/etc/qpsmtpd is where the Qpsmtpd config files live on my system. I'm
running Debian and that's the default location. Only some of the
programs for this plugin are running as part of Qpsmtpd -- how do I
figure out where the Qpsmtpd config directory lives? If there is an
easy reliable answer, I'll change my defaults to use that mechenism.
I choose to use OOPS for the persistent store. A dependency on mysql
or PostgreSQL comes from that. There are always tradeoffs. OOPS
makes many things easy and a few things difficult.
-Dave
On 10/27/06, Brian Szymanski <[EMAIL PROTECTED]> wrote:
2 quick notes about your plugin and then a tangentially related rant:
- Isn't /etc/qpsmtpd a weird place to put configurations? Don't these
belong in $QPSMTPD_HOME/config ?
- Why depend on a full fledged SQL backend, when you have support for
DBD files to deal with various other things? The option to use DBD
files as backend would make me much more interested in this plugin...
<rant>
Comcast is quite notorious for overzealous blacklisting. It's
blacklisted two seperate organizations I worked for in a row, one for
a bogus reason related to an opt-in email, the other we could never
find out why they had done it. In both cases it took 2-3 weeks to get
the damn problem resolved. And if you do a bit of googling you see
that many others have had this problem.
Comcast, generally, sucks. I say that as a comcast customer as well
(it's taken them more than 1.5 months (!) since the first attempted
install to get my cable set up right, and it still drops out every
few hours for no apparent reason).
</rant>
Cheers,
Brian
On Oct 26, 2006, at 4:24 PM, David Muir Sharnoff wrote:
>
> NAME
> Qpsmtpd::Plugin::Quarantine - filter outbound email to prevent
> blacklisting
>
> SYNOPSIS
> Qpsmtpd quarantine plugin:
>
> use Qpsmtpd::Plugin::Quarantine;
>
> The quarantine.cgi web page:
>
> use Qpsmtpd::Plugin::Quarantine::CGI;
> main();
>
> In crontab or nightly:
>
> perl -MQpsmtpd::Plugin::Quarantine::Batch -e 'cronjob()'
>
> In crontab (every five minutes?):
>
> perl -MQpsmtpd::Plugin::Quarantine::Batch -e 'sendqueued()'
>
> From the command line:
>
> perl -MQpsmtpd::Plugin::Quarantine::Batch -e 'mailq()'
>
> DESCRIPTION
> Qpsmtpd::Plugin::Quarantine implements and outbound mail filter. A
> substantial number of internet sites will blacklist senders if
> they send
> too much spam. Most will do this without providing enough
> feedback for
> you (the sender) to figure out where the spam is coming from or
> why you
> were blacklisted.
>
> I run ISPs and I've been blacklisted by AOL. I've been
> blacklisted by
> Comcast. Why? Sometimes its because someone is exploting an
> insecure
> formmail CGI on my system and sometimes its simply because I
> allow users
> to forward email and when they do, they end up forwarding spam.
>
> Qpsmtpd::Plugin::Quarantine understands that sometimes the
> sender is the
> victim and sometimes not. The normal situation is that
> Qpsmtpd::Plugin::Quarantine will bounce things that it thinks
> are spammy
> back to the sender with a URL to allow the sender to push the
> message
> onwards. However if the particular recipient is on an override
> list or
> is very popular (maybe because someone is forwarding their mail
> to the
> recipient or maybe they're on a mailing list) then instead of
> bouncing
> to the sender, it will send a note to the recipient letting
> them know
> there is a message waiting for them.
>
> Qpsmtpd::Plugin::Quarantine will only send bounces or
> notifications
> every so often (configurable). Both senders and recipients have
> the
> option (via the website) to have their mail silently discarded
> so that
> they don't get bothered again.
>
> Qpsmtpd::Plugin::Quarantine uses OOPS to store it's persistent
> data in
> mysql or PostgreSQL.
>
> INSTALATION
> Qpsmtpd::Plugin::Quarantine is a Qpsmtpd plugin and a web page
> and a
> shell command and cron jobs. Installation will require some work.
>
> Start with the standard "perl Makefile.PL" and "make install".
>
> Prerequisites
> Install Qpsmtpd. I reccomend using it with postfix. Qpsmtpd
> should be
> the main SMTP listener. It will become your smarthost for your
> other
> mail servers. You can relegate postfix to just handling local
> mail by
> adding "inet_interfaces = 127.0.0.1" to it's "main.cf".
>
> Install mysql or PostgreSQL. Provide the DBI_DSN in either
> /etc/default/qpsmtpd-quarantine.pl or the Qpsmtpd plugins file
> (below).
>
> Qpsmtpd plugin
> Installing the Qpsmtpd plugin is easy. Create a file,
> "/usr/share/qpsmtpd/plugins/quarantine" (or wherever they are)
> with the
> following contents:
>
> use Qpsmtpd::Plugin::Quarantine;
>
> That's it.
>
> In "/etc/qpsmtpd/plugins", create an entry:
>
> #
> # quarantine
> #
> # All of these may be set in the /etc/default/qpsmtpd-
> quarantine.pl. The defaults
> # for these may be found in the
> Qpsmtpd::Plugin::Quarantine::Common module. More
> # things to set can be found there too.
> #
> # dbi_dsn database DSN (eg:
> DBI:mysql:database=quarantine;host=localhost)
> # username database username
> # password database password
> # baseurl URL of quarantine.cgi
> # templates templates directory for email &
> web
> # send_from Email address notifications are
> sent from
> # renotify_recipient_days How often should recipients be
> re-notified of mail waiting (days)
> # renotify_sender_ip On a per-sending-IP basis, how
> often should senders be renotified (days)
> # notify_other_senders Should non-local senders be
> notified at all?
