Using the regex map
mbatc...@citysearch.com
sendmail.cf. Are we not able to use it as a table, like access_db?
I have been seeing a lot of spam from senders with addresses like:
wallstree...@yahoo.com
wallstree...@sprint.com
stockadviso...@sprint.com
stockmarket...@yahoo.com
stockmarketu...@sprint.com
inventors...@yahoo.com
(I hope these get into some bulk mailer's database from their appearance on
Usenet :)
and so on... You have probably seen these too - a "standard" set of base
usernames, with varying numbers and letters appended, then @yahoo.com or
@sprint.com, or some other mail service there the spammer doesn't actually
have an account. I want to block these, but re-making a sendmail.cf with new
local rulesets for each new base username appeals to me no more than adding
each unique variant to access-db.
Is there a simpler way to do this? I'd like to be able to just add
stockadvisory*@ to access_db and be done with it.
-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own
Robert Harker, 408-295-9432
> sendmail.cf. Are we not able to use it as a table, like access_db?
>
>
> Is there a simpler way to do this? I'd like to be able to just add
> stockadvisory*@ to access_db and be done with it.
>
The regex map is different than most of the other maps in that it does not
consult an external database. All of the information for the database lookup
must be contained in the sendmail.cf file or the addresses passed to sendmail.
So there is no way that I can think of to have the wildcard pattern stored
in an external database.
One way to reject the specific prefixes you listed would be something like
this.
First define the regex map (in M4 format):
LOCAL_CONFIG
Kstockspam regex -a@MATCH
^(wallstreetnow|stockadvisory|stockmarketupdate|inventorseek)[0-9A-Za-z]+$
Description (intro to regular expression 101):
^ Beginning of string
( abc | xyz ) String "abc" or "xyz"
[0-9A-Za-z] Match an alpha numeric character (could also be
[[:alnum:]] or /w in some regexp implementations)
+ Match the preceding item matched one or more times
$ End of string
If the string passed to the regular expression map matches the regular
expression, the address is rewritten as "@MATCH". If the string does not
match, it is returned un-modified.
Next define a custom Local_check_mail ruleset:
LOCAL_RULESETS
SLocal_check_mail
# check address against various wall street anti-spam regex checks
# first pre-process the address through S3 and SParse0 (the top half of S0)
R$* $: $>Parse0 $>3 $1
# Strip off any source route addresses
R< $* > : $+ $>Parse0 $>3 $2
# Put the user portion of the address in a lookup focus and check it against
# the stockspam regex database
R$+ <@ $+ > $: < $(stockspam $1 $) > $1 <@ $2 >
# If a @match is found in the lookup focus refuse the sender
R< @MATCH > $+ $#error $@ 5.7.1 $: 550 Your spam is not wanted
# other wise strip the trash lookup focus leaving the original address
R< $+ > $+ $: $2
You can test this with a map lookup in address test mode:
sendmail -bt
WARNING: Ruleset Local_check_mail has multiple definitions
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /map stockspam foo
map_lookup: stockspam (foo) no match (0)
> /map stockspam wallstreetnow101998
map_lookup: stockspam (wallstreetnow101998) returns @MATCH (0)
> /map stockspam stockmarketupdate3kh23gkj
map_lookup: stockspam (stockmarketupdate3kh23gkj) returns @MATCH (0)
You could also test the custom Local_check_mail ruleset:
> Local_check_mail stockmarketu...@foo.com
rewrite: ruleset 192 input: stockmarketupdate3kh23gkj @ foo . com
rewrite: ruleset 3 input: stockmarketupdate3kh23gkj @ foo . com
rewrite: ruleset 96 input: stockmarketupdate3kh23gkj < @ foo . com >
rewrite: ruleset 96 returns: stockmarketupdate3kh23gkj < @ foo . com . >
rewrite: ruleset 3 returns: stockmarketupdate3kh23gkj < @ foo . com . >
rewrite: ruleset 199 input: stockmarketupdate3kh23gkj < @ foo . com . >
rewrite: ruleset 199 returns: stockmarketupdate3kh23gkj < @ foo . com . >
rewrite: ruleset 192 returns: $# error $@ 5 . 7 . 1 $: 550 You spam is not wanted
Question: Does anyone know how to get the regex map to return a matching
sub-string? In grubbing around in the source I found that the regex map
supports the "-s" substring match() syntax. And reading the man page for
grep, sub-stings can be kept track of in a regular expression map with
parentheses. Does some one know how to put these two ideas together?
(should be obvious to a regular expression expert I think)
Hope this helps
RLH
> There is still room in our upcomming Santa Clara class, Nov 16-19 <
> Generate sendmail.cf files using the web. Check out our web based <
> sendmail.cf file generator: http://www.harker.com/gen.sendmail.cf <
> For info about our "Managing Internet Mail, Setting Up and Trouble <
> Shooting sendmail and DNS" and a schedule of dates and locations, <
> please send email to in...@harker.com, or visit www.harker.com <
Robert Harker Harker Systems
Sendmail and TCP/IP Network Training 1180 Hester Ave
Sendmail, Network, and Sysadmin Consulting San Jose, CA 95126
har...@harker.com 408-295-6239