Using a database in check_mail

Last Update 1999-11-24

Examples from Ted Roberts

Ted Roberts suggested to use a map lookup instead of a plain text file (e.g., a class) to list spammers. This has the advantage that you don't need to restart sendmail when you change the entries in the database. Moreover, if the file gets large (as it may happen since UCEs become nearly ubiquitous) the match should be faster. So here is his proposal (slightly modified): 
# Database definition
Kjunkmail btree /etc/mail/junkmail

Scheck_mail
# Canonicalize
R $*		$: $>3 $1
R$*<@$*.>	$1<@$2>		remove trailing dot, we don't care here
# DB lookup on domain
R $+ < @ $* >		$: $1 < @ $(junkmail $2 $:$2 $) >	junk domains
# DB lookup for parent (eg. something.junkmail.domain)
R $+ < @ $-.$* >		$: $1 < @ $(junkmail $3 $:$2.$3 $) >	junk subdomains
# DB lookup for multiple level parent (eg. something.something.junkmail.domain)
R $+ < @ $-.$-.$* >		$: $1 < @ $(junkmail $4 $:$2.$3.$4 $) >	junk subdomains
# Check for explicit match
R $+ < @ $* >		$: $1 < @ $(junkmail $1@$2 $:$2$) >	junk users
# If junkmail reject
R $* <@ JUNKMAIL>		$#error $@ 5.7.1 $: "Sorry, we don't accept junk mail"
# If rejecting for some other reason reject
R $* <@ REJECT>		$#error $@ 5.7.1 $: "Sorry, sending user rejected"
The DB then looks like the following: 
natureplus.com JUNKMAIL
cyberpromo.com JUNKMAIL
honey@sweeties.com JUNKMAIL
user@screwedup.domain REJECT
As you can see from the rules, the matching has to be made with different numbers of subdomains. This might be a drawback, but it fits for most spammers.

Here is a solution which works in a similar way: 

Kjunkone dbm /etc/mail/junkone
Kjunktwo dbm /etc/mail/junktwo
Kjunkuser dbm /etc/mail/junkuser
Scheck_mail
# Canonicalize
R$*			$: $>3 $1
R$+<@$*.>	$:$1<@$2>		remove trailing dot, we don't care here
R$+<@$*$-.$->	$: $1<@ $(junkone $3.$4 $:$2$3.$4$)>	junk subdomains
R$+<@$*$-.$-.$->	$: $1<@ $(junktwo $3.$4.$5 $:$2$3.$4.$5$)>	junk subdomains
R$+<@$*>	$:$1<@$(junkuser $1@$2 $:$2 $)>		junk users
R$*<@JUNKMAIL>	$#error $@ 5.7.1 $: "550 Sorry, we don't accept junk mail"
R$*<@REJECT>	$#error $@ 5.7.1 $: "550 Sorry, sending user rejected"
I split the database into three different: junkone/junktwo contain those which have one/two level(s) in addition to the toplevel, junkuser contains the users. Now there can be an arbitrary number of subdomains before this, and if there are junk domains with more than three levels, we have to introduce another database.

junkone: 

natureplus.com JUNKMAIL
cyberpromo.com JUNKMAIL

junkuser: 

honey@sweeties.com JUNKMAIL
user@screwedup.domain REJECT

junktwo is currently empty (no spammer uses such a domain?).

[(links)] [Hints] [Avoiding UBE] [cf/README] [New]
Copyright © Claus Aßmann Please send comments to: <ca at sendmail.org>
Disclaimer: the information provided may be inaccurate or outdated or incomplete. Please contact me if you find an error.