> # notify_recipients How many messages should a
> recipient get before we prefer to notify
> # the recipeint instead of the
> sender. Disable most sender
> # notifications if 0.
> # notify_recipient_only DB hash file of recipients we
> notify in preference to senders
> #
>
> quarantine
>
> This should come before the Queue/delivery plugins like
> "queue/postfix-queue".
>
> /etc/default/qpsmtpd-quarantine.pl
> Create a perl file, "/etc/default/qpsmtpd-quarantine.pl" to
> override the
> defaults that can be found in the first part of the
> "Qpsmtpd::Plugin::Quarantine::Common" module.
>
> For example:
>
> package Foobar;
>
> use Qpsmtpd::Plugin::Quarantine::Common qw(%base_defaults);
>
> $base_defaults{send_from} = '[EMAIL PROTECTED]
> limit.internet-mail-service.net';
>
> /etc/qpsmtpd/recipient.special.db (optional)
> This file is a Berkeley DB HASH file that should contain the email
> addresses of everywhere that mail is sent on a regualar basis
> due to
> forwarding. When these addresses are used as recipients, the
> recipient
> will be notified in preference to the sender. Collect up all
> addresses
> from ".forward" files, ".procmailrc" and "/etc/aliases" files
> from your
> sytems. Dump them into a file and turn them into a DB HASH. With
> postfix, this is done with the "postmap
> hash:/etc/qpsmtpd/recipient.special" command.
>
> /etc/qpsmtpd/sender.special.db (optional)
> This file is a Berkeley DB HASH file that should contain the email
> addresses of senders that trigger spam checking. Unless the config
> parameter "check_all_recipients" is set, we won't spam-check all
> messsages. This database is the set of senders which trigger a
> forced
> spam check.
>
> /etc/qpsmtpd/filter_domains
> This file lists the domains (one per line) that we want to
> avoid sending
> spam to. This should include AOL (aol.com aim.com cs.com
> netscape.net)
> and Comcast (comcast.com comcast.net) at a bare minimum. This
> file is
> required. Do not include the entire Internet (.com .net .org) as
> recipients need to provide a an address that isn't in the list
> in order
> to get their mail forwarded.
>
> /etc/qpsmtpd/our_domains
> This file lists the domains that we receive mail as. Depending
> on other
> configuration options, we'll only bounce back to senders that
> are in
> this list.
>
> /etc/qpsmtpd/our_networks
> This file lists the IP addresses that make up our network. Most
> standard
> notations are recognized (eg: "216.240.40.0/25"). Depending on
> other
> configuration options, we'll only bounce back to senders that
> are in
> this list.
>
> /etc/qpsmtpd/ignore_networks
> Qpsmtpd::Plugin::Quarantine has a notion of what's an internal IP
> address (our_networks) and what is an external IP address. This
> file
> lists IP addresses that are neither. The list starts out with the
> non-routables.
>
> quarantine.cgi
> Create a CGI somewhere. It's a very simple program:
>
> use Qpsmtpd::Plugin::Quarantine::CGI;
> main();
>
> The URL for the CGI needs to be configured as "baseurl" in your
> choice
> of config files.
>
> Alternatively, you can set this up using mod_perl.
> Apache::Registry
> provides what is needed to hook it in. The CGI remains the same.
>
> /etc/qpsmtpd/quarantine-templates
> Copy the "example-templates" directory to
> "/etc/qpsmtpd/quarantine-templates". Modify as you like. All
> should work
> as-is.
>
> /etc/qpsmtpd/quarantine.access
> This is a htpasswd-style password file that controls access to
> the admin
> web page. Create it with "htpasswd -c /etc/qpsmtpd/
> quarantine.access
> adminuser".
>
> Cron jobs
> Install two cron jobs:
>
> 7 7 * * * perl -MQpsmtpd::Plugin::Quarantine::Batch -e cronjob
> */10 * * * * perl -MQpsmtpd::Plugin::Quarantine::Batch -e
> sendqueued
>
> Starting it up.
> To fire it up, send a spammy message to a user at one of the
> filtered
> domains. The main database will auto-initialize.
>
> ADMINISTRATION
> There is a admin web page for looking at senders and
> recipients. The URL
> is "baseurl"/admin. Cookies must be enabled.
>
> Qpsmtpd::Plugin::Quarantine has an internal mail queue. The
> following
> command will dispay what's in it. Messages in quarantine are
> not in the
> mail queue.
>
> perl -MQpsmtpd::Plugin::Quarantine::Batch -e mailq
>
> DEVELOPMENT STATUS
> This is green code, just put into production by its author.
>
> LICENSE
> This software is available with and without the GPL: please
> write if you
> need a non-GPL license. All submissions of patches must come
> with a
> copyright grant so that David Sharnoff remains able to change the
> license at will.
>
> Copyright(C) 2006 David Muir Sharnoff <[EMAIL PROTECTED]>
>
> This program is free software; you can redistribute it and/or
> modify it
> under the terms of the GNU General Public License as published
> by the
> Free Software Foundation; either version 2 of the License, or
> (at your
> option) any later version.
>
> This program is distributed in the hope that it will be useful,
> but
> WITHOUT ANY WARRANTY; without even the implied warranty of
> MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> GNU General
> Public License for more details.
>
> You should have received a copy of the GNU General Public
> License along
> with this program; if not, write to the Free Software
> Foundation, Inc.,
> 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>
