On Fri, 2015-03-13 at 13:12 -0700, Gordon Messmer wrote:
> On 03/13/2015 08:58 AM, Lindsay Haisley wrote:
> >
> > I will welcome any corrections, improvements or comments on this code.
> 
> 1: I'm pretty sure the patch can be made much smaller by simply changing 
> "sender" to the network address when use_blocks is True.

I opted to retain all the information in the return value from
getSendersMta() and pull the v4 address out of it.  I suppose there's
another call which returns the straight IP address.  I didn't check

> 2: Using regex to deal with addresses is kinda gross.

Well..., yes ;)  How would you isolate the first 3 octets of the IP
address without using the python re module?  If this could be used in
place of the return from getSendersMta() then the code could be
structured as before, which is considerably simpler.  I've found,
though, that the full string returned from getSendersMta() is _very_
useful in log analysis.  I've been building a dynamically maintained
database of spam sources by manually grepping for "Too many" in the log
file and doing a whois on the identified full IP addresses.  It's a lot
of work, but this database is already cutting back substantially on the
amount of spam which makes it past our other filters.  My guess is that
90% of the commercial spam on the Internet originates from about 200
servers.

> 3: Patch doesn't support IPv6.  Which reminds me that I need to write 
> some code to fix other IPv6 handling deficiencies with smtpaccess.

That's very true.  A couple of points on this, as regards ratelimit.py.
Courier on my servers is IPv6 enabled, and addresses are posted to the
log in the form "::ffff:a.b.c.d", a hybrid notation which I think is
deprecated at this point, although it works.  The regexp in my patch
takes this into account.  The second point is that I have yet to see
spam coming in over a pure IPv6 address, which is understandable
considering that I don't publish an MX record pointing to an AAAA
record.  We know that spammers frequently use a collection of v4
addresses within a /24 block in the course of a single spew, which makes
this patch useful.  What's the equivalent for IPv6 addresses?  Is
spamming over IPv6 common enough that it's possible to see a similar
pattern?

I'd emailed you personally about this earlier, but didn't hear from you
and I figured it was best, if I wanted this feature, to go ahead and get
the ball rolling myself since I know python and your code is clearly
written and commented.  Thanks!

-- 
Lindsay Haisley       | "UNIX is user-friendly, it just
FMP Computer Services |       chooses its friends."
512-259-1190          |          -- Andreas Bogk
http://www.fmp.com    |


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to