s25rtarpitgreylist

I cannot write English. This page translated the machine from Japanese into English by using the Yahoo translation(http://honyaku.yahoo.co.jp/transtext) and the Excite translation( http://www.excite.co.jp/world/english/). Therefore, these sentences might include an funny expression etc.Please forgive me.

The contents of this page may be obsolete. You can see the latest content here. (Google translation from Japanese to English by machine.)

The summary of this program

This program carries out this program right before it is carried out smtp program (qmail-smtpd) of qmail and refuses the connection of the host like the origin of spam transmission of a message. It is anti-host choice type spam measure software for qmail.

This program uses algorithm to demand an email retransmission called greylisting from the judgment of a host refusing it. ( The spammer wants to transmit an email in large quantities early. Therefore, the spammer hates retransmission. As a result, the spammer does not transmit a message again. )

However, this program uses algorithm called S25R (selective SMTP refusal) because a side effect is too big only in algorithm called this greylist. And only a host like the dynamic IP address that spammers use well of greylisting intend for it.

In addition, this program refuses the connection of the origin of spam transmission of a message host by carrying out tarpit ( it delay a reply at the time of SMTP connection intentionally). ( The spammer wants to transmit an email in large quantities early. As a result, spammer hate a reply delay and the spammer cuts off connection by oneself )

This program is implemented in perl script. Because it is not a method to apply a patch to qmail and the software concerned, you can easily introduce this program.

Attention

Because the author does not assume English a native language, with "Yahoo! Translation"(http://honyaku.yahoo.co.jp/transtext) of Yahoo! japan and "excite translation"(http://www.excite.co.jp/world/) of Excite Japan, I translate Japanese into English automatically. Therefore there is the point where a sentence is unnatural. Please understand it.
Because there is not a naming sense to me, a program name and a variable name are abnormally long. Please forgive it.

When want to download it early without reading long explanation; this place

The explanation of the function

The list of the function

Whitelist of the IP address base
Whitelist of the host name base (possible the appointment in the regular expression)
Blacklist of the IP address base
Blacklist of the host name base (possible the appointment in the regular expression)
Blacklist of the HELO host name base (possible the appointment in the regular expression)
The simple inspection of the HELO host name (an FQDN check, a domain simple check with the connection host name)
S25R
tarpit(A reply delay)
greylisting
Connection refusal using DNSBL

The explanation of the function and the merit

There is a switch changing whether you invalidate whether you validate the function every function in this program.

Whitelist

The connection from the host whom you defined here is delivered unconditionally by qmail-smtpd (it does not refuse it). There are the thing of the IP address base and the thing of the host name base. The thing of the host name base can use regular expression.

This program prevents that these hosts fit in into the trap of greylist by registering regular mail server falling under a condition of regular mail server and S25R with host name assigned by the provider with this white list.

Blacklist

This program cuts off connection unconditionally and refuses a host defined by this list. Please define spam transmission of a message hosts behaving in a way such as regular mail server in this list. There are the thing of the IP address base and the thing of the host name base. The thing of the host name base can use regular expression.

You can exclude the email transmission of a message of a host transmitting a message from first time connection again every 1day from two minutes by registering an origin of spam transmission of a message host with a blacklist. (The registration that is worked by hand)

tarpit(reply delay)

This program delays the reply of the SMTP greeting at the time of SMTP connection a spam transmission of a message host intentionally. The host transmitting spam hates the delay of the reply to transmit an email in large quantities. Therefore, the host transmitting spam cuts off connection.

There is a possibility that a spam transmission former host who transmits in every a day at two minutes can be excluded by the SMTP response delay. (The time of the blacklist management might decrease. )
There is a possibility to be able to relieve even if it doesn't add it to whitelist if the response delay can be waited when there is a right smtp server that cannot be retransmitted. (Might the decrease of the time of the whitelist management and this operation are not defaults. )

S25R(Selective SMTP Rejection)

The host who transmits spam : by assumption of dynamic IP address. The host who has the host name that seems to be dynamic Internet Protocol address and the host who doesn't have it are distributed. The connection is permitted to the host who doesn't have the host name that seems to be dynamic Internet Protocol address. The host (The host who cannot do a reverse-haul also includes it) who has the host name that seems to be dynamic Internet Protocol address is left to the following processing (It is greylist･tarpit here).

Please refer to here for details of S25R.

The number of objects of the greylist processing with a large side effect is decreased.

Connection refusal using DNSBL

The connection from the host registered in DNSBL is refused.

DNSBL is a data base that collected Internet Protocol addresses that transmit spam managed in the volunteer and the enterprise, etc.

It is effective for the spam transmission host who evades tarpit and greylisting.

This function is invalid in the state of default. Please keep effective when using it.

greylisting

This program responds instead of qmail when it connects, and the demand of sending again is done for the host (dummy response). Afterwards, the connection of the host who has sent it again is permitted and it ..qmail-smtp.. cooperates. However, the host who has sent it again at once refuses. (The connection information (Internet Protocol address and connect time) is managed with greylist. )

Please refer to here for details of greylist.

