AntiSpam(8) AntiSpam(8)
- -
Jan 2000
NAME
antispam - allow pop users to use relay to send mail
SYNOPSIS
antispam
DESCRIPTION
This program is a daemon that keeps an eye on the mail log and watches
for POP3 logins on the machine. For each successful POP3 login
antispam keeps a record of the originating machine's IP and allows it
to use the local mail relay.
The deamon keeps two hash files where it stores the IPs of authorised
machines. The first hashed is for internal use and stores the IPs and
the time at which the login was made (for timeout purposes). The
second hash is shared with sendmail (or whatever mailer is in use).
The mailer must search this additional file for IP's that it should
allow relaying to.
CONFIGURATION
The progam has a config file ( /etc/antispam.cfg ) which it will open
upon startup. Options on that file are specified on a one-per-line
basis. Paramenters with more than one word must be double quoted
(example: log "my anti spamming log"). Lines beginning with '#' are
ignored.
Available config file options:
log <logfile>
This is the file where antispam will record all it's activity. If
not specified defaults to /var/log/antispam
maillog <logfile>
This is the file where antispam will look for all successful POP3
logins (example: /var/log/maillog). This parameter is mandatory.
runtimedb <hashfile>
Location of antispam's runtime hash. This is where antispam will
keep track of the currently authorised IP's and their respective
expiry times. If not specified defaults to /var/run/antispam.db
ip_allow <hashfile>
Hash where antispam will "inform" the mailer of IPs that are
allowed to use the relay (example: /. The mailer must be
configured to consult this hash and allow relaying to all the IPs
in it (see below). This parameter is mandatory.
timeout <minutes>
- 1 - Formatted: December 17, 2025
AntiSpam(8) AntiSpam(8)
- -
Jan 2000
Time after which the authorization will expire. That is... after
the last successful POP3 login from an IP, the number of minutes
that the same IP will be allowed to use the relay. If not
specified defaults to 10 minutes.
check <minutes>
Time between checks for expiry. Every x minutes antispam will go
through the authorised IP's list and wipe those with expired
autorization. The check time must be inferior to the timeout
value, otherwise they'll be swapped. If not specified defaults to
1 minute.
resolvenames <value>
Should antispam check the dns names of the pop3 clients before
authorizing them? This can take two values: 0 or 1. If it's 0,
antispam won't resolve the hostname in POP3 and match it's IP
against the one where the connection came from. If it's 1,
antispam WILL resolve the hostname in POP3 and if it's different
from the one where the connection came from there will be no
authorization and a warning will be issued in the log.
ignore_ip <IP>
This option makes antispam ignore the specified IP (example:
ignore_ip 192.168.1.1). If there's a successful POP3 login from
that IP, it will NOT be added to the authorized list. POP3 login
ignore_net <network>
Same as ignore_ip but this one only matches the beginning of the
remote IP (example: ignore_net 192.168.1. ). Usefull to avoid
authorizing IPs from your own network that are already authorised
by default.
ignore_host <host>
This option is identical to ignore_ip but matches the hostname
instead of the IP. If you want to make it clear on the config
file which hosts you're ignoring use this (example: ignore_host
relay.outter.net) If the hosts don't have a reverse DNS sentry
for their IPs then use ignore_ip
ignore_domain <domain>
Same as ignore_host but this one only matches the end the remote
host (example: ignore_domain .outter.friendly.net ). Usefull to
avoid keeping authorizing our own domains that are already
authorised by default.
You can have several ignore_ip, ignore_net, ignore_host and
ignore_domain directives in your config file. If any of them matches a
POP3 login, that login will not be taken into account regarding
authorization.
- 2 - Formatted: December 17, 2025
AntiSpam(8) AntiSpam(8)
- -
Jan 2000
INSTALLATION
Setting up the files
Create your config file, and put the antispam in /usr/sbin. You can
also copy the antispam.init script to your /etc/rc.d/init.d/
directory.
Configuring the mailer
This is the tricky part. I use sendmail (no flames please). I changed
my sendmail.cf by including the following line: Kantispam hash
/etc/mail/ip_allow.db
This will add an hash map called 'antispam'. Now we have to make
sendmail consult this map before rejecting the relaying of a mail. The
hash map that antispam generates for sendmail (or any other mailer
that supports hash maps) has a key/value pair. The key is the IP
itself and the value is 'OK'.
