qmail-queue.
# --
patch <../qmail-qfilter-scanner-diff/qmail-qfilter-scanner.diff
# --
# Make a temporary directory that only qmail-qfilter has write
# permissions to.
# --
mkdir /var/qmail/tmp
chown qmaild:qmail /var/qmail/tmp
chmod 750 /var/qmail/tmp
# --
# Do build & install
# --
gmake
./installer
cd ..
# -----------------------------------------------------------------
# 30.) do the queue-filters install
# -----------------------------------------------------------------
mkdir queue-filters
cd queue-filters
fetch
ftp.wingnet.net/pub/MAIL/qmail-related/queue-filters/block-forged-sender.tar.gz
# --
# NOTE: block-forged-sender.py is a python script. It REQUIRES
# Python 2.x or higher AND the py-cdb module to be
# installed. FreeBSD's Python package does NOT come with
# the py-cdb module installed by default. It resides in
# a seperate port/package, and can be installed like this:
#
# cd /usr/ports
# make search name=py22-cdb
#
# Then either this:
#
# cd /usr/ports/databases/py-cdb
# make
# make install
#
# Or something like this:
#
# portupgrade -NNP <py22-cdb-package-name-from-make-search-goes-here>
#
# --
mkdir /var/qmail/queue-filters
chown qmaild:qmail /var/qmail/queue-filters
chmod 750 /var/qmail/queue-filters
tar -C /var/qmail/queue-filters -xvzf block-forged-sender.tar.gz
chown -R qmaild:qmail /var/qmail/queue-filters/*
chmod -R 754 /var/qmail/queue-filters/*
cd ..
# --
# Now, we should set up logging for block-forged-sender:
# block-forged-sender, by default, uses the syslog name 'bfs' when
# logging.
#
# If you would like to change the default log name, please run:
/var/qmail/queue-filters/block-forged-sender.py --help
# for command line options and more information.
#
# The below information assumes the default log name: bfs
# --
vim /etc/syslog.conf
# --
# Add the following to the bottom of syslog.conf:
# --
#
# !bfs
# *.* /var/log/mailblock
#
# --
# and uncomment.
# --
vim /etc/newsyslog.conf
# --
# Then add the following to newsyslog.conf:
# --
#
# /var/log/mailblock 640 7 * @T00 J
#
# --
touch /var/log/mailblock
chown root:wheel /var/log/mailblock
chmod 644 /var/log/mailblock
killall -HUP syslogd
vim /var/qmail/supervise/qmail-smtpd/run
# --
# In /var/qmail/supervise/qmail-smtpd/run, Change the
# softlimit from 2000000 to 15000000. This allows qmail-smtpd
# to use more memory, which allows it to run qmail-qfilter/
# block-forged-sender.py AND qmail-scanner/ClamAV.
#
# My tests have shown that block-forged-sender.py can use up
# to 5M of RAM while searching incoming messages. However,
# block-forged-sender.py is VERY effecient and will NOT load
# the entire message into memory. Instead, it passes the
# message from STDIN to STDOUT in 256 byte chunks.
#
# Ideally, the qmail-smtpd->qmail-qfilter->block-forged-sender.py->
# qmail-scanner-queue.pl->clamdscan->qmail-queue "pipeline"
# would only require about 8-10M of softlimit RAM, but for some
# reason qmail-scanner-queue.pl thinks it's necessary to run two
# instances of itself while it passes the message off to qmail-queue,
# which effectively adds another 5M of RAM to the required softlimit.
# --
# --
# You're pretty much done installing block-forged-sender now.
# However, a few things must still be done which this manual
# does not cover:
#
# 1.) Populate /var/qmail/queue-filter/badsenders with a list
# of domains/email addresses you wish to block. You can do
# this manually or via cron script.
# 2.) Populate your QMAILQUEUE environment variable in
# /etc/tcp.smtp with "queue-filters/block-forged-sender",
# like this:
#
# 127.0.0.1:allow,QMAILQUEUE="queue-filters/block-forged-sender"
#
# and rebuild your /etc/tcp.smtp.cdb by running the
# following command:
#
# qmailctl cdb
#
# 3.) Try sending some forged emails to your server via
# telnet or sendmail, then check /var/log/mailblock to
# see if it's working.
# --
