Next: Reserved Words, Previous: Preprocessor, Up: MFL [Contents][Index]
In this section we will discuss a working example of the filter script file. For the ease of illustration, it is divided in several sections. Each section is prefaced with a comment explaining its function.
This filter assumes that the mailfromd.conf file contains the following:
relayed-domain-file (/etc/mail/sendmail.cw, /etc/mail/relay-domains); io-timeout 33; database cache { negative-expire-interval 1 day; positive-expire-interval 2 weeks; };
Of course, the exact parameter settings may vary, what is important
is that they be declared. See Mailfromd Configuration, for a
description of mailfromd
configuration file syntax.
Now, let’s return to the script. Its first part defines the configuration settings for this host:
#pragma regex +extended +icase set mailfrom_address "<>" set ehlo_domain "gnu.org.ua"
The second part loads the necessary source modules:
require 'status' require 'dns' require 'rateok'
Next we define envfrom
handler. In the first two rules, it
accepts all mails coming from the null address and from the machines
which we relay:
prog envfrom do if $f = "" accept elif relayed hostname($client_addr) accept elif hostname($client_addr) = $client_addr reject 550 5.7.7 "IP address does not resolve"
Next rule rejects all messages coming from hosts with dynamic IP addresses. A regular expression used to catch such hosts is not 100% fail-proof, but it tries to cover most existing host naming patterns:
elif hostname($client_addr) matches ".*(adsl|sdsl|hdsl|ldsl|xdsl|dialin|dialup|\ ppp|dhcp|dynamic|[-.]cpe[-.]).*" reject 550 5.7.1 "Use your SMTP relay"
Messages coming from the machines whose host names contain something similar to an IP are subject to strict checking:
elif hostname($client_addr) matches ".*[0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}[-.][0-9]{1,3}.*" on poll host $client_addr for $f do when success: pass when not_found or failure: reject 550 5.1.0 "Sender validity not confirmed" when temp_failure: tempfail done
If the sender domain is relayed by any of the ‘yahoo.com
’
or ‘nameserver.com
’ ‘MX’s, no checks are performed. We
will greylist this message in envrcpt
handler:
elif $f mx fnmatches "*.yahoo.com" or $f mx fnmatches "*.namaeserver.com" pass
Finally, if the message does not meet any of the above conditions, it is verified by the standard procedure:
else on poll $f do when success: pass when not_found or failure: reject 550 5.1.0 "Sender validity not confirmed" when temp_failure: tempfail done fi
At the end of the handler we check if the sender-client pair does not exceed allowed mail sending rate:
if not rateok("$f-$client_addr", interval("1 hour 30 minutes"), 100) tempfail 450 4.7.0 "Mail sending rate exceeded. Try again later" fi done
Next part defines the envrcpt
handler. Its primary purpose
is to greylist messages from some domains that could not be checked
otherwise:
prog envrcpt do set gltime 300 if $f mx fnmatches "*.yahoo.com" or $f mx fnmatches "*.namaeserver.com" and not dbmap("/var/run/whitelist.db", $client_addr) if greylist("$client_addr-$f-$rcpt_addr", gltime) if greylist_seconds_left = gltime tempfail 450 4.7.0 "You are greylisted for %gltime seconds" else tempfail 450 4.7.0 "Still greylisted for " . %greylist_seconds_left . " seconds" fi fi fi done
Next: Reserved Words, Previous: Preprocessor, Up: MFL [Contents][Index]