From 6cf002d1d7c286f0acea6aae08848fe5f1de590d Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Wed, 15 Feb 2006 02:22:30 +0000
Subject: * Update external interface script * Add new script that can read a
 c/r file from a web server that checks the greylist for invalid email
 addresses.   If a server is sending to an invalid e-mail address then
 instantly spamtrap them.  Take that dictionary attacking punks!

---
 packages/spamd_db_ext.php                    | 21 +++++--
 packages/spamd_verify_to_email_addresses.php | 87 ++++++++++++++++++++++++++++
 2 files changed, 104 insertions(+), 4 deletions(-)
 create mode 100644 packages/spamd_verify_to_email_addresses.php

diff --git a/packages/spamd_db_ext.php b/packages/spamd_db_ext.php
index f94fc5b2..6ed79b03 100644
--- a/packages/spamd_db_ext.php
+++ b/packages/spamd_db_ext.php
@@ -49,12 +49,13 @@ foreach($config['installedpackages']['spamdoutlook']['config'] as $outlook) {
 	}
 }
 
+exec("echo {$_GET['action']} > /tmp/tmp");
+
 /* handle AJAX operations */
 if($_GET['action'] or $_POST['action']) {
 	/*    echo back buttonid so it can be turned
 	 *    back off when request is completed.
 	 */
-	echo $_GET['buttonid'] . "|";
 	if($_GET['action'])
 		$action = $_GET['action'];
 	if($_POST['action'])
@@ -66,14 +67,26 @@ if($_GET['action'] or $_POST['action']) {
 	/* execute spamdb command */
 	if($action == "whitelist") {
 		exec("/usr/local/sbin/spamdb -a {$srcip}");
+		exit;
 	} else if($action == "delete") {
-		exec("/usr/local/sbin/spamdb -d {$srcip}");
-		exec("/usr/local/sbin/spamdb -d -T \"<{$srcip}>\"");
-		exec("/usr/local/sbin/spamdb -d -t \"<{$srcip}>\"");
+		$fd = fopen("/tmp/execcmds", "w");
+		config_lock();
+		fwrite($fd, "#!/bin/sh\n");
+		fwrite($fd, "/usr/local/sbin/spamdb -d {$srcip}\n");
+		fwrite($fd, "/usr/local/sbin/spamdb -T -d \"<{$srcip}>\"\n");
+		fwrite($fd, "/usr/local/sbin/spamdb -t -d \"<{$srcip}>\"\n");
+		fwrite($fd, "/usr/local/sbin/spamdb | grep {$srcip}\n");
+		fclose($fd);
+		exec("chmod a+rx /tmp/execcmds");
+		system("/bin/sh /tmp/execcmds");
+		config_unlock();
+		exit;
 	} else if($action == "spamtrap") {
 		exec("/usr/local/sbin/spamdb -a {$srcip} -T");
+		exit;
 	} else if($action == "trapped") {
 		exec("/usr/local/sbin/spamdb -a {$srcip} -t");
+		exit;
 	}
 	/* signal a reload for real time effect. */
 	mwexec("killall -HUP spamlogd");
diff --git a/packages/spamd_verify_to_email_addresses.php b/packages/spamd_verify_to_email_addresses.php
new file mode 100644
index 00000000..6299d4a1
--- /dev/null
+++ b/packages/spamd_verify_to_email_addresses.php
@@ -0,0 +1,87 @@
+<?php
+
+/*
+ *    pfSense spamd mousetrap
+ *    (C)2006 Scott Ullrich
+ *    
+ *    Reads in an external list of c/r
+ *    seperated valid e-mail addresses
+ *    and then looks to see waiting grey-
+ *    listed servers.   if the server is
+ *    sending to an invalid e-mail address
+ *    then add them to spamtrap.
+ *
+ *    XXX:
+ *        * Add flag to blacklist a server after receiving X
+ *          attempts at a delivery with invalid to: addresses.
+ *         
+ */
+  
+require("config.inc");
+require("functions.inc");
+
+/* path to script that outputs c/r seperated e-mail addresses */
+$server_to_pull_data_from = "http://10.0.0.11/exchexp.asp";
+
+/* to enable debugging, change false to true */
+$debug = true;
+
+/* fetch down the latest list from server */
+if($debug) {
+    /* fetch without quiet mode */
+    exec("fetch $quiet -o /tmp/emaillist.txt {$server_to_pull_data_from}");
+} else {
+    /* fetch with quiet mode */
+    exec("fetch -q -o /tmp/emaillist.txt {$server_to_pull_data_from}");
+}
+
+/* test if file exists, if not, bail. */
+if(!file_exists("/tmp/emaillist.txt")) {
+    if($debug)
+        echo "Could not fetch $server_to_pull_data_from\n";
+    exit;
+}
+
+/* clean up and split up results */
+$fetched_file = strtolower(file_get_contents("/tmp/emaillist.txt"));
+$valid_list = split("\n", $fetched_file);
+$grey_hosts = split("\n", `spamdb | grep GREY`);
+
+if($debug) {
+    /* echo out all our valid hosts */
+    foreach($valid_list as $valid) 
+        echo "VALID: ||$valid||\n";
+}
+
+/* traverse list and find the dictionary attackers, etc */
+foreach($grey_hosts as $grey) {
+    if(trim($grey) == "")
+        continue;
+    /* clean up and further break down values */
+    $grey_lower = strtolower($grey);
+    $grey_lower = str_replace("<","",$grey_lower);
+    $grey_lower = str_replace(">","",$grey_lower);
+    $grey_split = split("\|", $grey_lower);
+    $email_from = strtolower($grey_split[2]);
+    $email_to   = strtolower($grey_split[3]);
+    $server_ip  = strtolower($grey_split[1]);
+    if($debug) 
+        echo "Testing $email_from | $email_to \n";
+    if (in_array($email_to, $valid_list)) {
+        if($debug) 
+            echo "$email_to is in the valid list\n";
+    } else {
+        /* spammer picked the wrong person to mess with */
+        if($server_ip) {
+            echo "/usr/local/sbin/spamdb -T -a $server_ip\n";
+            $result = exec("/usr/local/sbin/spamdb -T -a $server_ip\n");
+        } else {
+            if($debug) 
+                echo "Could not locate server ip address.";
+        }
+        if($debug) 
+            echo "Script result code: {$result}\n";
+    }
+}
+
+?>
\ No newline at end of file
-- 
cgit v1.2.3