DNS-BL
view release on metacpan or search on metacpan
contrib/spamtrap view on Meta::CPAN
}
}
$fh_list->close;
exit $ret;
}
else
{
# We will keep a copy of the message, in order to safely store it
# if required to.
my $msg = join('', <STDIN>);
exit perform '<STDIN>', \$msg;
}
__END__
=pod
=head1 NAME
spamtrap - Manage a spamtrap and produce DNS::BL commands to respond
=head1 SYNOPSIS
spamtrap [-A accept-subnets] [-a archive-dir] [-C complaint-template]
[-S spam-whitelist] [-s spam-dnsbl-commands] [-D dul-whitelist]
[-d dul-dnsbl-commands] [-F] [-f sample-list] [-H policy-string]
[-h] [-I path-substitute] [-i index-file] [-k score-file] [-l]
[-m match-regexp] [-O own-subnets] [-o own-abuse-address]
[-r mail-relay] [-T tag] [-t] [-u] [-v] [-V] [-W whois-cache-dir]
[-w whois-server] [-X exclude-subnets]
=head1 DESCRIPTION
This program is meant to be used in procmail recipes serving spamtrap
and/or spam reporting addresses. Its main functions include:
=over 4
=item B<Evidence archiving>
When instructed to do so, each processed spam sample is stored in a
file within a path. The file name is unique and encodes the timestamp
of spam processing.
=item B<Multiple DNSBL listings per spam sample>
When specified, commands can be produced to update two dnsbls. The
first dnsbl, referred to as 'spam-dnsbl', will contain entries for
/32s that sent spam to our known mail servers.
The second dnsbl, referred to as 'dul-dnsbl', will include entries for
/24s where the /32s are located, if said /32 does not pass a set of
heuristic tests designed to locate space of a dynamic nature.
=item B<Understands various forms of complex complaints>
When deployed in an address used by users to report spam, will attempt
to find the spam headers within attachments, possibly including
decoded uuencoded and base64 parts. Multiple header sets can be
analyzed in a single complaint, which will be archived separatedly.
=item B<Keeps an index of spam samples>
An external index, maintained with L<MLDBM>, L<Storable> and
L<DB_File>. This is very useful to quickly locate evidence related to
a given IP address.
=item B<Flexible whitelisting>
Various whitelists can be specified in configuration files. Files are
composed of one-line regular expressions. Perl comments and whitespace
can be added for documentation purposes.
=item B<Score-based blacklisting>
Optionally, a score or "spam history" can be kept for the IP space and
domains identified with analyzed samples. This history can be used to
implement thresholds for blacklisting, adding hosts only after a
certain number of spam samples have been collected.
=back
The following options control the behaviour of this script.
=over 4
=item B<-A accept-subnets>
B<accept-subnets> is a comma-separated list of subnets, specified in
any format that L<NetAddr::IP> will understand. When IP addresses
found in matching B<Received:> headers are found, they are rejected if
they don't fall within the networks given by this option.
When the option is unspecified, all IP addresses are accepted.
=item B<-a archive-dir>
Causes the current message to be archived at the supplied directory,
which must exist and be writeable. If these conditions are not met,
processing is aborted.
The file name will be of the form
<timestamp>-<hash>
Where E<lt>timestampE<gt> is the number of seconds since the epoch and
E<lt>hashE<gt> is the MD5 in hex of the message. Note that this feature
requires the L<Digest::MD5> module.
=item B<-C complaint-template>
If specified, use the supplied file as a L<Text::Template> for
producing an automated abuse complaint. See the supplied example for
guidance in writing your own.
=item B<-D dul-whitelist>
If specified, B<dul-whitelist> is the name of a whitelist file that is
applied to the IP addresses and names being considered for dul
( run in 0.847 second using v1.01-cache-2.11-cpan-600a1bdf6e4 )