http://linux.ufaras.ru/SendmailACL.html ----------------------------------------- LOCAL_CONFIG # Macro D{Rcpts}0 D{Spam_Check}1 D{Null_Check}0 #For full log to maillog Ksyslog syslog Kstorage macro Kcomp arith KDenied_IP hash /etc/mail/Denied_IP KNOSPAM0 regex -a@MATCH tsalenko|alert|workshop|ideal|-job-|rashit|rollover KSPAM1 regex -a@MATCH ^([[:alnum:]]*)(_+)([[:alnum:]]*)(_+)([[:alnum:]]*)(_+)[[:alnum:]_]*$ KSPA21 regex -a@MATCH movie|woman|discount|astrolog|nomail|ad{1,}res|v.agra|rassylk|anonymous|game|dollar|offer|deal|bonus|casino|re[kc]lam|office|noemail|nouser|sms|prize|sale|job|market|money|cash|shop|xxx|sex|donna|girl|adult|fuck|honey|sweet|porno|playboy|love|lolita|penis|c[0o]ck|kiss|romantic|zhifa|customer|britney|buhuchet|lopez|club|flash|extrem|shit KSPA22 regex -a@MATCH mexic|prodigy|americano|ondagrup|futbol KSPAM2 sequence SPA21 SPA22 KSPAM3 regex -a@MATCH ^[[:digit:]]{5,}$ KSPAM4 regex -a@MATCH ^([[:digit:]]+)([-+=._~]+)([[:digit:]]+)[[:alnum:]+=._~-]*$ KNOSPAM01 regex -a@MATCH .*S0-OTT-XSMTP.*.NRCan.gc.ca.*|web.*mail.yahoo.com|btr0x1.rz.uni-|.+ufanet.ru|.+rh.rit.edu|.*adecco.it KSPAM7 regex -a@MATCH [0-9]+[._-]+[0-9]+[._-]+[0-9]+.+\[.+\] KSPAM8 regex -a@MATCH ppp|customer|dhcp|dial|cable|modem|adsl|dynamic KChSb regex -a@CATCHED tsalenko|alert|workshop|ideal|-job-|rashit|rollover #Was removed: \$$[[:digit:]]+|[[:digit:]]+\$$|цены, рубл, $, dollar KChSbSpam regex -a@CATCHED language.+center|toefl|game|woman|discount|casino|rassylk|reklam|reclam|prize|sale|cash|bonus|money|game|donna|girl|adult|fuck|honey|sweet|porno|c[0o]ck|play.*boy|\.love|lolita|penis|movie|darling|vi.agra KChSbSpam2 regex -a@CATCHED [[:digit:]]+%|\.ass\.|\.sex|titt|nude|\.DVD|.+vogue|\.elle|harper's.+bazaar|marie.+claire|astrolog|viagra|fetish|\.oral|shit|topless|orgy|\.suck\.|shop|lesbo|mobil|kiss|\.sms\.|motors|business|english|drink|customer|britney|buhuchet|\.club|lopez # win-1251:Д[д]еловой|ДЕЛОВОЙ|Р[р]азговорный|РАЗГОВОРНЫЙ|БИЗНЕС|Ббизнес|koi-8:Дделовой|ДЕЛОВОЙ|РАЗГОВОРНЫЙ|Рразговорный|Бизнес|БИЗНЕС|н г л и й с к | Н Г Л И Й С К|язык| а н г л | м е р и к а н с к KChSbRuSpam1 regex -a@CATCHED Pr6Onx6ujp|zcPLyMnR|3j6\+jp8e|M3Dy8jJ0|DNw8vIydH|Dt4\+vo6fHq|zsfMycrTy|7ufs6erz|7n7Onq8\+v|7HzMnK08v|x8zJytPLy|Hu5\+zp6vP|=CE.*=C7.*=CC.*=C9.*=CA.*=D3.*=CB|=EE.*=E7.*=EC.*=E9.*=EA.*=F3.*=EB|[ГШЙ|[юЮ][мМ][цЦ][кК]|[лЛ].?[еЕ].?[пП].?[хХ].?[йЙ].?[юЮ].?[мМ].?[яЯ].?[йЙ] # с к и д к | п о д а р | р е к л а м |Научитесь понимать|курс рубл|руководите| с упер| О Т Д Ы Х |аркетинг| ш т а м п | р ынок KChSbRuSpam3 regex -a@CATCHED [яЯ][йЙ][хХ][дД][йЙ]|[оО][нН][дД][юЮ][пП]|[пП][еЕ][йЙ][кК][юЮ][лЛ]|мЮСВХРЕЯЭ\.