# TODO # * deliver over lmtp to cyrus [DONE] # * verify reciep check (include "revieced for") [DONE] # * pipe mail to sa-learn [DONE] # * pipe mail to dcc # * pipe mail to razor [DONE] # * blacklist anywhere # * dump mail into file # initial some values exit=1 i=1 tempfilename="/tmp/mailsink" reciep_detection=0 removetemps=0 targets="spamfalle.info" deliver_to_mailbox=0 sa_report=0 razor_report=0 razor_options="-conf=/etc/razor/razor-agent.conf" mailbox="user.spamfalle" auth="spamfalle" # unique filename tempfile=${tempfilename}`date +%s` while read j ; do echo "${j}" >> ${tempfile} done # deliver mail into mailbox if [ ${deliver_to_mailbox} -eq "1" ] ; then cat ${tempfile} | formail -I"From " | cyrdeliver -d -m ${mailbox} -a ${auth} fi # report mail as spam to spamassassin if [ ${sa_report} -eq "1" ] ; then sa-learn --spam ${tempfile} fi # report mail as spam to razor if [ ${razor_report} -eq "1" ] ; then razor-report ${razor_options} ${tempfile} fi # reciep_detection if [ ${reciep_detection} -eq "1" ] ; then # get reciep to=`egrep -i "^To:.*\ ?$" ${tempfile} | tail -1 | sed "s/^to:.* <\?//i" | sed "s/>$//"` # check if mail is send to target for jj in ${targets}; do if [ `echo "${to}" | egrep -i "${jj}"` ] ; then exit=0 fi done if [ ${exit} -eq "1" ] ; then forcount=`egrep -c "^for\ ?;\ ((Mon)|(Tue)|(Wed)|(Thu)|(Fri)|(Sat)|(Sun)),\ (([\ 0][1-9])|([1-2][0-9])|(3[0-1]))\ ((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))\ [1-2][0-9]{3}"` jjj=1 while [ ${jjj} -le ${forcount} ] ; do for[$jjj]=`egrep -c "^for\ ?;\ ((Mon)|(Tue)|(Wed)|(Thu)|(Fri)|(Sat)|(Sun)),\ (([\ 0][1-9])|([1-2][0-9])|(3[0-1]))\ ((Jan)|(Feb)|(Mar)|(Apr)|(May)|(Jun)|(Jul)|(Aug)|(Sep)|(Oct)|(Nov)|(Dec))\ [1-2][0-9]{3}"` jjj=$[$jjj+1] done for jj in ${targets}; do jjj=1 while [ "${jjj}" -le "${forcount}" && "${exit}" -eq "1" ] ; do if [ `echo "${for[$jjj]}" | egrep -i "${jj}"` ] ; then exit=0 fi jjj=$[$jjj+1] done done fi if [ ${exit} -eq "1" ] ; then exit 1 fi fi # count relays relaycount=`grep -c ^Received ${tempfile}` # write lines matching "^Received:" into array while [ ${i} -le ${relaycount} ] ; do relay[$i]=`grep -i "^Received:" ${tempfile} | tail -${i} | head -1 | sed "s/^Received: .*(//i" | sed "s/).*//" | sed "s/.*\[//" | sed "s/\].*//"` i=$[$i+1] done i=1 # get IP of first nonrfc1938 IP while [ ${i} -le ${relaycount} ] ; do relayhost=${relay[$i]} i=$[$i+1] if ! [ `echo "${relayhost}" | egrep "^127\.0\.0|^192\.168|^10|^172\.1[6-9]|^172\.2|^172\.3[0-1]|^169\.254"` ] ; then i=$[${relaycount}+1] fi done # ensure $relayhost is realy an IP relayhost=`echo "${relayhost}" | egrep "^([12]?[0-9]?[0-9].){3}([12]?[0-9]?[0-9])$"` # get returnpath returnpath=`egrep -i "^Return-Path:.*\ ?$" ${tempfile} | tail -1 | sed "s/^Return-Path:.* <\?//i" | sed "s/>$//"` # get from from=`egrep -i "^From:.*\ ?$" ${tempfile} | tail -1 | sed "s/^From:.* <\?//i" | sed "s/>$//"` # save subject for mail, give a hint if return path differs if [ ${from} = ${returnpath} ] ; then reportsubject="Spamsink Mail - Sender: ${from} Relay: ${relayhost}" else reportsubject="Spamsink Mail - Sender: ${from} Return-Path: ${returnpath} Relay: ${relayhost}" fi # cat ${tempfile} | mail -s ${reportsubject} waja@cyconet.org echo ${reportsubject} if [ ${removetemps} -eq "1" ] ; then rm ${tempfile} fi exit 0