Why not adopt me?
NAME
Qpsmtpd::Plugin::Quarantine - filter outbound email to prevent blacklisting
SYNOPSIS
Qpsmtpd quarantine plugin:
use Qpsmtpd::Plugin::Quarantine;
The quarantine.cgi web page:
use Qpsmtpd::Plugin::Quarantine::CGI;
main();
In crontab or nightly:
perl -MQpsmtpd::Plugin::Quarantine::Batch -e 'cronjob()'
In crontab (every five minutes?):
perl -MQpsmtpd::Plugin::Quarantine::Batch -e 'sendqueued()'
From the command line:
perl -MQpsmtpd::Plugin::Quarantine::Batch -e 'mailq()'
DESCRIPTION
Qpsmtpd::Plugin::Quarantine implements an outbound mail filter. A substantial number of internet sites will blacklist senders if they send too much spam. Most will do this without providing enough feedback for you (the sender) to figure out where the spam is coming from or why you were blacklisted.
I run ISPs and I've been blacklisted by AOL. I've been blacklisted by Comcast. Why? Sometimes its because someone is exploting an insecure formmail CGI on my system and sometimes its simply because I allow users to forward email and when they do, they end up forwarding spam.
Qpsmtpd::Plugin::Quarantine understands that sometimes the sender is the victim and sometimes not. The normal situation is that Qpsmtpd::Plugin::Quarantine will bounce things that it thinks are spammy back to the sender with a URL to allow the sender to push the message onwards. However if the particular recipient is on an override list or is very popular (maybe because someone is forwarding their mail to the recipient or maybe they're on a mailing list) then instead of bouncing to the sender, it will send a note to the recipient letting them know there is a message waiting for them.
Qpsmtpd::Plugin::Quarantine will only send bounces or notifications every so often (configurable). Both senders and recipients have the option (via the website) to have their mail silently discarded so that they don't get bothered again.
Qpsmtpd::Plugin::Quarantine uses OOPS to store it's persistent data.
INSTALATION
Qpsmtpd::Plugin::Quarantine is a Qpsmtpd plugin and a web page and a shell command and cron jobs. Installation will require some work.
Start with the standard perl Makefile.PL
and make install
.
Prerequisites
Install Qpsmtpd. I reccomend using it with postfix. Qpsmtpd should be the main SMTP listener. It will become your smarthost for your other mail servers. You can relegate postfix to just handling local mail by adding inet_interfaces = 127.0.0.1
to it's main.cf
.
Install mysql, PostgreSQL, or DBD::SQLite2. Provide the DBI_DSN in either /etc/default/qpsmtpd-quarantine.pl or the Qpsmtpd plugins file (below).
Qpsmtpd plugin
Installing the Qpsmtpd plugin is easy. Create a file, /usr/share/qpsmtpd/plugins/quarantine
(or wherever they are) with the following contents:
use Qpsmtpd::Plugin::Quarantine;
That's it.
In /etc/qpsmtpd/plugins
, create an entry:
#
# quarantine
#
# All of these may be set in the /etc/default/qpsmtpd-quarantine.pl. The defaults
# for these may be found in the Qpsmtpd::Plugin::Quarantine::Common module. More
# things to set can be found there too.
#
# dbi_dsn database DSN (eg: DBI:mysql:database=quarantine;host=localhost)
# username database username
# password database password
# baseurl URL of quarantine.cgi
# templates templates directory for email & web
# send_from Email address notifications are sent from
# renotify_recipient_days How often should recipients be re-notified of mail waiting (days)
# renotify_sender_ip On a per-sending-IP basis, how often should senders be renotified (days)
# notify_other_senders Should non-local senders be notified at all?
# notify_recipients How many messages should a recipient get before we prefer to notify
# the recipeint instead of the sender. Disable most sender
# notifications if 0.
# notify_recipient_only DB hash file of recipients we notify in preference to senders
#
quarantine
This should come before the Queue/delivery plugins like queue/postfix-queue
.
/etc/default/qpsmtpd-quarantine.pl
Create a perl file, /etc/default/qpsmtpd-quarantine.pl
to override the defaults that can be found in the first part of the Qpsmtpd::Plugin::Quarantine::Common
module.
