Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

spamtrap/honeypot, backscatterer #161

Closed
wants to merge 1 commit into from
Closed

spamtrap/honeypot, backscatterer #161

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions docs/vexim-acl-check-rcpt.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,18 @@
# spamtrap write sender IP to BL file when receiving messages to special
# adresses defined in the file 'CONFDIR/spamtrap_receiver'
deny
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You really want to deny the message? Then it will be removed from the spammers list. I mean you want to receive spam on this spamtrap.

message = ${run{/bin/bash -c "/bin/echo $sender_host_address >> /etc/exim4/local_host_blacklist;"}}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And where is /etc/exim4/local_host_blacklist used? If you block mails from hosts in /etc/exim4/local_host_blacklist you have to consider that only an account was hijacked (gmail, yahoo, ...) and also a grace period after which you remove the host.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/etc/exim4/conf.d/acl/30_exim4-config_check_rcpt
around line 216:

  # deny bad sites (IP address)
  # CONFDIR/local_host_blacklist holds a list of host names, IP addresses
  # and networks (CIDR notation)  that should have their access denied to
  # The local host. Messages coming in from a listed host will have all
  # RCPT statements rejected.
  #
  # The explicit white lists are honored as well as negative items in
  # the black list. See exim4-config_files(5) for details.
  deny
    message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
    !acl = acl_local_deny_exceptions
    hosts = ${if exists{CONFDIR/local_host_blacklist}\
                 {CONFDIR/local_host_blacklist}\
                 {}}

condition = ${lookup{$local_part@$domain}lsearch{CONFDIR/spamtrap_receiver} {yes}{no}}
logwrite = :main,reject: $sender_host_address - IP logged, $local_part@$domain is only used by spammers

# drop backscatterer messages
deny
senders = : $local_part@$domain
dnslists = ips.backscatterer.org
add_header = X-blacklisted-at: $dnslist_domain
log_message = sender same as recipient $local_part@$domain and $sender_host_address listed at $dnslist_domain


# Use spfquery to perform a pair of SPF checks (for details, see
# http://www.openspf.org/)
# This check has been copied from a stock Debian config and has not been
Expand Down