Re: [exim] auto whitelist

Thu, 08 Feb 2007 07:34:02 -0800 

On Wednesday, February 07, 2007 10:11 PM, Joseph wrote:

[snip]
>>> The database contains a simple domainname filed with the domain.com 
>>> without
>>> the @.
[snip]
>
> Looking at the auto whitelist options,
>
> Is there a way to to populate the table with all the domains of sent 
> email?
>
> I saw reference to making a function.
> Is there a sample such function around someone would want to share?

The following is how I distill the recipient addresses:

1. Add "log_selector = +received_recipients" to the configure file, so
    the recipients will be kept in mainlog.  A sample entry looks like

    2006-03-29 00:01:16 1FOGdA-0002MF-3X <= [EMAIL PROTECTED] 
H=(xxxx.xxx.org.xx)
    [xx.xx.xx.xxx] P=esmtp S=14683 
[EMAIL PROTECTED]
    for [EMAIL PROTECTED] [EMAIL PROTECTED]

    [EMAIL PROTECTED] and [EMAIL PROTECTED] are recipients, while 
[EMAIL PROTECTED] is
     the sender.

2. A shell script, invoked by cron at XX:29 and XX:59, processes the
    mainlog and prints recipient addresses to standard output.  The script
    relevant to our discussion is:

# I use TIME_RANGE as a pattern to match entries logged in the previous 30 
minutes.
# TIME_RANGE looks like "^2006-03-29 00:[012]" (depending on when the script 
runs)
MNT=012; if [ "`date +%M`" -ge 30 ]; then MNT=345; fi
TIME_RANGE="^`date +'%F %H:'`[$MNT]"

sleep 50  # delayed for some time, but not a full minute, or it won't work 
when mainlog gets rotated.

< /var/spool/mta/exim/log/mainlog grep "$TIME_RANGE"  |
# preserve only interesting entries. $5 is the sender address.
# If the sender does not belong to our domain, there is no need to keep it.
# the output is a list of sender followed by recipients,
# like "[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]"
awk '$4 == "<=" && tolower($5) ~ /@(contract\.)?xxx\.org\.xx$/ \
     { from = tolower($5); sub(/^.+ for /, ""); \
       print from " " tolower($0); }' |
# transform the data further to single recipient followed by ";" and single 
sender,
# like "[EMAIL PROTECTED];[EMAIL PROTECTED]" and 
"[EMAIL PROTECTED];[EMAIL PROTECTED]",
# to be used as auto whitelist to skip greylisting
awk '{ for (i = 2; i <= NF; i++) \
          if ($i !~ /@(contract\.)?xxx\.org\.xx$/) \
             print $i ";" $1; }' |
# remove duplicated entries
$SORT -u

In fact the script above does more than what you want.  But it's easy to
modify it to serve your purpose.  Hope this helps.

Chih-Cherng Chin 


-- 
## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/

Reply via email to