The address whitelist is not mounted in this program.
In this program, the function to refuse the connection is mounted when having failed in sending again even by one degree (Sent it again at once). (To deal with the problem that sending again is permitted because the spam transmission host tries retransmitting many times at short intervals, and no permission of sending again time from the connection first time was exceeded. )

Because the spammer gives priority to the transmission of mail to other hosts, it doesn't often send it again. Therefore, spam might be able to be prevented by this.

Simple examination of HELO

The host name of which connected host introduces himself by the HELO command is examined. It executes it to seeing the dummy's responding by greylisting. (This function is not effective in the host from whom connected permission by execution. greylist was approved only when connected host's information is registered in greylist. )

HELO host name blacklist

The connection of the host who introduces himself the HELO host name defined in here is refused cutting it. In addition, the registration of the host's greylist is canceled (deletion). The regular expression can be used to register the host name.
Moreover, the host who refuses by specifying Internet Protocol address by the regular expression at the same time can be limited (ver1.1 addition).

When a spam transmission former host introduces himself the HELO host name with the feature, it is effective.

FQDN check

Whether the host name that introduces oneself by the HELO command is FQDN is checked. (Mount on the condition of the above-mentioned "HELO host name blacklist". ) The host's connection is refused cutting it when it is not FQDN, and, in addition, the registration of greylist is canceled (deletion).

It is effective for the host who introduces himself HELO host name not correct.(The spam transmission host occasionally introduces himself the HELO host name that is not FQDN. "localhost" and Computer name of Windows etc. )

Domain simplicity check with name of connected host

It checks whether the domain of the host name that introduces oneself by the HELO command is corresponding to the domain of an actual reverse-haul host name. The connection with the host is refused cutting it when not agreeing, and the registration of greylist is canceled (deletion).

It is effective for the host who introduces himself HELO host name not correct.

Connected IP address check (ver1.1 addition)

It refuses cutting the connection with the host if differing compared with connected former Internet Protocol address when the host name that introduces oneself by the HELO command was Internet Protocol address, and the registration of greylist is canceled (deletion).

It is effective for the host who introduces himself HELO host name not correct.

The order of processing

The order of processing (logic) is shown.

main logic

order no.	function	Content of processing
1	greylist	The record of the host who doesn't have the access for a while is deleted from greylist.
2		Connected host is a relay client. -> accept
3		Connected host is registered in the host name base whitelist. -> accept
4		Connected host is registered in the IP address base whitelist. -> accept
5	S25R	Connected host's host name doesn't correspond to the condition of S25R. -> accept
6		Connected host is registered in the host name base blacklist. -> Demand of sending again (reject)
7		Connected host is registered in the IP address base blacklist. -> Demand of sending again (reject)
8	greylist	Connection host is not registered with greylist->8-1 Connection host is registered->9
8-1	tarpitting	tarpitting(As for the connection host, it is kept the number of seconds that you appointed waiting) 　　(The connection host cannot wait.->The connection host cuts off connection by oneself)
8-2	greylist	This proglam register a connection host with greylist
8-3	greylist	This program starts the SMTP reply of the dummy
8-4		The host name that a connection host gave in HELO is registered with a blacklist or there is not HELO host name in FQDN.->This program deletes a connection host from greylist and does a retransmission demand(deny)
8-5		The host name that a connection host gave in HELO is an IP address and is different from an origin of real connection IP address.->This program deletes a connection host from greylist and does a retransmission demand(deny)
8-6		The domain part of the host name that a connection host gave in HELO is different from the domain part of the reverse pull host name->This program deletes a connection host from greylist and does a retransmission demand(deny)
8-7	greylist	->This program demands a retransmission from a connection host(deny)
9	greylist	Connection host is in condition that he "is too near from first time connection"(order number 10) than the number of times that you appointed ->This program demands a retransmission from a connection host(deny)
10	greylist	Connection host is in condition that he "is too near from first time connection" ->This program demands a retransmission from a connection host(deny)
11	greylist	This program updates the access time of a connection host registered with greylist
12	greylist	->accept

installation procedure

This program is composed of a single perl script. You can easily install it.

The installation procedure is shown as follows.

The archive is downloaded here.
The downloaded archive file is developed.

# tar zxvf s25rtarpitgreylist_1.5.0.tar.gz

It moves to the progressing directory.

# cd s25rtarpitgreylist_1.5.0

A set value is changed. (Even if you do not change a set value, this program can work. When you want to tune it up, please change it.)

# vi s25rtarpitgreylist.pl

To 6. when you install it for the first time. To 7. when installing by hand power or updating it.
The setup script is executed. ( script file copies to /var/qmai/bin/ , and list file and setting file copies /var/qmai/s25rtarpitgreylist/)

# ./setup.sh

To 8.

Please execute the following procedures when installing by hand power or updating it. Please skip an unnecessary part.

