perl script - bogofilter /smtp daemon (Was: dnsbl'S + bogofilter)
Robin Bowes
robin-lists at robinbowes.com
Thu Nov 18 09:52:01 CET 2004
Hi,
Just adding a bit more informatino to this thread...
If you use qmail (or postfix, I think) then I can highly recommend
qpsmtpd (http://smtpd.develooper.com/). It's a drop in replacement for
qmail-smtpd (and it also works with postfix, I think) which combines
several smam-blocking functions as plugins so you can easily add or
remove them as required.
One particularly useful plugin is "denylog" which logs details of
messages that are blocked so you can see easily just which messages are
being rejected. For example:
2004-11-18 07:20:22.629800500 28740 Rejected a mail:
2004-11-18 07:20:22.629807500 ===========================================
2004-11-18 07:20:22.629812500 mail from: <fmgpgvfuuizf at netian.com>
2004-11-18 07:20:22.629815500 tcp client: 211.113.218.182
[211.113.218.182]
2004-11-18 07:20:22.629819500 relay client: no
2004-11-18 07:20:22.629822500 denied by: dnsbl
2004-11-18 07:20:22.629825500 denial code: 901
2004-11-18 07:20:22.629827500 denial text: Blocked. Contact
spam at netcetera.dk I
nclude this in the subject: 211.113.218.182
2004-11-18 07:20:22.629833500 ===========================================
2004-11-18 07:49:54.639928500 28850 Rejected a mail:
2004-11-18 07:49:54.639935500 ===========================================
2004-11-18 07:49:54.639939500 mail from: <Daphne07 at email.37.com>
2004-11-18 07:49:54.639943500 tcp client: 211.212.148.154
[211.212.148.154]
2004-11-18 07:49:54.639947500 relay client: no
2004-11-18 07:49:54.639949500 denied by: rhsbl
2004-11-18 07:49:54.639952500 denial code: 901
2004-11-18 07:49:54.639955500 denial text: Mail from email.37.com
rejected beca
use it does not accept bounces. This violates RFC 821/2505/2821
http://www.rfc-i
gnorant.org/
2004-11-18 07:49:54.640016500 ===========================================
2004-11-18 08:19:13.529733500 ===========================================
2004-11-18 08:19:13.529737500 tcp client:
pcp09477942pcs.medfrd01.nj.comcast.n
et [69.142.33.238]
2004-11-18 08:19:13.529741500 relay client: no
2004-11-18 08:19:13.529744500 denied by: check_spamhelo
2004-11-18 08:19:13.529747500 denial code: 901
2004-11-18 08:19:13.529762500 denial text: Uh-huh. You're aol.com, and
I'm a b
oil on the bottom of the Marquess of Queensbury's great-aunt.
2004-11-18 08:19:13.529769500 ===========================================
2004-11-18 08:32:58.357237500 29129 Rejected a mail:
2004-11-18 08:32:58.357244500 ===========================================
2004-11-18 08:32:58.357248500 tcp client: mailhost.ntl.com [212.250.162.8]
2004-11-18 08:32:58.357252500 relay client: no
2004-11-18 08:32:58.357255500 denied by: require_resolvable_fromhost
2004-11-18 08:32:58.357258500 denial code: 902
2004-11-18 08:32:58.357261500 denial text: Could not resolve mails.hu
2004-11-18 08:32:58.357265500 ===========================================
From top to bottom, these four messages were rejected because:
1. connecting IP address is on a DNS blocking list (dnsbl)
2. server running at connecting IP address does not accept bounces
3. connecting software announced itself as aol.com - aol.com does not do
that (check_spamhelo)
4. domain in sender email address address does not resolve
(require_resolvable_fromhost)
As the OP said, good though bogofilter is, blocking as much spam as
possible at the initial SMTP conversation is a Good Idea (tm).
R.
--
http://robinbowes.com
More information about the Bogofilter
mailing list