I'm not a sendmail gury by any means but I changed my check_rcpt rule
from:
Scheck_rcpt
# first: get client address
R$+ $: $(dequote "" $&{client_addr} $) $| $1
R0 $| $* $@ ok client_addr is 0 for sendmail -bs
R$={LocalIP}$* $| $* $@ ok from here
# next: get client name
R$* $| $+ $: $(dequote "" $&{client_name} $) $| $2
R $| $* $@ ok no client name: directly invoked
#R$- $| $* $@ ok for those without full DNS...
R$*$=w $| $* $@ ok from here
R$*$={LocalNames} $| $* $@ ok from allowed system
# now check other side
R$* $| $* $: $>3 $2
# remove local part
R$*<@$+.>$* $: $>remove_local $1<@$2.>$3
# still something left?
R$*<@$+>$* $#error $@ 5.7.1 $: 551 we do not relay
to
Scheck_rcpt
# first: get client address
R$+ $: $(dequote "" $&{client_addr} $) $| $1
R0 $| $* $@ ok client_addr is 0 for sendmail -bs
R$={LocalIP}$* $| $* $@ ok from here
R$* $| $+ $: $(antispam $1 $) $| $2 # !! Consult the map
- 3 - Formatted: December 17, 2025
AntiSpam(8) AntiSpam(8)
- -
Jan 2000
Rok $| $+ $@ ok # !! Matches 'ok'? Let it pass
# next: get client name
R$* $| $+ $: $(dequote "" $&{client_name} $) $| $2
R $| $* $@ ok no client name: directly invoked
#R$- $| $* $@ ok for those without full DNS...
R$*$=w $| $* $@ ok from here
R$*$={LocalNames} $| $* $@ ok from allowed system
# now check other side
R$* $| $* $: $>3 $2
# remove local part
R$*<@$+.>$* $: $>remove_local $1<@$2.>$3
# still something left?
R$*<@$+>$* $#error $@ 5.7.1 $: 551 we do not relay
Getting it up and running
Just call /usr/sbin/antispam. If everything's ok with the config file
it will become a daemon, fork a 'tail -f' to your maillog file and
start working.
Do a 'tail -f /var/log/antispam' (or whatever log file you named in
the config) and do a POP on the server. If the machine you "popped"
from isn't on the "ignore list" you should see something like:
[Thu Nov 11 17:09:29 1999] Authorized an.internet.host [192.168.1.1]
to use smtp
When the timeout you defined expires you should see something like:
[Thu Nov 11 16:55:04 1999] Disallowing 192.168.1.1 to use smtp
It is usual to see several "authorized" lines for the same host/ip
before the "disallowing" line itself. If the host does a POP before
it's expiry time passes there won't be multiple instances of it's IP
on the database. Instead his expiry time will be updated.
Also, if you kill antispam with entries on the database, they'll
remain permanently authorized for the mailer. Altough, when antispam
is brought up running again it'll erase those that have expired. So,
if antispam crashes (never happened, really :) ) you won't end up with
permanently authorized hosts when you "reboot" it.
Log Rotating
If you wish to rotate antispam's logs you'll have to terminate it
(send it a TERM signal: 'killall -TERM antispam'), rotate the logs and
launch it again.
I usually create a antispam.conf file on the /etc/logrotate.d/
directory containing:
- 4 - Formatted: December 17, 2025
AntiSpam(8) AntiSpam(8)
- -
Jan 2000
/var/log/antispam {
daily
missingok
postrotate
/etc/rc.d/init.d/antispam.init restart > /dev/null
endscript
}
BUGS
Maybe lots of them... you tell me.
REPORTING BUGS
Report bugs to <alf@linuxbox.com>.
FILES
/etc/antispam.cfg /var/run/antispam.db /var/log/antispam
/etc/mail/ip_allow.db
ACKOWLEDGMENTS
Thanks to Jose Legatheaux Martins for coming up to me with the idea.
Thanks to Carlos Canau for encouraging me to give it a finishing
touch, correcting lots of imperfections, the bug tracking and lots of
ideas.
AUTHOR
AntiSpam was made by Pedro Almeida <alf@alf.linuxbox.com>
COPYRIGHT
This is free software; see the source for copying conditions. There
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
- 5 - Formatted: December 17, 2025