# cp s25rtarpitgreylist.pl /var/qmail/bin 
# chmod 755 /var/qmail/bin/s25rtarpitgreylist.pl 
# mkdir /var/qmail/s25rtarpitgreylist 
# mkdir /var/qmail/s25rtarpitgreylist/tmp 
# cp s25rlist_hostname /var/qmail/s25rtarpitgreylist 
# cp whitelist_ipaddr /var/qmail/s25rtarpitgreylist 
# cp whitelist_hostname /var/qmail/s25rtarpitgreylist 
# cp blacklist_ipaddr /var/qmail/s25rtarpitgreylist 
# cp blacklist_hostname /var/qmail/s25rtarpitgreylist 
# cp blacklist_helohost /var/qmail/s25rtarpitgreylist 
# cp greylist /var/qmail/s25rtarpitgreylist 
# cp dnsbllist /var/qmail/s25rtarpitgreylist 
# touch /var/qmail/s25rtarpitgreylist/whitelist 
# touch /var/qmail/s25rtarpitgreylist/blacklist 
# touch /var/qmail/s25rtarpitgreylist/lastdeletetime 
# chown -R qmaild /var/qmail/s25rtarpitgreylist

The setting of the authority is omitted. :-)

To 8.

A set value is checked. S25rtarpitgreylist.pl is executed without the execution argument. If the output values are all "[OK]", it is passing.

# /var/qmail/bin/s25rtarpitgreylist.pl 
==== run check mode ==== 
Dir_Data:/var/qmail/s25rtarpitgreylist [ OK ] 
Dir_Tmp:/var/qmail/s25rtarpitgreylist/tmp [ OK ] 
Path_Whitelist:/var/qmail/s25rtarpitgreylist/whitelist [ OK ] 
Path_Whitelist_Ipaddr:/var/qmail/s25rtarpitgreylist/whitelist_ipaddr [ OK ] 
Path_Whitelist_Hostname:/var/qmail/s25rtarpitgreylist/whitelist_hostname [ OK ] 
Path_Blacklist:/var/qmail/s25rtarpitgreylist/blacklist [ OK ] 
Path_Blacklist_Ipaddr:/var/qmail/s25rtarpitgreylist/blacklist_ipaddr [ OK ] 
Path_Blacklist_Hostname:/var/qmail/s25rtarpitgreylist/blacklist_hostname [ OK ] 
Path_Greylist:/var/qmail/s25rtarpitgreylist/greylist [ OK ] 
Path_S25rlist_Hostname:/var/qmail/s25rtarpitgreylist/s25rlist_hostname [ OK ] 
Path_Blacklist_Helohost:/var/qmail/s25rtarpitgreylist/blacklist_helohost [ OK ] 
---- check patternfile ----

The start script of qmail is corrected.(This program is executed before qmail-smtpd is executed, and The name resolution of connected host can be done. )

# vi /etc/init.d/qmail
       :(Omission)
# qmail smtpd start
/usr/local/bin/tcpserver -vhR -u ${qmaild_uid} -g ${nofiles_gid} \
-x /home/vpopmail/etc/tcp.smtp.cdb 0 smtp \
/var/qmail/bin/s25rtarpitgreylist.pl \
/var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd &
       :(Omission)

All the connections are done when the name resolution cannot be done and greylisting is done.
s25rtarpitgreylist.pl is filled in just before qmail-smtpd. (The argument of s25rtarpitgreylist.pl is used and qmail-smtpd is started. )

File composition

/var/qmail/
         + bin/
         |   + s25rtarpitgreylist.pl     Execution script (main body)
         + s25rtarpitgreylist/
              + s25rlist_hostname            List of S25R (list of host name that seems to be dynamic IP address)
              + whitelist                    Whitelist of IP address base
              + whitelist_ipaddr             Whitelist of IP address base(Regular expression specification)
              + whitelist_hostname           Whitelist of hostname base(Regular expression specification)
              + blacklist                    Blacklist of IP address base
              + blacklist_ipaddr             Blacklist of IP address base(Regular expression specification)
              + blacklist_hostname           Blacklist of hostname base(Regular expression specification)
              + blacklist_helohost           Blacklist of HELO hostname (Regular expression specification)
              + greylist                     greylist (Please do not edit this file.)
              + dnsbllist                    List of dnsbl host name used
				

Explanation of set item

There is a lot of setting items. However, this program is right and works even if you do not change the value of these setting items from an initial value when you do not change installation of qmail from a default.

It is still making it. Please wait patiently.

Attention

By the application of this patch, it cannot exclude 100% spam. Of course I do not guarantee it.
Even if any kind of damage occurred by the application of this patch, I do not take responsibility. Please use it by a self-responsibility.

download

s25rtarpitgreylist version 1.5.0 DOWNLOAD (filename:s25rtarpitgreylist_1.5.0.tar.gz)

Others

If have it of something; to the following e-mail address. (there is a possibility that I do not arrive for home server.) ) which 100% may not reply to for the pressure (I please do not say messily even if they do not do it)webmaster@chidipy.jpn.com

come back