* [9fans] smtpd integration with spamhaus
@ 2010-09-24 21:16 Skip Tavakkolian
2010-09-24 21:23 ` erik quanstrom
0 siblings, 1 reply; 4+ messages in thread
From: Skip Tavakkolian @ 2010-09-24 21:16 UTC (permalink / raw)
To: 9fans
has anyone noodled the idea? spamhaus provides a dns server that
that can identify if an ip address is a known spammer[1]. i was thinking
either directly in /sys/src/cmd/upas/smtp/spam.c or through a cs like
program (parsing binary in shell?)
cpue% whatis spammers
fn spammers {@ {for(i in `{callers}){echo `{revip $i}^.zen.spamhaus.org ip}}|>[2]/dev/null aux/rdwr /net.alt/dns}
cpue% whatis callers
fn callers {netstat -n /net.alt|awk '$5 == "25" && $NF ~ /.*\..*\..*\./ {print $NF}'}
cpue% whatis revip
fn revip {@ {ifs=(.^'
');i=`{echo $1};echo $i(4)^.^$i(3)^.^$i(2)^.^$i(1)}}
cpue% spammers | grep 127
cpue% spammers | sed 10q
>
cpue% spammers
>
>
> 5.174.83.189.zen.spamhaus.org ip 127.0.0.11
>
>
>
> 16.6.16.123.zen.spamhaus.org ip 127.0.0.10
> 38.67.98.71.zen.spamhaus.org ip 127.0.0.10
...
[1] http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Usage#202
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [9fans] smtpd integration with spamhaus
2010-09-24 21:16 [9fans] smtpd integration with spamhaus Skip Tavakkolian
@ 2010-09-24 21:23 ` erik quanstrom
0 siblings, 0 replies; 4+ messages in thread
From: erik quanstrom @ 2010-09-24 21:23 UTC (permalink / raw)
To: 9fans
On Fri Sep 24 17:21:34 EDT 2010, 9nut@9netics.com wrote:
> has anyone noodled the idea? spamhaus provides a dns server that
> that can identify if an ip address is a known spammer[1]. i was thinking
> either directly in /sys/src/cmd/upas/smtp/spam.c or through a cs like
> program (parsing binary in shell?)
>
yes, it's integrated with nupas. there were some changes necessary
to smtpd to get enough info to upas/spf and spamhaus.
nupas smtpd/validatesender should still be compatable with
old upas.
- erik
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [9fans] smtpd integration with spamhaus
2010-09-24 21:27 Skip Tavakkolian
@ 2010-09-24 22:00 ` erik quanstrom
0 siblings, 0 replies; 4+ messages in thread
From: erik quanstrom @ 2010-09-24 22:00 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 764 bytes --]
On Fri Sep 24 17:34:08 EDT 2010, 9nut@9netics.com wrote:
> oops! wasn't finished yet. i guess i'm getting the hang of "publish
> early and often"
>
> it should be easy, as my unfinished shell is showing. i'm not sure if
> i understand the behavior of spammers function when the output is
> piped to another program. any ideas?
>
> > has anyone noodled the idea? spamhaus provides a dns server that
> > that can identify if an ip address is a known spammer[1]. i was thinking
> > either directly in /sys/src/cmd/upas/smtp/spam.c or through a cs like
> > program (parsing binary in shell?)
this is what i did. the spamhaus function is largely
stolen from steve. he's got a lot of good stuff.
all the ugly bits are entirely my fault.
- erik
[-- Attachment #2: spamhaus --]
[-- Type: text/plain, Size: 742 bytes --]
#!/bin/rc
rfork en
sflag=0
if(~ $1 -s){
sflag=1
shift
}
rev=`{echo $1 | sed 's/([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)/\4.\3.\2.\1/'}
#ans=`{ndb/dnsquery $rev^.zen.spamhaus.org>[2]/dev/null|sed -n 's:.* (127\.0\.0\.[0-9]+):\1:p' }
ans=`{echo $rev^.zen.spamhaus.org | ndb/dnsquery >[2]/dev/null|sed -n 's:.* (127\.0\.0\.[0-9]+):\1:p' }
msg=''
for(i in $ans){
switch($i){
case 127.0.0.2
m = 'known spam source'
case 127.0.0.4
m = 'composite block list'
case 127.0.0.5
m = njabl
case 127.0.0.10
m = 'your isps policy'
case 127.0.0.11
m = 'sh policy'
case *
m = 'unknown reason'
}
if(~ $msg '')
msg = $m
if not
msg = $msg^', '^$m
}
if(~ $sflag 0 && ! ~ $msg '')
echo $msg
exit $msg
[-- Attachment #3: validatesender --]
[-- Type: text/plain, Size: 2453 bytes --]
