From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Fri, 24 Sep 2010 18:00:33 -0400 To: 9fans@9fans.net Message-ID: <08b8b73ef7fbf7cdbb79366db907b964@ladd.quanstro.net> In-Reply-To: <16cb46287d02e72db4f9dc496c6ac6e0@9netics.com> References: <16cb46287d02e72db4f9dc496c6ac6e0@9netics.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-bsdjfprjtobgorfezqqxhyoibs" Subject: Re: [9fans] smtpd integration with spamhaus Topicbox-Message-UUID: 5a2475a0-ead6-11e9-9d60-3106f5b1d025 This is a multi-part message in MIME format. --upas-bsdjfprjtobgorfezqqxhyoibs Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit On Fri Sep 24 17:34:08 EDT 2010, 9nut@9netics.com wrote: > oops! wasn't finished yet. i guess i'm getting the hang of "publish > early and often" > > it should be easy, as my unfinished shell is showing. i'm not sure if > i understand the behavior of spammers function when the output is > piped to another program. any ideas? > > > has anyone noodled the idea? spamhaus provides a dns server that > > that can identify if an ip address is a known spammer[1]. i was thinking > > either directly in /sys/src/cmd/upas/smtp/spam.c or through a cs like > > program (parsing binary in shell?) this is what i did. the spamhaus function is largely stolen from steve. he's got a lot of good stuff. all the ugly bits are entirely my fault. - erik --upas-bsdjfprjtobgorfezqqxhyoibs Content-Disposition: attachment; filename=spamhaus Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit #!/bin/rc rfork en sflag=0 if(~ $1 -s){ sflag=1 shift } rev=`{echo $1 | sed 's/([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)/\4.\3.\2.\1/'} #ans=`{ndb/dnsquery $rev^.zen.spamhaus.org>[2]/dev/null|sed -n 's:.* (127\.0\.0\.[0-9]+):\1:p' } ans=`{echo $rev^.zen.spamhaus.org | ndb/dnsquery >[2]/dev/null|sed -n 's:.* (127\.0\.0\.[0-9]+):\1:p' } msg='' for(i in $ans){ switch($i){ case 127.0.0.2 m = 'known spam source' case 127.0.0.4 m = 'composite block list' case 127.0.0.5 m = njabl case 127.0.0.10 m = 'your isps policy' case 127.0.0.11 m = 'sh policy' case * m = 'unknown reason' } if(~ $msg '') msg = $m if not msg = $msg^', '^$m } if(~ $sflag 0 && ! ~ $msg '') echo $msg exit $msg --upas-bsdjfprjtobgorfezqqxhyoibs Content-Disposition: attachment; filename=validatesender Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit #!/bin/rc rfork en # note the patterns in the exception lists are eval'd # later, so wildcards may be quoted. # # force non-explicit matches to fail. gmail specifies allowed hosts, but # then says ?all, defeating all that work. just fail jerks impersonating google. spfescalate=(gmail.com) # ignore spf mismatches from these domains spfign=(*.bell-labs.com mac.com) # these domains get a spamhaus pass shign=(*terzarima.net) # these people are special; give them a pass # dom!addr style. specialed=(yahoo.com!swardd) # these particular senders are blacklisted # motivated by the fact that yahoo calender # is compromised. dropuser=(reply.yahoo.com!calendar-invite comerrec.net!* ecoinfor.com!mail-bounces) fn usage{ echo 'usage: validatesender [-n /net] dom user [ip [hellodom]]' >[1=2] exit usage } fn checkspf{ str=($h spf $*) spfflag=-v if(~ $1 $spfescalate) spfflag=$spfflag^e if(~ $#netroot 1) spfflag=($spfflag -n $netroot) upas/spf $spfflag $* >[2=1] | sed 's:^:'^$"str^' -> :g' >>$log spfstatus=$status spfstatus=`{echo $spfstatus | sed 's:\|.*:: s/^spf [0-9]+://'} if(! ~ $#spfstatus 0 && ! ~ $"spfstatus *none){ if(~ $spfstatus deferred:*) exit $"spfstatus if(! ~ $dom $2) exit 'rejected: '^$"spfstatus } } h=`{date -n} ^ ' ' ^ $sysname ^ ' ' ^ $pid h=$"h log=/sys/log/smtpd.mx #/fd/2 if(! test -w $log) log = /dev/null echo $h validatesender $* >>$log netroot=/net.alt if(~ $1 -n){ shift netroot=$1 shift } if(! ~ $#* [234]) usage dom=$1; addr=$2; ip=$3; helo=$4 if(eval ~ '$dom!$addr' $dropuser) exit 'member of dropuser list' if(~ $dom^!^$addr $specialed) exit '' if(! ~ $#ip 0 && test -x /mail/lib/spamhaus){ spamhaus=`{/mail/lib/spamhaus $ip} if(! ~ $spamhaus '' && eval ! ~ '$dom' $shign){ echo $h spamhaus '->' $spamhaus>>$log exit 'rejected: spamhaus: '^$"spamhaus } if(! ~ $spamhaus '') echo $h spamhaus '->' $spamhaus '(ignored)'>>$log } if(x=`{upas/smtp -p $netroot/tcp!$dom /dev/null $addr >[2=1] | tee >{sed 's/^/'$h' /' >> $log} | tail -1}){ if(~ $#ip 0 || ! test -x /bin/upas/spf) exit '' if(eval ~ '$dom' $spfign) exit '' echo $h spf $dom $ip $addr $helo>>$log checkspf $dom $ip $addr $helo exit '' } smtpstatus=$status if(~ $#x 0) x=$smtpstatus if(~ $smtpstatus *'Permanent Failure'*) exit 'rejected: smtp ping: '^$"x exit 'deferred: smtp ping: '^$"x --upas-bsdjfprjtobgorfezqqxhyoibs--