ОНМХЛЮРЭ|ЙСПЯ\.ПСАК|ПСЙНБНАХРЕ|[яЯ]СОЕП|[нН][рР][дД][шШ][уУ]|ЮПЙЕРХМЦ|[ьЬ].?[Рр].?[Юю].?[Лл].?[Оо]|[Бб]ШУНД # ю ридич|утешеств| т ренинг|истрибьют|тратеги| н алог|ухгалтер|ффективны|редлагаем|отрудничеств|отели знать|аш сайт| т ариф| п окуп| п рода|изнес|роизнош |азговор |есплат| к урорт| б а з а(ы) | дДеньг| о птомвм | у чеб| р ассыл KChSbRuSpam4 regex -a@CATCHED [чЧ]ПХДХВ|СРЕЬЕЯРБ|[рР]ПЕМХМЦ|ХЯРПХАЭЧР|РПЮРЕЦХ|\.[мМ]ЮКНЦ|СУЦЮКРЕП|ТТЕЙРХБМШ|ПЕДКЮЦЮЕЛ|НРПСДМХВЕЯРБ|НРЕКХ\.ГМЮРЭ|ЮЬ\.ЯЮИР|[Рр]ЮПХТ|[оО]НЙСО|[оО]ПНДЮ|ХГМЕЯ|П.*Н.*Х.*Г.*М.*Н.*Ь|Ю.*Г.*Ц.*Н.*Б.*Н.*П|ЕЯОКЮР|[уУ]ЙСЫНР|[аА][юЮ][гГ][юЮшШ]|[Аа]МЭЦХ|[Нн]ОРН[БЛ]|[бБ]МХЛ|[Пп]ЮЯЯШК KChSbRuSpam5 regex -a@CATCHED юридич|утешеств|[тТ]ренинг|истрибьют|тратегия|ухгалтер|ачальник|тариф|девушк|дисконт|английск|выставк|ярмарк|скидк|распродаж|реклам|знакомств|секс|рассыл|фильм|отд[оы]х|каникул|[Cс]отрудничест|[Пп]редлагаем|[Ээ]ффективн|[оО]тдых KChSbRuSpam6 regex -a@CATCHED покуп|продаж|изнес|мышлен|произнош|язык|есплатн|курорт|маркетинг|печат|визит|обучение|деньг|опто[мв]|[а]ренда|[Сс]клад|[Оо]фис|[Пп]редлаг|[Пп]редлож|[гГ]р[уy]зчи KCH1 regex -a@YES outblaze|check1check|mindspring|bigfoot|funnymail|bellsouth.net|tiscali.it|wanadoo.fr|nic.*olastse.(com|net)|videotron.ca|blueyonder|westcall[.]|mailcity[.]|mexico|comcast.net|earthlink.com|libertysurf.net|mozartmail.com|telepac.pt|edomex.com|quintanaroo.com|telia.com|hideakifan.com|icq.com|delphi.com|optonline.net KCH2 regex -a@YES 216.200.145.37|sunrise.ch|videotron.ca|netvision.net|user.msu.edu|guadalupano.com|chello.nl|midco.net|irex.ru|gmx.de|mexican..com|adelphia.net|telepac.pt|louiskoo.com|rickymail.com|terra.com.br|home.nl|slamdunkfan.com|barak.net.il|client.*attbi.com|concentric.com|mplik.ru|veloxzone.com.br|wartaponsel.com|bezeqint.net KChHeader sequence CH1 CH2 KCheckRcpt1 regex -n -a@NOLIST1 ^<(adm|.+master|root)@(.*yourdomain\.ru|\[k\.l\.m\.n\]|\[127\.0\.0\.1\]|localhost|localhost.localdomain|your_other_name.ru)>$ KChMId regex -n -a@NOTMY yourdomain\.ru LOCAL_RULESETS SLocal_check_rcpt # empty address? R<> $#error $@ nouser $: "553 User address required" R$@ $#error $@ nouser $: "553 User address required" R$+ $: $(CheckRcpt1 $1 $:$1 $) R@NOLIST1 $: $(storage {Spam_Check} $@ $&{Null_Check} $) ###################################################################### ### Subject, Mailer, Server, Header & Message ID Check ###################################################################### HFrom: $>CheckFrom SCheckFrom R$* $: $1 $| <$&{Spam_Check}> R$* $| <0> $@ OK R$* $| $* $: $1 R$* $: $(storage {From} $@ $1 $) $1 ### Macros $&_ ($&{client_addr} & $&{client_name} checking R$* $: $(NOSPAM01 $&_ $) R@MATCH $@ OK R$* $: $(SPAM7 $&_ $) R@MATCH $#error $: 553 Sorry, Your relay looks like SPAM7-relay: $&_. If not, please contact the postmaster@yourdomain.ru via another relay-ip. R$* $: $(SPAM8 $&_ $) R@MATCH $#error $: 553 Sorry, Your relay looks like SPAM8-relay: $&_. If not, please contact the postmaster@yourdomain.ru via another relay-ip. R$* $: $&{client_addr} R$-.$-.$-.$- $: $(Denied_IP $1.$2.$3.$4 $) RDISCARD $#error $: 553 We get a lot of SPAM9 from your relay-ip: $&{client_addr}. If you are not a spamer, please contact the postmaster@yourdomain.ru via another relay-ip. ### From: checking R$* $: $&{From} R$* $: $(syslog $&{From} $) $1 # Clear the macro for the next message R$* $: $(storage {From} $) $1 R$*<$+@$+> $: $(SPAM2 $3 $: <$2@$3> $) R@MATCH $#error $: 553 Sorry, Your e-mail address looks like SPAM2 (please see: http://www.yourdomain.ru/postmaster.html ). If not, please contact the postmaster@yourdomain.ru via another e-mail address. R<$+@$+> $: $(NOSPAM0 $1 $: <$1@$2> $) R@MATCH $@ OK R<$+@$+> $: $(SPAM1 $1 $: <$1@$2> $) R@MATCH $#error $: 553 Sorry, Your e-mail address looks like SPAM1 (please see: http://www.yourdomain.ru/postmaster.html ). If not, please contact the postmaster@yourdomain.ru via another e-mail address. R<$+@$+> $: $(SPAM2 $1 $: <$1@$2> $) R@MATCH $#error $: 553 Sorry, Your e-mail address looks like SPAM2 (please see: http://www.yourdomain.ru/postmaster.html ). If not, please contact the postmaster@yourdomain.ru via another e-mail address. R<$+@$+> $: $(SPAM3 $1 $: <$1@$2> $) R@MATCH $#error $: 553 Sorry, Your e-mail address looks like SPAM3 (please see: http://www.yourdomain.ru/postmaster.html ). If not, please contact the postmaster@yourdomain.ru via another e-mail address. R<$+@$+> $: $(SPAM4 $1 $: <$1@$2> $) R@MATCH $#error $: 553 Sorry, Your e-mail address looks like SPAM4 (please see: http://www.yourdomain.ru/postmaster.html ). If not, please contact the postmaster@yourdomain.ru via another e-mail address. ### HSubject: $>Check_Subject SCheck_Subject R$* $: $1 $| <$&{Spam_Check}> R$* $| <0> $@ OK R$* $| $* $: $1 R$+ $: $(ChSb $1 $) R@CATCHED $@ OK R$+ $: $(ChSbSpam $1 $) R@CATCHED $#error $: 553 Sorry, Your subject looks like SPam. If not, please contact the postmaster@yourdomain.ru with no subject. R$+ $: $(ChSbSpam2 $1 $) R@CATCHED $#error $: 553 Sorry, Your subject looks like SPam2. If not, please contact the postmaster@yourdomain.ru with no subject. R$+ $: $(ChSbRuSpam1 $1 $) R@CATCHED $#error $: 553 Sorry, Your subject looks like ruSPam1. If not, please contact the postmaster@yourdomain.ru with no subject. R$+ $: $(ChSbRuSpam3 $1 $) R@CATCHED $#error $: 553 Sorry, Your subject looks like ruSPam3. If not, please contact the postmaster@yourdomain.ru with no subject. R$+ $: $(ChSbRuSpam4 $1 $) R@CATCHED $#error $: 553 Sorry, Your subject looks like ruSPam4. If not, please contact the postmaster@yourdomain.ru with no subject. R$+ $: $(ChSbRuSpam5 $1 $) R@CATCHED $#error $: 553 Sorry, Your subject looks like ruSPam5. If not, please contact the postmaster@yourdomain.ru with no subject. R$+ $: $(ChSbRuSpam6 $1 $) R@CATCHED $#error $: 553 Sorry, Your subject looks like ruSPam6. If not, please contact the postmaster@yourdomain.ru with no subject. ################################################## # http://www.softerra.ru/freeos/19480/page1.html # ################################################## HX-Mailer: $>CheckMailer HX-Server: $>CheckMailer SCheckMailer R$* $: $1 $| <$&{Spam_Check}> R$* $| <0> $@ OK R$* $| $* $: $1 RAdvanced Direct Remailer $* $#error $@ 5.7.1 $: "554 Spam (ADR)" RAdvanced Mass Sender $* $#error $@ 5.7.1 $: "554 Spam (AMS)" RSpammer $* $#error $@ 5.7.1 $: "554 Spam (Spammer)" R$* Bomber $* $#error $@ 5.7.1 $: "554 Spam (Bomber)" RMega-Mailer $* $#error $@ 5.7.1 $: "554 Spam (Mega-Mailer)" RMMailer $* $#error $@ 5.7.1 $: "554 Spam (MMailer)" RMailer $* $#error $@ 5.7.1 $: "554 Spam (Mailer)" RLigra Mailer $* $#error $@ 5.7.1 $: "554 Spam (Ligra Mailer)" RDynamic Opt-In Emailer $* $#error $@ 5.7.1 $: "554 Spam(Dynamic Opt-In Emailer)" R$* Group Spamer $#error $@ 5.7.1 $: "554 Spam (WE Group Spamer)" RMail Sender $* $#error $@ 5.7.1 $: "554 Spam (Mail Sender)" RMail Service $* $#error $@ 5.7.1 $: "554 Spam (Mail Service)" RMailloop $* $#error $@ 5.7.1 $: "554 Spam (Mailloop)" RPersMail $* $#error $@ 5.7.1 $: "554 Spam (PersMail)" RLK SendIt $* $#error $@ 5.7.1 $: "554 Spam (LK SendIt)" RWC Mail $* $#error $@ 5.7.1 $: "554 Spam (WC Mail)" RZUBA ZUB $* $#error $@ 5.7.1 $: "554 Spam (ZUBA ZUB)" RMailList Express $* $#error $@ 5.7.1 $: "554 Spam (MailList Express)" RCaretop $* $#error $@ 5.7.1 $: "554 Spam (Caretop)" RMailer Signature $#error $@ 5.7.1 $: "554 Spam (Mailer Si)" Rnone $#error $@ 5.7.1 $: "554 Spam (none)" RPG-MAILINGLIST $#error $@ 5.7.1 $: "554 Spam (PG-MAILINGLIST)" R$* advcomtest $* $#error $@ 5.7.1 $: "554 Spam (advcomtest)" Ryo yo mail $#error $@ 5.7.1 $: "554 Spam (yo yo mail)" RZanziMailer $* $#error $@ 5.7.1 $: "554 Spam (ZanziMailer)" # Настоящий Outlook имеет версию вида: 