For example:
package Foobar;
use Qpsmtpd::Plugin::Quarantine::Common qw(%base_defaults);
$base_defaults{send_from} = 'quarantine-sender@out-limit.internet-mail-service.net';
/etc/qpsmtpd/recipient.special.db (optional)
This file is a Berkeley DB HASH file that should contain the email addresses of everywhere that mail is sent on a regualar basis due to forwarding. When these addresses are used as recipients, the recipient will be notified in preference to the sender. Collect up all addresses from .forward
files, .procmailrc
and /etc/aliases
files from your sytems. Dump them into a file and turn them into a DB HASH. With postfix, this is done with the postmap hash:/etc/qpsmtpd/recipient.special
command.
/etc/qpsmtpd/sender.special.db (optional)
This file is a Berkeley DB HASH file that should contain the email addresses of senders that trigger spam checking. Unless the config parameter check_all_recipients
is set, we won't spam-check all messsages. This database is the set of senders which trigger a forced spam check.
/etc/qpsmtpd/filter_domains
This file lists the domains (one per line) that we want to avoid sending spam to. This should include AOL (aol.com aim.com cs.com netscape.net) and Comcast (comcast.com comcast.net) at a bare minimum. This file is required. Do not include the entire Internet (.com .net .org) as recipients need to provide a an address that isn't in the list in order to get their mail forwarded.
/etc/qpsmtpd/our_domains
This file lists the domains that we receive mail as. Depending on other configuration options, we'll only bounce back to senders that are in this list.
/etc/qpsmtpd/our_networks
This file lists the IP addresses that make up our network. Most standard notations are recognized (eg: 216.240.40.0/25
). Depending on other configuration options, we'll only bounce back to senders that are in this list.
/etc/qpsmtpd/ignore_networks
Qpsmtpd::Plugin::Quarantine has a notion of what's an internal IP address (our_networks) and what is an external IP address. This file lists IP addresses that are neither. The list starts out with the non-routables.
quarantine.cgi
Create a CGI somewhere. It's a very simple program:
use Qpsmtpd::Plugin::Quarantine::CGI;
main();
The URL for the CGI needs to be configured as baseurl
in your choice of config files.
Alternatively, you can set this up using mod_perl. Apache::Registry provides what is needed to hook it in. The CGI remains the same.
/etc/qpsmtpd/quarantine-templates
Copy the example-templates
directory to /etc/qpsmtpd/quarantine-templates
. Modify as you like. All should work as-is.
/etc/qpsmtpd/quarantine.access
This is a htpasswd-style password file that controls access to the admin web page. Create it with:
htpasswd -c /etc/qpsmtpd/quarantine.access adminuser
Cron jobs
Install two cron jobs:
7 7 * * * perl -MQpsmtpd::Plugin::Quarantine::Batch -e cronjob
*/10 * * * * perl -MQpsmtpd::Plugin::Quarantine::Batch -e sendqueued
Starting it up.
To fire it up, send a spammy message to a user at one of the filtered domains. The main database will auto-initialize.
ADMINISTRATION
There is a admin web page for looking at senders and recipients. The URL is baseurl
/admin. Cookies must be enabled.
Qpsmtpd::Plugin::Quarantine has an internal mail queue for when the system MTA is not working. The following command will display what's in it. Messages in quarantine are not in the mail queue.
perl -MQpsmtpd::Plugin::Quarantine::Batch -e mailq
DEVELOPMENT STATUS
This is used in production by the author and seems stable. It is ready for others to use too.
THANK THE AUTHOR
You can thank the author of this code by giving the author a chance to sell you services. Either perl programming or Internet-related services like Transit T1s, T3s, OC3s, etc. Additionally, the author is considering offering this outgoing spam filter as a service.
Perl programming rates vary from $50/hr (working at home on something open source that the author wanted to build anyway) to $500/hr (working on-site in a different time zone on something proprietary).
The author runs multiple ISPs and has acess to very good pricing for T1s, T3s, OC3s, wholesale DSL, and wholesale dialup. Please send requests for quotes to: quarantine-rfq@trust.idiom.com.
LICENSE
This software is available with and without the GPL: please write if you need a non-GPL license. All submissions of patches must come with a copyright grant so that David Sharnoff remains able to change the license at will.
Copyright(C) 2006 David Muir Sharnoff <muir@idiom.com>
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.