info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Milter API and "Command unrecognized".
3 views
Skip to first unread message
G.W. Haywood
May 14, 2017, 5:19:38 AM5/14/17
to
Hi all,
First post to a newsgroup, please be gentle with me.
To better handle some of the things I see coming down the wire to my
low-volume mail servers, I'm working on a new milter. I won't bore
you with much detail about the milter unless someone asks for it.
Amongst the odd-ball things I see occasionally are attempts to abuse
my servers in ways to which Sendmail responds "Command unrecognized".
The unrecognized command can be anything from "LISTa" to strings of
thousands of non-printing characters, such as "\001\001\001\001...".
For the past decade or so I've been using a Perl script to scan the
sendmail logs for this issue (and numerous others); the script then
writes iptables rules to drop packets from the abusive IPs for some
configurable time.
My new milter can automatically insert iptables rules for bots and
persistent spammers, and I'd really like to do that in the milter for
these senders of bad commands too. But I don't know of a way to tell
Sendmail to inform the milter about the bad commands. I'm thinking of
something like a macro passed to the abort or close callbacks, even if
what's passed is just a flag saying "bad command". So before I go
hacking Sendmail code and re-inventing wheels, my questions are:
Have I missed something?
Has anyone here done this kind of thing before?
--
73,
Ged.
First post to a newsgroup, please be gentle with me.
To better handle some of the things I see coming down the wire to my
low-volume mail servers, I'm working on a new milter. I won't bore
you with much detail about the milter unless someone asks for it.
Amongst the odd-ball things I see occasionally are attempts to abuse
my servers in ways to which Sendmail responds "Command unrecognized".
The unrecognized command can be anything from "LISTa" to strings of
thousands of non-printing characters, such as "\001\001\001\001...".
For the past decade or so I've been using a Perl script to scan the
sendmail logs for this issue (and numerous others); the script then
writes iptables rules to drop packets from the abusive IPs for some
configurable time.
My new milter can automatically insert iptables rules for bots and
persistent spammers, and I'd really like to do that in the milter for
these senders of bad commands too. But I don't know of a way to tell
Sendmail to inform the milter about the bad commands. I'm thinking of
something like a macro passed to the abort or close callbacks, even if
what's passed is just a flag saying "bad command". So before I go
hacking Sendmail code and re-inventing wheels, my questions are:
Have I missed something?
Has anyone here done this kind of thing before?
--
73,
Ged.
Claus Aßmann
May 14, 2017, 6:30:25 AM5/14/17
to
G.W. Haywood wrote:
> these senders of bad commands too. But I don't know of a way to tell
> Sendmail to inform the milter about the bad commands. I'm thinking of
> Have I missed something?
> these senders of bad commands too. But I don't know of a way to tell
> Sendmail to inform the milter about the bad commands. I'm thinking of
Did you check the libmilter docs?
xxfi_unknown
should do what you want, have you tried that?
--
Note: please read the netiquette before posting. I will almost never
reply to top-postings which include a full copy of the previous
article(s) at the end because it's annoying, shows that the poster
is too lazy to trim his article, and it's wasting the time of all readers.
G.W. Haywood
May 14, 2017, 9:37:06 AM5/14/17
to
Hello Claus,
On Sun, 14 May 2017, Claus Assmann wrote:
> G.W. Haywood wrote:
>
>> Have I missed something?
>
> Did you check the libmilter docs?
Well I had thought so... :/
> xxfi_unknown
>
> should do what you want, have you tried that?
Ah, got it now. I don't know how I missed it.
Thank you very much, that's exactly what I want.
73,
Ged.
On Sun, 14 May 2017, Claus Assmann wrote:
> G.W. Haywood wrote:
>
>> Have I missed something?
>
> Did you check the libmilter docs?
> xxfi_unknown
>
> should do what you want, have you tried that?
Thank you very much, that's exactly what I want.
73,
Ged.
0 new messages