Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Using ordb.org with sendmail, but add header line instead of rejecting mail

10 views
Skip to first unread message

Adi Linden

unread,
Feb 17, 2002, 1:52:00 PM2/17/02
to
Hi,

I'd like to implement some spam control on my mail server. I've looked
at ordb.org and most of the spam hitting my server would actually be
rejected if I was to use it.

For now I would like to just add a header line instead of rejecting
the mail. This will give me an indication if any legit mail is being
rejected.
X-Spamcheck: Sender ip xxx.xxx.xxx.xxx is registered in ORDB


It looks like the following rule will reject mail and not allow me to
add a header line instead.
FEATURE(`dnsbl', `relays.ordb.org', `Rejected - see
http://ordb.org/')dnl

Regards,
Adi

Per Hedeland

unread,
Feb 17, 2002, 4:13:24 PM2/17/02
to
In article <8ff4575b.02021...@posting.google.com>

smi...@adis.on.ca (Adi Linden) writes:
>
>I'd like to implement some spam control on my mail server. I've looked
>at ordb.org and most of the spam hitting my server would actually be
>rejected if I was to use it.
>
>For now I would like to just add a header line instead of rejecting
>the mail. This will give me an indication if any legit mail is being
>rejected.
> X-Spamcheck: Sender ip xxx.xxx.xxx.xxx is registered in ORDB

That's non-trivial to do, but you can check the thread at
http://groups.google.com/groups?threadm=3B057FEC.767DEDF6%40ldscn.com&rnum=1
for some ideas. Alternatively, I believe Jan Krüger's check_local at
http://www.digitalanswers.org/check_local/ includes this functionality.

>It looks like the following rule will reject mail and not allow me to
>add a header line instead.
> FEATURE(`dnsbl', `relays.ordb.org', `Rejected - see
>http://ordb.org/')dnl

Correct.

--Per Hedeland
p...@bluetail.com

Rob Nichols

unread,
Feb 20, 2002, 2:53:04 AM2/20/02
to

smi...@adis.on.ca (Adi Linden) writes:
> For now I would like to just add a header line instead of rejecting
> the mail. This will give me an indication if any legit mail is being
> rejected.
> X-Spamcheck: Sender ip xxx.xxx.xxx.xxx is registered in ORDB

I've written a hack to do that. Well, the header isn't quite what you
wanted but it's a start. (I don't include the ip since it's in the
received header; that and I don't care that much.) The trick is to
use the fairly recent persistentMacros (seems like that was 8.10 or
so, but I'm not sure - I guess that isn't really recent).

Here's the m4. Sorry, I don't have a convenient web/ftp site to put
this on. Be very careful if you choose to cut/paste this as some of
the white spaces are tabs and must remain tabs in order to work.

I've been using this for more than a year without trouble. YMMV. Of
course, this also means that it's been about that long since I looked
at it, so newer versions of sendmail might have a cooler way to handle
this. (Also might mean that it's horrible code and that if I thought
about it much I might never admit that I wrote it. Be kind.) Please
let me know if anyone has a cooler/neater/better way to do this.

-----spamheader.m4-----
divert(-1)
# test out dnsbl services
define(`_rob_dnsbl_', `dnl
# Rob - dnsbl for $1
R$`'* $: $&{client_addr}
R::ffff:$-.$-.$-.$- $: <?> $(host $`'4.$`'3.$`'2.$`'1.$1. $: OK $)
R$-.$-.$-.$- $: <?> $(host $`'4.$`'3.$`'2.$`'1.$1. $: OK $)
R<?>$+. $: $(storage {robSpam} $`'@ $&{robSpam} $2 $)
')
divert(0)
VERSIONID(`Rob - add spam header if in various DNSbl')dnl

LOCAL_CONFIG
C{persistentMacros}{robSpam}
Kstorage macro

LOCAL_RULESETS

H?${robSpam}?X-Spam: ${robSpam}

SLocal_check_mail
# Just add as many as you like here... I have several others.
_rob_dnsbl_(`relays.visi.com', `rsl')dnl
_rob_dnsbl_(`dialups.relays.osirusoft.com', `osiru-dul')dnl
-----------------------

> It looks like the following rule will reject mail and not allow me to
> add a header line instead.
> FEATURE(`dnsbl', `relays.ordb.org', `Rejected - see http://ordb.org/')dnl

Yes, this rejects the connection.

--
Later,
Rob

Rob Nichols

unread,
Feb 20, 2002, 3:22:03 AM2/20/02
to
p...@bluetail.com (Per Hedeland) writes:

> That's non-trivial to do, but you can check the thread at
> http://groups.google.com/groups?threadm=3B057FEC.767DEDF6%40ldscn.com&rnum=1
> for some ideas. Alternatively, I believe Jan Krüger's check_local at
> http://www.digitalanswers.org/check_local/ includes this functionality.

Sorry, I didn't see your response before I fired off mine. The
references you give are much nicer than my response. I wish I'd seen
them before I wrote my solution and saved myself the trouble. (I seem
to miss many of the good threads here...)

--
Later,
Rob

Per Hedeland

unread,
Feb 20, 2002, 5:36:26 PM2/20/02
to
In article <877kp8i...@muon.robnet.com> Rob Nichols

<rob+...@robnet.com> writes:
>
>Sorry, I didn't see your response before I fired off mine. The
>references you give are much nicer than my response. I wish I'd seen
>them before I wrote my solution and saved myself the trouble. (I seem
>to miss many of the good threads here...)

Funny, I thought yours was the nicest one so far.:-) The thread I
participated in (which was less than a year ago btw:-) might have
suggested a somewhat "cleaner" way to do it, but it wasn't really a
completed solution - and I'm not so sure about the "cleaner" part
either, having an m4 macro defined in the .mc is in some senses
preferable to both having a HACK file to drag along and having to repeat
rules. Jan's stuff is probably the "ultimate thing", but it seems some
people find it a bit "too much", especially when they only want some
particular part of it (I haven't really checked it out myself, just
going by some postings here).

--Per Hedeland
p...@bluetail.com

0 new messages