Postfix anti-antivirus (was Re: [linux-elitists] procmail recipe for mydoom?)

Karsten M. Self kmself@ix.netcom.com
Mon Feb 2 20:44:02 PST 2004


on Tue, Feb 03, 2004 at 09:33:17AM +1100, Mike MacCana (mikem@cyber.com.au) wrote:
> On Mon, 2 Feb 2004, Jeff Waugh wrote:
> 
> > <quote who="Karsten M. Self">
> >
> > > Is that a reject _mail_ or a 5XX reject _message_?
> > >
> > > If the latter:  it spreads clue.   Whether the clue sticks is another
> > > matter.
> >
> > It also adds to the global bounce-to-forged-addresses fuckage, and makes
> > baby Jesus cry. I don't need any more clue from clueless drones who bounce
> > viral and wormal mail.
> 
> Aye.
> 
> Better idea: send the bounce to an email address at the sending MX's
> domain that must exist, abuse@. If *that* bounces, then put them on
> the FRC ignorant blacklist.

Better:  test whether or not the address will bounce first:

    host -t txt <domain>.abuse.rfc-ignorant.org
    host -t txt <domain>.postmaster.rfc-ignorant.org

You can also query abuse.net for possible contacts:

    host -t txt <domain>.contacts.abuse.net


The following will extract email contact addresses from a WHOIS query.
Install the 'jwhois' caching whois client, or modify appropriately.:

    # ----------------------------------------------------------------------
    # Bash functions for spam stuff.
    # ----------------------------------------------------------------------
    # Re-run whois on nets if necessary.
    function mywhois () {
        local net whois
        whois="$( jwhois $@ )"

        if echo "$whois" |
            egrep -q \
            '\(NET-([0-9]+-){4}[0-9]+\)'; then
            for net in $(
                echo "$whois" | sed -ne '1,/To single out one/p' |
                tr '[:space:]' '\n' | grep '^(' | sed -e 's/[()]//g'
            )
            do 
                jwhois \!$net; 
                echo
            done 
        elif echo "$whois" |
            egrep -q \
            '\(NETBLK-[A-Z0-9]+-([0-9]+){2}-[0-9]+\)'; then
            # Specifically matches Verio
            for net in $(
                echo "$whois" | sed -ne '1,/To single out one/p' |
                tr '[:space:]' '\n' | grep '^(' | sed -e 's/[()]//g'
            )
            do 
                jwhois $net; 
                echo
            done 
        else
            # Otherwise, just show what you gots...
            echo "$whois"
        fi
    }

    # Bash function to return comma-delimited list of email addresses
    # from whois query
    function whoismail () {
        mywhois --no-redirect $* |
            egrep -iv '^(changed|test):' |
            tr -cs '\-@_.[:alnum:]'  ' ' |
            tr -s '[:space:]' '\n' |
            grep @ |
            sed -e 's/\.$//' |
            lower |
            sort -u |
            awk '{ printf( "%s, ", $1 )}; END { print("") }' |
            sed -e 's/, $//'
    }
    ------------------------------------------------------------------------


This and more at

    http://linuxmafia.com/~karsten/Download/SpamTools.tar.gz

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Reject EU Software Patents!                         http://swpat.ffii.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040202/dfe83e82/attachment.pgp 


More information about the linux-elitists mailing list