Mailfromd Manual (split by section):   Section:   Chapter:FastBack: MFL   Up: MFL   FastForward: Library   Contents: Table of ContentsIndex: Concept Index

4.23 Example of a Filter Script File

In this section we will discuss a working example of the filter script file. For the ease of illustration, it is divided in several sections. Each section is prefaced with a comment explaining its function.

This filter assumes that the mailfromd.conf file contains the following:

relayed-domain-file (/etc/mail/sendmail.cw,
                     /etc/mail/relay-domains);
io-timeout 33;
database cache {
  negative-expire-interval 1 day;
  positive-expire-interval 2 weeks;
};

Of course, the exact parameter settings may vary, what is important is that they be declared. See Mailfromd Configuration, for a description of mailfromd configuration file syntax.

Now, let’s return to the script. Its first part defines the configuration settings for this host:

#pragma regex +extended +icase

set mailfrom_address "<>"
set ehlo_domain "gnu.org.ua"

The second part loads the necessary source modules:

require 'status'
require 'dns'
require 'rateok'

Next we define envfrom handler. In the first two rules, it accepts all mails coming from the null address and from the machines which we relay:

prog envfrom
do
  if $f = "" 
    accept
  elif relayed hostname($client_addr)
    accept
  elif hostname($client_addr) = $client_addr
    reject 550 5.7.7 "IP address does not resolve"

Next rule rejects all messages coming from hosts with dynamic IP addresses. A regular expression used to catch such hosts is not 100% fail-proof, but it tries to cover most existing host naming patterns:

   elif hostname($client_addr) matches
         ".*(adsl|sdsl|hdsl|ldsl|xdsl|dialin|dialup|\
ppp|dhcp|dynamic|[-.]cpe[-.]).*"
     reject 550 5.7.1 "Use your SMTP relay"

Messages coming from the machines whose host names contain something similar to an IP are subject to strict checking:

   elif hostname($client_addr) matches
   ".*[0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}.*"
     on poll host $client_addr for $f do
     when success:
       pass
     when not_found or failure:
       reject 550 5.1.0 "Sender validity not confirmed"
     when temp_failure:
       tempfail
     done

If the sender domain is relayed by any of the ‘yahoo.com’ or ‘nameserver.com’ ‘MX’s, no checks are performed. We will greylist this message in envrcpt handler:

   elif $f mx fnmatches "*.yahoo.com"
        or $f mx fnmatches "*.namaeserver.com"
     pass

Finally, if the message does not meet any of the above conditions, it is verified by the standard procedure:

   else
     on poll $f do
     when success:
       pass
     when not_found or failure:
       reject 550 5.1.0 "Sender validity not confirmed"
     when temp_failure:
       tempfail
     done
   fi

At the end of the handler we check if the sender-client pair does not exceed allowed mail sending rate:

   if not rateok("$f-$client_addr", interval("1 hour 30 minutes"), 100)
     tempfail 450 4.7.0 "Mail sending rate exceeded.  Try again later"
   fi
done

Next part defines the envrcpt handler. Its primary purpose is to greylist messages from some domains that could not be checked otherwise:

prog envrcpt
do
  set gltime 300
  if $f mx fnmatches "*.yahoo.com"
     or $f mx fnmatches "*.namaeserver.com"
     and not dbmap("/var/run/whitelist.db", $client_addr)
    if greylist("$client_addr-$f-$rcpt_addr", gltime)
      if greylist_seconds_left = gltime
        tempfail 450 4.7.0
               "You are greylisted for %gltime seconds"
      else
        tempfail 450 4.7.0
               "Still greylisted for " .
               %greylist_seconds_left . " seconds"
      fi
    fi
  fi
done

Mailfromd Manual (split by section):   Section:   Chapter:FastBack: MFL   Up: MFL   FastForward: Library   Contents: Table of ContentsIndex: Concept Index