#!/bin/rc
rfork en
# note the patterns in the exception lists are eval'd
# later, so wildcards may be quoted.
#
# force non-explicit matches to fail. gmail specifies allowed hosts, but
# then says ?all, defeating all that work. just fail jerks impersonating google.
spfescalate=(gmail.com)
# ignore spf mismatches from these domains
spfign=(*.bell-labs.com mac.com)
# these domains get a spamhaus pass
shign=(*terzarima.net)
# these people are special; give them a pass
# dom!addr style.
specialed=(yahoo.com!swardd)
# these particular senders are blacklisted
# motivated by the fact that yahoo calender
# is compromised.
dropuser=(reply.yahoo.com!calendar-invite comerrec.net!* ecoinfor.com!mail-bounces)
fn usage{
echo 'usage: validatesender [-n /net] dom user [ip [hellodom]]' >[1=2]
exit usage
}
fn checkspf{
str=($h spf $*)
spfflag=-v
if(~ $1 $spfescalate)
spfflag=$spfflag^e
if(~ $#netroot 1)
spfflag=($spfflag -n $netroot)
upas/spf $spfflag $* >[2=1] | sed 's:^:'^$"str^' -> :g' >>$log
spfstatus=$status
spfstatus=`{echo $spfstatus | sed 's:\|.*::
s/^spf [0-9]+://'}
if(! ~ $#spfstatus 0 && ! ~ $"spfstatus *none){
if(~ $spfstatus deferred:*)
exit $"spfstatus
if(! ~ $dom $2)
exit 'rejected: '^$"spfstatus
}
}
h=`{date -n} ^ ' ' ^ $sysname ^ ' ' ^ $pid
h=$"h
log=/sys/log/smtpd.mx #/fd/2
if(! test -w $log)
log = /dev/null
echo $h validatesender $* >>$log
netroot=/net.alt
if(~ $1 -n){
shift
netroot=$1
shift
}
if(! ~ $#* [234])
usage
dom=$1; addr=$2; ip=$3; helo=$4
if(eval ~ '$dom!$addr' $dropuser)
exit 'member of dropuser list'
if(~ $dom^!^$addr $specialed)
exit ''
if(! ~ $#ip 0 && test -x /mail/lib/spamhaus){
spamhaus=`{/mail/lib/spamhaus $ip}
if(! ~ $spamhaus '' && eval ! ~ '$dom' $shign){
echo $h spamhaus '->' $spamhaus>>$log
exit 'rejected: spamhaus: '^$"spamhaus
}
if(! ~ $spamhaus '')
echo $h spamhaus '->' $spamhaus '(ignored)'>>$log
}
if(x=`{upas/smtp -p $netroot/tcp!$dom /dev/null $addr >[2=1] |
tee >{sed 's/^/'$h' /' >> $log} |
tail -1}){
if(~ $#ip 0 || ! test -x /bin/upas/spf)
exit ''
if(eval ~ '$dom' $spfign)
exit ''
echo $h spf $dom $ip $addr $helo>>$log
checkspf $dom $ip $addr $helo
exit ''
}
smtpstatus=$status
if(~ $#x 0)
x=$smtpstatus
if(~ $smtpstatus *'Permanent Failure'*)
exit 'rejected: smtp ping: '^$"x
exit 'deferred: smtp ping: '^$"x
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [9fans] smtpd integration with spamhaus
@ 2010-09-24 21:27 Skip Tavakkolian
2010-09-24 22:00 ` erik quanstrom
0 siblings, 1 reply; 4+ messages in thread
From: Skip Tavakkolian @ 2010-09-24 21:27 UTC (permalink / raw)
To: 9fans
oops! wasn't finished yet. i guess i'm getting the hang of "publish
early and often"
it should be easy, as my unfinished shell is showing. i'm not sure if
i understand the behavior of spammers function when the output is
piped to another program. any ideas?
> has anyone noodled the idea? spamhaus provides a dns server that
> that can identify if an ip address is a known spammer[1]. i was thinking
> either directly in /sys/src/cmd/upas/smtp/spam.c or through a cs like
> program (parsing binary in shell?)
>
>
> cpue% whatis spammers
> fn spammers {@ {for(i in `{callers}){echo `{revip $i}^.zen.spamhaus.org ip}}|>[2]/dev/null aux/rdwr /net.alt/dns}
> cpue% whatis callers
> fn callers {netstat -n /net.alt|awk '$5 == "25" && $NF ~ /.*\..*\..*\./ {print $NF}'}
> cpue% whatis revip
> fn revip {@ {ifs=(.^'
> ');i=`{echo $1};echo $i(4)^.^$i(3)^.^$i(2)^.^$i(1)}}
> cpue% spammers | grep 127
> cpue% spammers | sed 10q
> >
> cpue% spammers
> >
> >
> > 5.174.83.189.zen.spamhaus.org ip 127.0.0.11
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2010-09-24 22:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-09-24 21:16 [9fans] smtpd integration with spamhaus Skip Tavakkolian
2010-09-24 21:23 ` erik quanstrom
2010-09-24 21:27 Skip Tavakkolian
2010-09-24 22:00 ` erik quanstrom
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).