diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2006-02-15 02:22:30 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2006-02-15 02:22:30 +0000 |
| commit | 6cf002d1d7c286f0acea6aae08848fe5f1de590d (patch) | |
| tree | 9cc85ef82d35bf7f342d56283b9d8c8e6a4e09a0 | |
| parent | fde3429c67bbab3c18444f79374776cf78e8e156 (diff) | |
| download | pfsense-packages-6cf002d1d7c286f0acea6aae08848fe5f1de590d.tar.gz pfsense-packages-6cf002d1d7c286f0acea6aae08848fe5f1de590d.tar.bz2 pfsense-packages-6cf002d1d7c286f0acea6aae08848fe5f1de590d.zip | |
* Update external interface script
* Add new script that can read a c/r file from a web server that checks the greylist for invalid email addresses. If a server is sending to an invalid e-mail address then instantly spamtrap them. Take that dictionary attacking punks!
| -rw-r--r-- | packages/spamd_db_ext.php | 21 | ||||
| -rw-r--r-- | packages/spamd_verify_to_email_addresses.php | 87 |
2 files changed, 104 insertions, 4 deletions
diff --git a/packages/spamd_db_ext.php b/packages/spamd_db_ext.php index f94fc5b2..6ed79b03 100644 --- a/packages/spamd_db_ext.php +++ b/packages/spamd_db_ext.php @@ -49,12 +49,13 @@ foreach($config['installedpackages']['spamdoutlook']['config'] as $outlook) { } } +exec("echo {$_GET['action']} > /tmp/tmp"); + /* handle AJAX operations */ if($_GET['action'] or $_POST['action']) { /* echo back buttonid so it can be turned * back off when request is completed. */ - echo $_GET['buttonid'] . "|"; if($_GET['action']) $action = $_GET['action']; if($_POST['action']) @@ -66,14 +67,26 @@ if($_GET['action'] or $_POST['action']) { /* execute spamdb command */ if($action == "whitelist") { exec("/usr/local/sbin/spamdb -a {$srcip}"); + exit; } else if($action == "delete") { - exec("/usr/local/sbin/spamdb -d {$srcip}"); - exec("/usr/local/sbin/spamdb -d -T \"<{$srcip}>\""); - exec("/usr/local/sbin/spamdb -d -t \"<{$srcip}>\""); + $fd = fopen("/tmp/execcmds", "w"); + config_lock(); + fwrite($fd, "#!/bin/sh\n"); + fwrite($fd, "/usr/local/sbin/spamdb -d {$srcip}\n"); + fwrite($fd, "/usr/local/sbin/spamdb -T -d \"<{$srcip}>\"\n"); + fwrite($fd, "/usr/local/sbin/spamdb -t -d \"<{$srcip}>\"\n"); + fwrite($fd, "/usr/local/sbin/spamdb | grep {$srcip}\n"); + fclose($fd); + exec("chmod a+rx /tmp/execcmds"); + system("/bin/sh /tmp/execcmds"); + config_unlock(); + exit; } else if($action == "spamtrap") { exec("/usr/local/sbin/spamdb -a {$srcip} -T"); + exit; } else if($action == "trapped") { exec("/usr/local/sbin/spamdb -a {$srcip} -t"); + exit; } /* signal a reload for real time effect. */ mwexec("killall -HUP spamlogd"); diff --git a/packages/spamd_verify_to_email_addresses.php b/packages/spamd_verify_to_email_addresses.php new file mode 100644 index 00000000..6299d4a1 --- /dev/null +++ b/packages/spamd_verify_to_email_addresses.php @@ -0,0 +1,87 @@ +<?php + +/* + * pfSense spamd mousetrap + * (C)2006 Scott Ullrich + * + * Reads in an external list of c/r + * seperated valid e-mail addresses + * and then looks to see waiting grey- + * listed servers. if the server is + * sending to an invalid e-mail address + * then add them to spamtrap. + * + * XXX: + * * Add flag to blacklist a server after receiving X + * attempts at a delivery with invalid to: addresses. + * + */ + +require("config.inc"); +require("functions.inc"); + +/* path to script that outputs c/r seperated e-mail addresses */ +$server_to_pull_data_from = "http://10.0.0.11/exchexp.asp"; + +/* to enable debugging, change false to true */ +$debug = true; + +/* fetch down the latest list from server */ +if($debug) { + /* fetch without quiet mode */ + exec("fetch $quiet -o /tmp/emaillist.txt {$server_to_pull_data_from}"); +} else { + /* fetch with quiet mode */ + exec("fetch -q -o /tmp/emaillist.txt {$server_to_pull_data_from}"); +} + +/* test if file exists, if not, bail. */ +if(!file_exists("/tmp/emaillist.txt")) { + if($debug) + echo "Could not fetch $server_to_pull_data_from\n"; + exit; +} + +/* clean up and split up results */ +$fetched_file = strtolower(file_get_contents("/tmp/emaillist.txt")); +$valid_list = split("\n", $fetched_file); +$grey_hosts = split("\n", `spamdb | grep GREY`); + +if($debug) { + /* echo out all our valid hosts */ + foreach($valid_list as $valid) + echo "VALID: ||$valid||\n"; +} + +/* traverse list and find the dictionary attackers, etc */ +foreach($grey_hosts as $grey) { + if(trim($grey) == "") + continue; + /* clean up and further break down values */ + $grey_lower = strtolower($grey); + $grey_lower = str_replace("<","",$grey_lower); + $grey_lower = str_replace(">","",$grey_lower); + $grey_split = split("\|", $grey_lower); + $email_from = strtolower($grey_split[2]); + $email_to = strtolower($grey_split[3]); + $server_ip = strtolower($grey_split[1]); + if($debug) + echo "Testing $email_from | $email_to \n"; + if (in_array($email_to, $valid_list)) { + if($debug) + echo "$email_to is in the valid list\n"; + } else { + /* spammer picked the wrong person to mess with */ + if($server_ip) { + echo "/usr/local/sbin/spamdb -T -a $server_ip\n"; + $result = exec("/usr/local/sbin/spamdb -T -a $server_ip\n"); + } else { + if($debug) + echo "Could not locate server ip address."; + } + if($debug) + echo "Script result code: {$result}\n"; + } +} + +?>
\ No newline at end of file |