All,
I've had another chance to look into this after a few months. I'm not a
Perl whizz by any means but I've modified the amavisd binary to find a
client ip address in a header added by the MTA. I'm sure I'm not the only
person with a requirement for this feature so I'll document what I did:
Firstly there is a patch for amavisd-new-2.5.3:
-----------------------------------------------------------------
909c909
< 'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'.
---
> 'UPDATE msgs SET client_addr=?, content=?, quar_type=?, quar_loc=?,
dsn_sent=?,'.
10702c10702
< In-Reply-To References Precedence List-Id User-Agent
X-Mailer
---
> In-Reply-To References Precedence List-Id User-Agent
X-Mailer X-My-ClientAddr
10739,10740d10738
<
<
16365a16364,16381
>
>
> # ---- RB ----
> my($cip) =
untaint($msginfo->orig_header_fields->{'x-my-clientaddr'});
>
> chomp($cip);
> $cip =~ s/^\s+//;
>
> do_log(4, "Client addr of message from header is %s", $cip);
>
> my($client_addr);
> if(!defined $msginfo->client_addr) {
> $client_addr = $cip;
> } else {
> $client_addr = $msginfo->client_addr;
> }
>
>
16407a16424
> $client_addr,
-----------------------------------------------------------------
The code above looks for a header called 'X-My-ClientAddr' in the original
message, which (if XFORWARD didn't get there first) is used as the original
client's IP address. As per Mark's earlier email on the topic, the message
headers aren't available during the insert operation (ins_msg query) so
I've had to modify the second 'upd_msg' query to insert the value into the
database. This does mean that we're updating that field twice per message
but that's not exactly going to add a massive overhead to the server.
Admittedly this means that I need to reapply the patch everytime I upgrade
amavis though it's only 10 lines of code so that's not a massive problem.
Within my transport within Exim I then have:
headers_add = X-My-ClientAddr: $sender_host_address
Which appends the header with the IP address of the server that relayed the
message onto Exim. Of course a second header is then appended once the
message is reinjected into Exim containing '127.0.0.1' but you can soon set
Exim to remove both before relaying the message on.
What is interesting now that I can see where spam is coming from is the
amount of IP addresses sending the same spam emails to multiple domains -
it just shows why Razor and Pyzor are so effective. Perhaps the next thing
to look into is Messagelabs-esq traffic shaping on known spammers IPs - has
anybody done this?
Admittedly the intended XFORWARD method is much cleaner though I hope this
helps somebody trying to achieve the same.
Richard
On Mon, 20 Aug 2007 11:48:45 -0400, Richard Bishop
<[EMAIL PROTECTED]> wrote:
>
> I noticed today that there is a client_addr field in the r/w database
that
> stores the source server's IP address. On my setup (Exim4 -> Amavisd-new
> -> Exim4) this is always populated with NULL.
>
> Having checked the mailing list I see that this is reliant upon the
> XFORWARD feature of Postfix (details on this are here for anybody not
> aware of it - http://www.postfix.org/XFORWARD_README.html). Obviously
> Exim doesn't have this feature - though there is a patch available
> (http://lists.exim.org/lurker/message/20060518.093957.3322cd9c.en.html).
>
> Has anybody found a way / have any suggestion how to get this working
> using Exim rather than Postfix? I'm not too keen about patching either
> Exim or Amavis because it makes upgrading a headache. I've not looked
> into the code that deeply though surely the same information could be
> carried in a standard header called 'X-Forward-IP' (or similar)?
>
> Is it really that easy or am I missing something somewhere? The general
> opinion on the Exim-dev list seems to be that the XFORWARD feature isn't
> required so it doesn't look like the patch will make it into the official
> binary any time soon.
-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
