[geeks] AAAAAAAAGH! Spammers on the loose!

Tue Sep 25 07:32:35 CDT 2001

Kurt Huhn wrote:

> Yeah - that can be difficult.  Do these other folks have static IPs?  That
> would be easy to restrict.  However, it never is that easy.

Accounts on my box can send from static IPs or use the webmail. It's
that easy.

> I've heard of sites that setup mail so that a user *must* login via POP3 and
> get mail before they will allow SMTP connections from that IP. 

Sure. It's implemented in Sendmail 8.10 and later.
http://www.sendmail.org

> to set this up though - though you might be able to do it with shell
> scripts, and log files.  I'm sure there's a simpler and more elegant
> solution 

The shell scripts, log files and cron method worked fine when I did it a
few years ago, before sendmail included SMTP AUTH. I'd share, but the
scripts are long gone. It went something like:

Once a minute check the log for a successful pop, add the ip address
from whence it came to /etc/mail/relay-domains and HUP sendmail.
Unfortunately, sendmail is bad, and doesn't keep it's pid when HUPped,
so don't do this on a box that monitors such things for security (yes, I
do that on other boxes. Watch your pids, ladies and gentelmen!).

For expiring ips, you could create /tmp/relays. When adding an ip to
relay-domains, touch a file named with the ip in /tmp/relays. Part of
the script could check for files in that dir older than ten minutes or
whatever. Remove the ip from relay-domains when you find one. 

To get a little fancier, you should grep relay-domains for the ip before
appending it blindly, to account for jackasses like me who have their
popclient set to check for mail once a minute. That way you won't be
resarting sendmail needlessly. People who leave their mailclient open
like that will keep their ability to send if your script keeps touching
their /tmp/relays file at each succesful pop.

Have fun, and share the result with me if you write this. I'd do it, but
don't have time. It should only take a couple of hours.

---sambo

- qmail maybe?