SHELL=/bin/sh LOGFILE="/home/X-Spam-Check/`date +%Y%m%d`_procmail.log" COMSAT=no VERBOSE=yes LOGABSTRACT=all LOG="--- NEW MAIL --- " # # Friday 9th July 2004 - kul (c) - no selling, passingoff. # # I strongly advise against making any alterations to this little # gem it has taken me a whole day to get this working nicely # Actually this is a MONSTER and could probably be shortened a # tad (read: LOTS), but its working and not dropping mails into # the trash can anymore (replaced FEATURE RBL in sendmail.mc) # Now this procmail will deliver SPAM, but mark what we can # determine to be 'likely' SPAM and allow the user to make final # decision (they should ideally be using Filters in the email # client to place these "[SPAM RBL:" mails into a seperate Folder # for later/closer inspection/confirmation and then deletion # (if the RBL checks got it right). # # TODO: add some decent locking in incase we get zillions of mails # all come at the same time (likely when the secondary mail # server is brought on stream... the queueing of mail after # a network outage might cause corruptions?) # IPLOG="/home/X-Spam-Check/`date +%Y%m%d`_rbl_caught.log" TODAYBLACK="/home/X-Spam-Check/`date +%Y%m%d`_rbl_black.log" TODAYWHITE="/home/X-Spam-Check/`date +%Y%m%d`_rbl_white.log" ALWAYSWHITE="/home/X-Spam-Check/always_white.list" HOSTNAME="`hostname`" DATE="`date`" CAUGHTBY="" ALTER="" WAIT="2" # seconds max to wait for HOST command to get a response SUBJ="SPAM RBL:" # dont use '?' IPSENDER=`formail -c -XReceived | sed 's/^Received: from .*\[\([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\)\].*$/\1/' | head -1` IPSENDER=`expr "$IPSENDER" | awk {'if (/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) {print $0}'}` IPREVERSED=`expr "$IPSENDER" | sed 's~\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)~\4.\3.\2.\1~'` # add the CHECKED header, so we know it came through this server :0 fhw | formail -A "X-Spam-Checked-By: $HOSTNAME" -A "X-Spam-Checked-At: $DATE" :0 * ! IPREVERSED ?? ^^^^ { # check the IP is in our ALWAYS white list, and todays, either is fine INWHITE=`grep --no-filename --max-count=1 --line-regexp "$IPSENDER" $ALWAYSWHITE $TODAYWHITE` :0 * INWHITE ?? ^^^^ { INBLACK=`grep --max-count=1 --line-regexp "$IPSENDER" $TODAYBLACK` :0 * INBLACK ?? ^^^^ { # not in white or black list so is a NEW IP to us today .... check them out # # TEST RBL check (kuls testing RBL, where I can alter whats in it - cool huh) # :0 # * CAUGHTBY ?? ^^^^ # { # RBL="bl.testrbl.cameldns.com" # RUBAD=`host -W$WAIT "$IPREVERSED"."$RBL" | sed 's~^.*\(127\.0\.0\.[0-9]*\)$~\1~'` # :0 # * RUBAD ?? ^^127.0.0.[0-9]*^^ # { CAUGHTBY="$RBL" } # } # SPAMCOP RBL check :0 * CAUGHTBY ?? ^^^^ { RBL="bl.spamcop.net" RUBAD=`host -W$WAIT "$IPREVERSED"."$RBL" | sed 's~^.*\(127\.0\.0\.[0-9]*\)$~\1~'` :0 * RUBAD ?? ^^127.0.0.[0-9]*^^ { CAUGHTBY="$RBL" } } # SPAMHAUS RBL check :0 * CAUGHTBY ?? ^^^^ { RBL="sbl-xbl.spamhaus.org" RUBAD=`host -W$WAIT "$IPREVERSED"."$RBL" | sed 's~^.*\(127\.0\.0\.[0-9]*\)$~\1~'` :0 * RUBAD ?? ^^127.0.0.[0-9]*^^ { CAUGHTBY="$RBL" } } # RELAYS.ORDB RBL check :0 * CAUGHTBY ?? ^^^^ { RBL="relays.ordb.org" RUBAD=`host -W$WAIT "$IPREVERSED"."$RBL" | sed 's~^.*\(127\.0\.0\.[0-9]*\)$~\1~'` :0 * RUBAD ?? ^^127.0.0.[0-9]*^^ { CAUGHTBY="$RBL" } } # OPM.BLITZED RBL check :0 * CAUGHTBY ?? ^^^^ { RBL="opm.blitzed.org" RUBAD=`host -W$WAIT "$IPREVERSED"."$RBL" | sed 's~^.*\(127\.0\.0\.[0-9]*\)$~\1~'` :0 * RUBAD ?? ^^127.0.0.[0-9]*^^ { CAUGHTBY="$RBL" } } # LIST.DSBL RBL check :0 * CAUGHTBY ?? ^^^^ { RBL="list.dsbl.org" RUBAD=`host -W$WAIT "$IPREVERSED"."$RBL" | sed 's~^.*\(127\.0\.0\.[0-9]*\)$~\1~'` :0 * RUBAD ?? ^^127.0.0.[0-9]*^^ { CAUGHTBY="$RBL" } } } } } # add to TODAY WHITE LIST :0 * CAUGHTBY ?? ^^^^ * INWHITE ?? ^^^^ * INBLACK ?? ^^^^ { UNDEF="`echo \"$IPSENDER\" >> $TODAYWHITE`" } # add to TODAY BLACK LIST :0 * ! CAUGHTBY ?? ^^^^ * INWHITE ?? ^^^^ * INBLACK ?? ^^^^ { UNDEF="`echo \"$IPSENDER\" >> $TODAYBLACK`" } # did we decide that the email was SPAM? :0 * ! CAUGHTBY ?? ^^^^ { ALTER="yes" } # get the RBL name from the IPLOG as we dont know the RBL that says this IP is BLACK :0 * ! INBLACK ?? ^^^^ { ALTER="yes" RBL="`grep --max-count=1 \":$IPSENDER$\" $IPLOG | awk -F':' {'print $1'}`" } # this is the part that does MOST of the real changes to the mail # now alter the email header again, adding in that it IS SPAM and # was caught by whatever RBL (black/white listings are used to # speedup the decisions for TODAY only, so that an IP we already # have decided is OK at 1am will be OK (for us) at 11pm ... even # if it HAS been added to an RBL during the day - such is the price). :0 * ! ALTER ?? ^^^^ { :0 fhw *$ ! ^Subject:.*\[$SUBJ * ^Subject:\/.* | UNDEF="`echo \"$RBL:$IPSENDER\" >> $IPLOG`"; \ formail -A "X-Spam-Caught-By: $HOSTNAME" -A "X-Spam-Listed-In: $RBL" \ -I "Subject: [$SUBJ$RBL]:$MATCH" } # deliver as normal or go to the pub :0 A: $DEFAULT