Dear fellow email-SPAM allergy sufferers ... Plagued by email SPAM? Running MMDF and wishing you had an easy way to deal with it? How about simply refusing smtp traffic from the specific sites you find you have to blacklist? This rather neat piece of code seems to do the trick. It's pretty well documented. You'll have to have a good look at the "Received" headers. For example, to refuse traffic from moneyworld.com, be aware that they often don't send it from their FQDN, but rather simply represent their IP number, so my blacklist contains both, nicely covering both bases. ==== moneyworld.com 208.129.19.69 ==== Enjoy. Many thanks to John and the others that helped out with this. -- Ed Hew - XeniTec Consulting & rlogin Corporation SCO newsgroup godfather, biz FAQ maintainer, biz newsgroup authority Canadian UUCP Map Coordinator | UUCP liason to CA Domain Registry moderator: comp.unix.sco.announce, can.uucp.maps | (yes,+other hats) ======= SNIP ======== #!/bin/ksh # @(#) smtpcull.ksh 1.0 96/07/18 # 96/07/18 john h. dubois iii # # John said we could freely distribute this code, but please do keep this # header intact and send any ideas, enhancements, or problem reports to us; # Ed Hew; Wed Jul 24 00:32:34 EDT 1996 # 'look' would be faster for large blacklists, # but it isn't distributed with the OS. # # use fgrep with the -q flag if SCO OSR5 #if /usr/bin/fgrep -qix -- "$1" /usr/mmdf/table/blacklist 2>/dev/null; then # pre-SCO-OSR5, there is no -q flag to fgrep, so we do it this way if /usr/bin/fgrep -ix -- "$1" /usr/mmdf/table/blacklist >/dev/null 2>&1; then /usr/bin/logger -i -tsmtpsrvr "Rejected: $1" print -r -- "550 We do not accept mail from you." /bin/sleep 1 exit 0 else /usr/bin/logger -i -tsmtpsrvr "Accepted: $1" exec /usr/mmdf/chans/smtpsrvr.bin "$@" fi # Instructions and description: # In /usr/mmdf/chans, move smtpsrvr to smtpsrvr.bin # Save this file there as smtpsrvr, and give it mode 755. # Create the file /usr/mmdf/table/blacklist, and in it list each host that # mail should not be accepted from, one per line, with no whitespace before # or after hostnames. Case is not significant, everything else is. # The file does not need any special permissions; this program will be run as # root. # All connections will be logged by logger at default priority in syslog, # as either "Accepted" or "Rejected", followed by the hostname that was used # to make the determination. If you don't know the exact hostname that a # message came from so that it can be blacklisted, check syslog. Be aware # that the administrator of the PTR records for a network can make connections # appear to come from any host. Currently, this program uses the hostname that # smtpd gets by doing an PTR lookup on the IP address that a connection comes # from. It does NOT use the "HELO" name; that part of the SMTP transaction # has not happened at the time that this program runs (in fact, there has been # no SMTP exchange at all at the time this program runs). # Enhancements to this program would be to allow blacklisting by IP address, # and doing A lookups on the result of PTR lookups to confirm them.