5.0.23123244 RMicrosoft Outlook Express 5.0 $#error $@ 5.7.1 $: "554 Spam (Microsoft Outlook Express 5.0)" RVersion 5.0 $#error $@ 5.7.1 $: "554 Spam (Version 5.0)" # Заблокируем все мейлеры с названием только из одного слова: Rnethack $@ OK RZ-Mail-SGI $@ OK RDipost $@ OK RSquirrelMail $@ OK R$- $#error $@ 5.7.1 $: "554 Spam (one-word mailer)" # Заблокируем письма с пустым заголовком R$* $: < $1 > R< > $#error $@ 5.7.1 $: "554 Illegal header (empty header)" R$* $@ OK HTo: $>CheckTo HCc: $>CheckTo HMessage-ID: $>CheckMessageID # проверим поле To на "undisclosed-recipients;" или "undisclosed recipient" # комбинации могут быть практически произвольными. SCheckTo R$* $: $1 $| <$&{Spam_Check}> R$* $| <0> $@ OK R$* $| $* $: $1 R$*Recipient$* $#error $@ 5.7.1 $: "554 Unspecified Mailbox ID" R$*Undisclosed$* $#error $@ 5.7.1 $: "554 Unspecified Mailbox ID" #проверим правильность формата поля Message-ID (оно должно быть в формате идентификатор@домен). SCheckMessageID # Record the presence of the header MessageId R$* $: $(storage {MessageIdCheck} $@ $1 $) $1 R$* $: $1 $| <$&{Spam_Check}> R$* $| <0> $@ OK R$* $| $* $: $1 R< $+ @ $+ > $@ OK R$* $#error $: "553 Header Error 1: Bad Message ID: $&{MessageIdCheck}" HReceived: $>+CheckReceived # Record the presence of the header Received SCheckReceived R$* $: $(storage {ReceivedCheck} $@ OK $) $1 #R$* $: $1 $| <$&{Spam_Check}> #R$* $| <0> $@ OK #R$* $| $* $: $1 R$* $: $(ChHeader $1 $) R@YES $#error $: "553 Bad Header 2: relaying denied." R$* $@ OK H*: $>+CheckHeader SCheckHeader #R$* $: $1 $| <$&{Spam_Check}> #R$* $| <0> $@ OK #R$* $| $* $: $1 R$* $: $(ChHeader $&{currHeader} $) R@YES $#error $: "553 Bad Header 1: relaying denied." Scheck_eoh #R$* $: $1 $| <$&{Spam_Check}> #R$* $| <0> $@ OK #R$* $| $* $: $1 ##R$* $: $(syslog <$&{Spam_Check}> $) $1 # Check the macro $&{ReceivedCheck} R$* $: < $&{ReceivedCheck} > # Clear the macro for the next message R$* $: $(storage {ReceivedCheck} $) $1 # Has a Received: header R< $+ > $@ OK # Allow missing Received from local mail R$* $: < $&{client_addr} > R< $* $=R $* > $@ OK # Allow missing Message-Id: or Received from smtp-authenticated mail R$* $: < $&{auth_authen} > R< $+ > $@ OK # Check the macro < $&{MessageIdCheck} > R$* $: < $&{MessageIdCheck} > # Clear the macro for the next message R$* $: $(storage {MessageIdCheck} $) $1 # Has my domain name in the Message-Id: header R<$+@$+> $: $(ChMId $2 $: $1@$2 $) R$* $: $(syslog $1 $) $1 R@NOTMY $@ OK # Otherwise, reject the mail R$* $#error $: "553 Header Error 2: relaying denied." #My check-rules are done.