Re: Using rbl on a per domain basis?

[Gabriel Ambuehl]

-----BEGIN PGP SIGNED MESSAGE-----

Monday, October 01, 2001, 9:54:26 AM, you wrote:

ok, this is not as easy as I thought as unfortunately, I missed to
recognize that vdelivermail got no possibility to get TCPREMOTEIP.

So the first approach I propose is the following:
1) Use a patched rblsmtpd, that adds a header line if rbl wants to
   block the message.

This can be done by several ways: the easy solution would probably be
to simply use the patches
 - http://www.lamer.de/maex/creative/software/qmail/103-rblid/
 - http://www.lamer.de/maex/creative/software/ucspi-tcp/

The harder one would be to actually write a custom set of patches,
which I personally don't want to do cause I'm somewhat scared by
djb's
code in rblsmptd (I'm also not sure whether it would be possible to
come up with a patch that goes only against rblsmtpd only, leaving
qmail-stmpd alone).

2) use eps to filter for the header line added by the patch in case
rbl wanted to block the message.

I for myself don't like this approach cause I've never been a fan of
patching software (ok, I admit I'm using a tarpit patch but that's
about what there is in my case) and it makes up a rather high
obstacle
for the newbies to use rbl.

Now there's another possibility, which involves parsing Received
Headers: qmail's Received syntax is the following:
1) First header it will add looks like
Received: from [REMOTEHOST] ([REMOTEIP])
  by [LOCALHOST] with SMTP; [RfC822 date and time]
2) Second header (so the top one):
Received: (qmail [PID] invoked from network); [RfC822 date and time]

Which in reality looks like:
Received: (qmail 29683 invoked from network);
1 Oct 2001 19:20:54 -0000
Received: from ns1.inter7.com (209.218.8.2) by 0 with SMTP;
 1 Oct 2001 19:20:54 -0000

Interesting is the second line which is always
Received: from [HOST] ([IP])
I think this would be reasonably easy to parse using eps to filter
out
the first line starting with Received: from and either parse it
himself and do the rbl lookup (I have working code to do the lookup
given someone hands the IP, which can easily be modified to parse
this
ONE header line) or simply hand it over to a simple external client
that
does the job and look at the exit status.

Now I don't know if eps can do all what I need it to, but I for
myself
would prefer this approach. For qmailadmin to support it, it could
either be done with a checkbox that simply installs a default eps
filter doing only that or using some more sophisticated way that
allows user to either edit the rules themselves or even some sort of
GUI where the users can click their rules together.

Thoughts?














Best regards,
 Gabriel


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i

iQEVAwUBO7rAMsZa2WpymlDxAQGe0gf5AaXL0Gd1bcNSALmxPZN1zM5ESAf1Nsm8
EeWJtZIviCSxrjnrYN5CnrRGW3O3LdCZVas+cqbQFv7zxcvPrQV2gfp2DRMqqT5F
SnmAyMn/5/hSOjGvMi6qzKQs5t0kjYGTkIgABJebLc4x+1e19GC1zBCCaAxV6rf6
rjAW3VkO3wyLmQm8+KB0epS6C3xK2O+Agqi4bWzgtHKIPK/2RDWxGNdeATx4GA7w
IthxsHmU7DOJAzLjRaJRYbnX1pKwYtFBaBJL/Utac5Zb21BxStkXCrdZOlTJ1uzE
MB+mHtRYAzqLINMp56zKG6NrAd39pWUQnTGszSzFq5R7YrbyjVDPWw==
=q1su
-----END PGP SIGNATURE-----