Milter-greylist

Sergey Kogan a �crit :
> Hi!
> 
> I've been experimenting with SPF policy check to drive away spf-aware 
> spammers who register bogus 2-nd/3-rd level domains and activate +all 
> SPF policy on them. The idea is simple:
> 
> - Check incoming IP address against domain SPF policy. Fail if this IP 
> is not permitted.
> - \u0421heck some bogus IP-address against the same domain SPF policy. Fail 
> if this IP is permitted.
> 

This is already implemented.
Check for "spf self".

> I was a bit puzziled with milter-greylist configuration engine, so I 
> hard-coded that bogus IP-address into spf.c.
> 
> After about a month with a modified spf check it seems that nothing is 
> broken, and I have no more spam from domains with too permissive SPF policy.
> 
> Do you consider to implement something like that (with a configurable 
> IP-address) into mainline ?
> 
> My modifications to spf.c follows:
> 
> ===CUT==
> int spf_check(ad, as, ap, priv)
>          acl_data_t *ad;
>          acl_stage_t as;
>          struct acl_param *ap;
>          struct mlfi_priv *priv;
> {
>          int result=spf_check_intl(ad,as,ap,priv);
>          if(result==0) return(result);
> 
>          struct mlfi_priv priv_copy,*priv2;
>          memcpy(&priv_copy,priv,sizeof(priv_copy));
>          priv2=&priv_copy;
>          struct sockaddr *sa = SA(&priv2->priv_addr);
>          inet_aton("88.14.22.16",SADDR4(sa));
>          if(spf_check_intl(ad,as,ap,priv2))
>              {
>              // Bogus SPF record
>              mg_log(LOG_WARNING, "%s: bogus SPF record: lists 
> 88.14.22.16",priv->priv_queueid);
>              return(0);
>              }
>          return result;
> }
> #define spf_check spf_check_intl
> 
> 
> ------------------------------------
> 
> Yahoo! Groups Links
> 
> 
> 
> 


-- 
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.