From 55eddd7accf2c5f9b0f52b22a010c4c4b7c130d1 Mon Sep 17 00:00:00 2001
From: Bill Marquette <bill.marquette@gmail.com>
Date: Fri, 6 Feb 2009 19:18:00 -0600
Subject: mv packages to config dir to match web layout

---
 config/spamd_verify_to_address.php | 144 +++++++++++++++++++++++++++++++++++++
 1 file changed, 144 insertions(+)
 create mode 100644 config/spamd_verify_to_address.php

(limited to 'config/spamd_verify_to_address.php')

diff --git a/config/spamd_verify_to_address.php b/config/spamd_verify_to_address.php
new file mode 100644
index 00000000..56821370
--- /dev/null
+++ b/config/spamd_verify_to_address.php
@@ -0,0 +1,144 @@
+#!/usr/local/bin/php -q
+<?php
+/*
+ *    pfSense spamd mousetrap
+ *    (C)2006 Scott Ullrich
+ *
+ *    Reads in an external list of c/r
+ *    seperated valid e-mail addresses
+ *    and then looks to see waiting grey-
+ *    listed servers.   if the server is
+ *    sending to an invalid e-mail address
+ *    then add them to spamtrap.
+ *
+ *    Directions for usage:
+ *       1.  Download this script to the /root/ directory on your pfSense installation.
+ *       2.  chmod a+rx spamd_verify_to_address.php
+ *       3.  Edit $server_to_pull_data_from to point to a location containing a list of
+ *           all valid email addresses c/r seperated.
+ *       4.  Add spamd_verify_to_address.php to cron or run it by invoking 
+ *          ./spamd_verify_to_address.php manually.
+ *
+ *    XXX/TODO:
+ *        * Add flag to blacklist a server after receiving X
+ *          attempts at a delivery with invalid to: addresses.
+ *
+ */
+
+require("config.inc");
+require("functions.inc");
+
+/* path to script that outputs c/r seperated e-mail addresses */
+$server_to_pull_data_from = "http://10.0.0.11/spamd_exchexp.asp";
+
+/* to enable debugging, change false to true */
+$debug = true;
+
+if($debug)
+        echo "Downloading current valid email list...\n";
+/* fetch down the latest list from server */
+if($debug) {
+    /* fetch without quiet mode */
+    system("fetch -o /tmp/emaillist.txt {$server_to_pull_data_from}");
+} else {
+    /* fetch with quiet mode */
+    system("fetch -q -o /tmp/emaillist.txt {$server_to_pull_data_from}");
+}
+
+/* test if file exists, if not, bail. */
+if(!file_exists("/tmp/emaillist.txt")) {
+    if($debug)
+        echo "Could not fetch $server_to_pull_data_from\n";
+    exit;
+}
+
+/* clean up and split up results */
+$fetched_file = strtolower(file_get_contents("/tmp/emaillist.txt"));
+$valid_list = split("\n", $fetched_file);
+$grey_hosts = split("\n", `spamdb | grep GREY`);
+
+if($fetched_file == "")
+        exit(-1);
+
+if($debug) {
+    /* echo out all our valid hosts */
+    foreach($valid_list as $valid)
+        echo "VALID: ||$valid||\n";
+}
+
+/* suck custom blacklist into array */
+$current_blacklist = split("\n", `cat /var/db/blacklist.txt`);
+/* suck current spamtrap emails into array */
+$current_spamtrap = split("\n", `/usr/local/sbin/spamdb | grep SPAMTRAP | cut -d"|" -f2`);
+/* eliminate <> from email addresses */
+for($x=0; isset($current_spamtrap[$x]); $x++) {
+    $current_spamtrap[$x] = str_replace("<", "", $current_spamtrap[$x]);
+    $current_spamtrap[$x] = str_replace(">", "", $current_spamtrap[$x]);
+}
+
+/* traverse list and find the dictionary attackers, etc */
+foreach($grey_hosts as $grey) {
+    if(trim($grey) == "")
+        continue;
+    /* clean up and further break down values */
+    $grey_lower = strtolower($grey);
+    $grey_lower = str_replace("<","",$grey_lower);
+    $grey_lower = str_replace(">","",$grey_lower);
+    $grey_split = split("\|", $grey_lower);
+    $email_from = strtolower($grey_split[2]);
+    $email_to   = strtolower($grey_split[3]);
+    $server_ip  = strtolower($grey_split[1]);
+    if(in_array($server_ip, $current_blacklist)) {
+        if($debug)
+                echo "$server_ip already in blacklist.\n";
+        continue;
+    }
+    if(in_array($email_to, $current_spamtrap)) {
+        if($email_to)
+                echo "$email_to already in blacklist.\n";
+        continue;        
+    }
+    if($debug)
+        echo "Testing $email_from | $email_to \n";
+    if (in_array($email_to, $valid_list)) {
+        if($debug)
+            echo "$email_to is in the valid list\n";
+    } else {
+        /* spammer picked the wrong person to mess with */
+        if($server_ip) {
+            if($debug)
+                    echo "/usr/local/sbin/spamdb -a $server_ip -t\n";
+            exec("/usr/local/sbin/spamdb -d {$server_ip} 2>/dev/null");
+            exec("/usr/local/sbin/spamdb -d {$server_ip} -T 2>/dev/null");
+            exec("/usr/local/sbin/spamdb -d {$server_ip} -t 2>/dev/null");
+            if($debug)
+                echo "/usr/local/sbin/spamdb -a \"<$email_to>\" -T\n";
+            exec("/usr/local/sbin/spamdb -a \"<$email_to>\" -T");
+            config_lock();
+            system("echo $server_ip >> /var/db/blacklist.txt");
+            config_unlock();
+            $result = mwexec("/usr/local/sbin/spamdb -a $server_ip -t");
+        } else {
+            if($debug)
+                echo "Could not locate server ip address.";
+        }
+        if($debug)
+            echo "Script result code: {$result}\n";
+    }
+}
+
+mwexec("killall -HUP spamlogd");
+
+if($debug) {
+    echo "\nSearch completed.\n\n";
+    echo "Items trapped:              ";
+    system("/usr/local/sbin/spamdb | grep TRAPPED | wc -l");
+    echo "Items spamtrapped:          ";
+    system("/usr/local/sbin/spamdb | grep SPAMTRAP | wc -l");
+    echo "Items in blacklist.txt:     ";
+    system("/sbin/pfctl -t blacklist -T show | wc -l");
+}
+
+mwexec("/sbin/pfctl -q -t blacklist -T replace -f /var/db/blacklist.txt");
+
+?>
\ No newline at end of file
-- 
cgit v1.2.3