[9fans] latest smtpd anti-spam

[9fans] latest smtpd anti-spam

[Geoff Collyer]

If you pull now, you'll get an smtpd with my most recent anti-spam
measure in it.  It's intended for sites with separate inside and
outside networks.  If you have a /mail/lib/senders file, the envelope
of an incoming message will be checked to verify that mail to
particular addresses is coming only from a certain set of domains
names or IP addresses.  Addresses not mentioned in /mail/lib/senders
are not affected by this processing.

There's a single system-wide list because implementing per-user lists
would require fully resolving recipient addresses to determine which
users they correspond to, in smtpd, since we're again trying to keep
the spam from being sent.  In a trusting environment, I suppose one
could make /mail/lib/senders world-writable and append-only.

To make use of this, I have added a single rule to /mail/lib/rewrite:

	# user.* → user
	(local!)?([^!.]+)\.[^!]+ alias	\2

before local mail delivery but after alias file translation.  This
means that any incoming mail to geoff.anything gets treated as mail to
geoff.  I can then invent addresses on the fly when filling out web
forms.  It's a hook that allows for a number of possible tricks, among
them tracking who is leaking your addresses to spammers.  sendmail
does something similar with user+tag addresses; I like dot in part
because it's unshifted and easy to type.

This is my /mail/lib/senders; the first column is a recipient address
and the second is domain name or IP address of a legitimate sending
system for that recipient address.  For example, I should only get
mail to geoff.9fans from mail.cse.psu.edu (and only ever have, I
scanned my mail logs).  When given a domain name, we look up the name
and compare all the returned IP addresses against our peer's IP. This
is safer than reverse mapping the peer's IP since people who control
their reverse maps can lie, especially if they run BIND instead of
Plan 9's dns.  Reverse dns maps are also sometimes accidentally
missing or wrong at sites that run BIND.

	# collyer.net!geoff.buy mail03.rm04.net
	# collyer.net!geoff.ubc www.bussops.ubc.ca
	collyer.net!geoff.9fans mail.cse.psu.edu
	collyer.net!geoff.monster smtp-nat.ma.tmpw.net
	collyer.net!geoff.monster smtp-nat.in.tmpw.net
	# for register.com, IP addresses are more stable than DNS names
	collyer.net!geoff.register 209.67.50.16
	collyer.net!geoff.register 216.21.228.13
	collyer.net!geoff.register 216.21.229.220
	collyer.net!geoff.register 216.32.192.101
	collyer.net!geoff.sans 63-100-47-56.sans.org
	collyer.net!geoff.spamcop vmx1.spamcop.net
	collyer.net!geoff.std europe.std.com
	collyer.net!geoff.std smtp.theworld.com
	collyer.net!geoff.toad new.toad.com
	collyer.net!geoff.well assassin.well.com
	collyer.net!geoff.well smtp.well.com

Here are a few rejections from /sys/log/smtpd, just within the last
few hours.  It's a very good bet that every one of the senders is a
spammer, since they have no legitimate reason to be sending mail to
geoff.9fans, geoff.register, nor geoff.spamcop.

cpud Mar 14 21:06:21 Disallowed sending IP of HANMAIL.NET!geoff.9fansgeoff.9fans (Server.fremantle.juliennepenny.com.au/202.154.89.214) to collyer.net!geoff.9fans
cpud Mar 14 21:44:10 Disallowed sending IP of lawyer.com!btijd (63.192.14.235/61.173.241.234) to collyer.net!geoff.9fans
cpud Mar 14 21:54:30 Disallowed sending IP of dsl-verizon.net!ua.peck (63.192.14.235/219.95.192.19) to collyer.net!geoff.spamcop
cpud Mar 14 22:05:46 Disallowed sending IP of sbprss.com!bTpISwhu (qb3.sbprss.com/66.54.93.250) to collyer.net!geoff.register
cpud Mar 14 23:00:05 Disallowed sending IP of yahoo.com!pwlyutuox (12-215-216-14.client.mchsi.com/12.215.216.14) to collyer.net!geoff.9fans
cpud Mar 15 00:42:43 Disallowed sending IP of netzero.com!vdjrp (218.93.19.82/218.93.19.82) to collyer.net!geoff.9fans
cpud Mar 15 01:00:57 Disallowed sending IP of rescueteam.com!pthregmkobe (pd950f731.dip.t-dialin.net/217.80.247.49) to collyer.net!geoff.9fans