[Gllug] Re-scanning old emails

Rich Walker rw at shadowrobot.com
Tue Aug 7 11:34:21 UTC 2007 

Chris Bell <chrisbell at overview.demon.co.uk> writes:

> On Tue 07 Aug, Rich Walker wrote:
>> 
>
>> exigrep might be of use here.
>> 
>> This is a script I use for something similar:
>> 
>> grep "Unrouteable address" /var/log/exim4/mainlog | cut -d'@' -f1 | cut -d' ' -f 5 | s
>> ort | uniq > /tmp/a
>> cp /etc/spambait.list /tmp/b
>> sort /tmp/a /tmp/b | uniq > /etc/spambait.list
>> 
>> cheers, Rich.
>> 
>    Thanks, I will try that.

I also have a list of addresses that are known to be spam targets (for
example, quite a lot of our email addresses with one or two letter "d"'s
added to them?)

I use these routers;

test_for_spam:
	driver=accept
	domains = +local_domains
	condition = ${lookup{$local_part}lsearch{/etc/spambait.list}{1}{0}}
	transport=catch_in_spam_bucket	

test_for_spam_header:
	driver=accept
	domains=+local_domains	
	condition="${if eq {$header_X-spambait-catching}{yes} {1}{0}}"
	transport=catch_in_spam_bucket	


These get sent to an Exim transport:
catch_in_spam_bucket:
	driver=pipe
	log_output
	timeout=5m
	command=/usr/local/sbin/add_to_spam_list.sh ${sender_address_domain} ${sender_address} ${local_part}

The script add_to_spam_list.sh looks like:

#!/bin/bash
echo $1 $2 $3 $4 $5 >> /etc/temp_spam_list
echo $2 | /bin/grep -q -F "@" - && (
    /bin/grep -q "$2" /etc/spamname.list || echo "$2" >> /etc/spamname.list
)

And then I can regard anything with a sender in /etc/spamname.list as
pretty much guaranteed spam: in my check_recipient ACL I do this:

 discard
	domains = +local_domains
	condition = ${lookup{$local_part}lsearch{/etc/spambait.list}{1}{0}}
	message = You are emailing an address only used by spammers: go away!
#	log_message = Mail to spambait address
	# If we haven't already got the sender, catch them
	condition = ${lookup{$sender_address}lsearch{/etc/spamname.list}{1}{0}}
	log_message = Repeated mail to spambait

I may have missed something horrible in this, but it seems to work :->

-- 
rich walker         |  Shadow Robot Company | rw at shadow.org.uk
technical director     251 Liverpool Road   |
need a Hand?           London  N1 1LX       | +UK 20 7700 2487
www.shadowrobot.com/hand/overview.shtml
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list