Mailfromd |
|
General-Purpose Mail Filter |
Sergey Poznyakoff |
Mailfromd Manual (split by node): | ? |
In this section we will discuss a working example of the filter script file. For the ease of illustration, it is divided in several sections. Each section is prefaced with a comment explaining its function.
This filter assumes that the ‘mailfromd.conf’ file contains the following:
relayed-domain-file (/etc/mail/sendmail.cw, /etc/mail/relay-domains); io-timeout 33; database cache { negative-expire-interval 1 day; positive-expire-interval 2 weeks; }; |
Of course, the exact parameter settings may vary, what is important
is that they be declared. See section Configuring mailfromd
, for a
description of mailfromd
configuration file syntax.
Now, let's return to the script. Its first part defines the configuration settings for this host:
#pragma regex +extended +icase set mailfrom_address "<>" set ehlo_domain "gnu.org.ua" |
The second part loads the necessary source modules:
require 'status' require 'dns' require 'rateok' |
Next we define envfrom
handler. In the first two rules, it
accepts all mails coming from the null address and from the machines
which we relay:
prog envfrom do if $f = "" accept elif relayed hostname($client_addr) accept elif hostname($client_addr) = $client_addr reject 550 5.7.7 "IP address does not resolve" |
Next rule rejects all messages coming from hosts with dynamic IP addresses. A regular expression used to catch such hosts is not 100% fail-proof, but it tries to cover most existing host naming patterns:
elif hostname($client_addr) matches ".*(adsl|sdsl|hdsl|ldsl|xdsl|dialin|dialup|\ ppp|dhcp|dynamic|[-.]cpe[-.]).*" reject 550 5.7.1 "Use your SMTP relay" |
Messages coming from the machines whose host names contain something similar to an IP are subject to strict checking:
elif hostname($client_addr) matches ".*[0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}.*" on poll host $client_addr for $f do when success: pass when not_found or failure: reject 550 5.1.0 "Sender validity not confirmed" when temp_failure: tempfail done |
If the sender domain is relayed by any of the <yahoo.com
>
or <nameserver.com
> ‘MX’s, no checks are performed. We
will greylist this message in envrcpt
handler:
elif $f mx fnmatches "*.yahoo.com" or $f mx fnmatches "*.namaeserver.com" pass |
Finally, if the message does not meet any of the above conditions, it is verified by the standard procedure:
else on poll $f do when success: pass when not_found or failure: reject 550 5.1.0 "Sender validity not confirmed" when temp_failure: tempfail done fi |
At the end of the handler we check if the sender-client pair does not exceed allowed mail sending rate:
if not rateok("$f-$client_addr", interval("1 hour 30 minutes"), 100) tempfail 450 4.7.0 "Mail sending rate exceeded. Try again later" fi done |
Next part defines the envrcpt
handler. Its primary purpose
is to greylist messages from some domains that could not be checked
otherwise:
prog envrcpt do set gltime 300 if $f mx fnmatches "*.yahoo.com" or $f mx fnmatches "*.namaeserver.com" and not dbmap("/var/run/whitelist.db", $client_addr) if greylist("$client_addr-$f-$rcpt_addr", %gltime) if %greylist_seconds_left = %gltime tempfail 450 4.7.0 "You are greylisted for %gltime seconds" else tempfail 450 4.7.0 "Still greylisted for " . %greylist_seconds_left . " seconds" fi fi fi done |
Mailfromd Manual (split by node): | ? |
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.