John Beaver wrote:
> Benyes Krisztián wrote:
>
>> Hi!
>>
>> In my case I did the following:
>>
>> I have a real-time "unknown users" collector which gains those mail-
>>
>>
> I'd love to see how your doing this. Do you have this solution/scipts
> documented that you could send/post?
>
I have a similar system that has sort of grown by accretion. It started
off by me hijacking a perl filter that does spf-checking and noting
unknown addresses. Were I to do it again I would pay more attention to
naming stuff properly, other than that it works ok.
In /etc/postfix/main.cf:
--
spf1 unix - n n - - spawn
user=postfix-policy
argv=/usr/share/doc/packages/postfix/examples/smtpd-policy/spf1.pl
--
In /etc/postfix/master.cf:
--
smtpd_recipient_restrictions =
...
check_policy_service unix:private/spf1
--
The spf1.pl thing is basically the spf.pl that comes with postfix, but I
have replaced the checking function with a hodge-podge of spf-annotation
and spamtrap population. I am not rejecting based on spf-result, merely
adding a header so that my spam-filter can have that info to score on.
The main thing in this context is the other thing this funcion is doing,
namely harvesting addresses for spamtraps.
I do way too much logging and uglify the headers in the incoming email
significantly. I have a very short list of valid local users, the check
for valid users could be replaced with a standard perl call to look up
stuff from /etc/passwd, or any other scheme you can think of. I'm not
showing a complete script, but if you know perl you should have no
problem patching together your own equally gross hack. The only neat bit
is the spamtrap harvesting. Im looking for unknown recipients that look
like message-ids. I am actually receiving a steady tricle of new
spamtrap entries this way.
--
#some added setup not in the original script:
use Fcntl;
use Sys::Syslog qw(:DEFAULT setlogsock);
use strict;
use DBI();
# I'm not showing the whole script on purpse. Go to the source in the
postfix docs and
# make your own hack. Mine is not fit for being run as is.
# Connect to the database. EVERY time an email arrives. Should make this
# into an LMTP daemon.
my $dbh = DBI->connect("DBI:mysql:database=policyd;host=localhost",
"postfix", "hidden",
{'RaiseError' => 1});
# ----------------------------------------------------------
# plugin: SPF
# ----------------------------------------------------------
# not: I've sanitized this function before posting. invalid-user-blah are
# real users on my system in the script I'm running.
sub sender_permitted_from {
local %_ = @_;
my %attr = %{ $_{attr} };
my $query = new Mail::SPF::Query (ip =>$attr{client_address},
sender=>$attr{sender},
helo =>$attr{helo_name});
my ($result, $smtp_comment, $header_comment) = $query->result();
if(! scalar(grep {$_ eq lc($attr{recipient}) }
("[EMAIL PROTECTED]"
,"[EMAIL PROTECTED]"
,"[EMAIL PROTECTED]"
,"[EMAIL PROTECTED]"
,"[EMAIL PROTECTED]"
,"[EMAIL PROTECTED]"))){
syslog(info=>"spf1: %s: unknown recipient %s:",
$attr{queue_id}, $attr{recipient});
if(substr($attr{recipient},-19) eq "[EMAIL PROTECTED]"){
my $localpart = substr($attr{recipient},0,-19);
if ($localpart =~
m((\.fsf)|([0-9][0-9][0-9][0-9][0-9][0-9][0-9])\Z) or
$localpart =~
m(\A[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\.)) {
my $spamtraps = $dbh->selectall_hashref("SELECT * from
spamtrap","_rcpt");
syslog(info=>"spf1: %s: numeric/msgid localpart %s: length: %s",
$attr{queue_id},
$localpart,
length($localpart) );
if(! defined( ${$spamtraps}{ $attr{recipient}})){
syslog(info=>"spf1: %s: %s not in spamtraps, adding",
$attr{queue_id}, $attr{recipient});
$dbh->do("INSERT INTO spamtrap VALUES ( '$attr{recipient}', 1);");
} else {
syslog(info=>"spf1: %s: %s already in spamtraps",
$attr{queue_id}, $attr{recipient});
}
} else {
syslog(info=>"spf1: %s: %s does not match spamtrap regex",
$attr{queue_id}, $attr{recipient});
}
} else {
syslog(info=>"spf1: %s: non-local recipient %s:",
$attr{queue_id}, $attr{recipient});
}
}
syslog(info=>"%s: SPF %s: %s client/sender/helo:%s/%s/%s",
$attr{queue_id}, $result, ($smtp_comment ? $smtp_comment :
$header_comment), $attr{client_address},$attr{sender},$attr{helo_name});
if ($result eq "pass") {
return "PREPEND X-SPF-result: " . $result ;
}
# elsif ($result eq "fail") { return "REJECT " . ($smtp_comment ||
$header_comment); }
elsif ($result eq "fail") {
return "PREPEND X-SPF-result: " . $result ;
}
# elsif ($result eq "error") { return "450 temporary failure:
$header_comment"; } #should be defer_if_permit, not 450
elsif ($result eq "error") {
return "PREPEND X-SPF-result: " . $result ;
}
else {
return "PREPEND X-SPF-result: " . $result ;
}
# unknown, softfail, and none all return DUNNO
# TODO XXX: prepend Received-SPF header. Wietse says he will add that
functionality soon.
}
--
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users
