diff options
Diffstat (limited to 'config/spamd/spamd_verify_to_address.php')
-rw-r--r-- | config/spamd/spamd_verify_to_address.php | 144 |
1 files changed, 144 insertions, 0 deletions
diff --git a/config/spamd/spamd_verify_to_address.php b/config/spamd/spamd_verify_to_address.php new file mode 100644 index 00000000..56821370 --- /dev/null +++ b/config/spamd/spamd_verify_to_address.php @@ -0,0 +1,144 @@ +#!/usr/local/bin/php -q +<?php +/* + * pfSense spamd mousetrap + * (C)2006 Scott Ullrich + * + * Reads in an external list of c/r + * seperated valid e-mail addresses + * and then looks to see waiting grey- + * listed servers. if the server is + * sending to an invalid e-mail address + * then add them to spamtrap. + * + * Directions for usage: + * 1. Download this script to the /root/ directory on your pfSense installation. + * 2. chmod a+rx spamd_verify_to_address.php + * 3. Edit $server_to_pull_data_from to point to a location containing a list of + * all valid email addresses c/r seperated. + * 4. Add spamd_verify_to_address.php to cron or run it by invoking + * ./spamd_verify_to_address.php manually. + * + * XXX/TODO: + * * Add flag to blacklist a server after receiving X + * attempts at a delivery with invalid to: addresses. + * + */ + +require("config.inc"); +require("functions.inc"); + +/* path to script that outputs c/r seperated e-mail addresses */ +$server_to_pull_data_from = "http://10.0.0.11/spamd_exchexp.asp"; + +/* to enable debugging, change false to true */ +$debug = true; + +if($debug) + echo "Downloading current valid email list...\n"; +/* fetch down the latest list from server */ +if($debug) { + /* fetch without quiet mode */ + system("fetch -o /tmp/emaillist.txt {$server_to_pull_data_from}"); +} else { + /* fetch with quiet mode */ + system("fetch -q -o /tmp/emaillist.txt {$server_to_pull_data_from}"); +} + +/* test if file exists, if not, bail. */ +if(!file_exists("/tmp/emaillist.txt")) { + if($debug) + echo "Could not fetch $server_to_pull_data_from\n"; + exit; +} + +/* clean up and split up results */ +$fetched_file = strtolower(file_get_contents("/tmp/emaillist.txt")); +$valid_list = split("\n", $fetched_file); +$grey_hosts = split("\n", `spamdb | grep GREY`); + +if($fetched_file == "") + exit(-1); + +if($debug) { + /* echo out all our valid hosts */ + foreach($valid_list as $valid) + echo "VALID: ||$valid||\n"; +} + +/* suck custom blacklist into array */ +$current_blacklist = split("\n", `cat /var/db/blacklist.txt`); +/* suck current spamtrap emails into array */ +$current_spamtrap = split("\n", `/usr/local/sbin/spamdb | grep SPAMTRAP | cut -d"|" -f2`); +/* eliminate <> from email addresses */ +for($x=0; isset($current_spamtrap[$x]); $x++) { + $current_spamtrap[$x] = str_replace("<", "", $current_spamtrap[$x]); + $current_spamtrap[$x] = str_replace(">", "", $current_spamtrap[$x]); +} + +/* traverse list and find the dictionary attackers, etc */ +foreach($grey_hosts as $grey) { + if(trim($grey) == "") + continue; + /* clean up and further break down values */ + $grey_lower = strtolower($grey); + $grey_lower = str_replace("<","",$grey_lower); + $grey_lower = str_replace(">","",$grey_lower); + $grey_split = split("\|", $grey_lower); + $email_from = strtolower($grey_split[2]); + $email_to = strtolower($grey_split[3]); + $server_ip = strtolower($grey_split[1]); + if(in_array($server_ip, $current_blacklist)) { + if($debug) + echo "$server_ip already in blacklist.\n"; + continue; + } + if(in_array($email_to, $current_spamtrap)) { + if($email_to) + echo "$email_to already in blacklist.\n"; + continue; + } + if($debug) + echo "Testing $email_from | $email_to \n"; + if (in_array($email_to, $valid_list)) { + if($debug) + echo "$email_to is in the valid list\n"; + } else { + /* spammer picked the wrong person to mess with */ + if($server_ip) { + if($debug) + echo "/usr/local/sbin/spamdb -a $server_ip -t\n"; + exec("/usr/local/sbin/spamdb -d {$server_ip} 2>/dev/null"); + exec("/usr/local/sbin/spamdb -d {$server_ip} -T 2>/dev/null"); + exec("/usr/local/sbin/spamdb -d {$server_ip} -t 2>/dev/null"); + if($debug) + echo "/usr/local/sbin/spamdb -a \"<$email_to>\" -T\n"; + exec("/usr/local/sbin/spamdb -a \"<$email_to>\" -T"); + config_lock(); + system("echo $server_ip >> /var/db/blacklist.txt"); + config_unlock(); + $result = mwexec("/usr/local/sbin/spamdb -a $server_ip -t"); + } else { + if($debug) + echo "Could not locate server ip address."; + } + if($debug) + echo "Script result code: {$result}\n"; + } +} + +mwexec("killall -HUP spamlogd"); + +if($debug) { + echo "\nSearch completed.\n\n"; + echo "Items trapped: "; + system("/usr/local/sbin/spamdb | grep TRAPPED | wc -l"); + echo "Items spamtrapped: "; + system("/usr/local/sbin/spamdb | grep SPAMTRAP | wc -l"); + echo "Items in blacklist.txt: "; + system("/sbin/pfctl -t blacklist -T show | wc -l"); +} + +mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt"); + +?>
\ No newline at end of file |