# This is in a separate file to make server.cf easier to maintain under RCS, # since this changes frequently and server.cf shouldn't. # aargh. mynames="mvsb.utcs.utoronto.ca|utcc.utoronto.ca|gpu.utcc.utoronto.ca" # bad hack badnumdoms1="microsoft.com|compuserve.com|prodigy.(com|net)|mci2000.com|netcom.com|netcom.net|bigfoot.com|aol.com|flash.net|juno.com|bwave.com|pathway.net|caribnet.net|ping.de|usa.net|.*it|hotmail.com|helpingyou.com|lowcomissions.com|wtco.net|mindspring.com|kivex.com|ais.net|ix.netcom.com|planet.net|utu.fi|bullseye.com|jagunet.com|nutecnet.com.br|cot.net|sion.com|freemail.nl|.*snni.com|nowhere.net|CABLEGUY.+|bob97.+|aki.com|.*centralnet.ch|.*super.net|cris.com|.*uu.net|tm.net.my|t-1net.com|success.com|ruff.com|pacbell.net|msn.com|lconn.net|totalworld.com|.*arcadis.be|kingsley.co.za|eye-in-the-sky.com|att.net|mystery.com|travel|onramp.net|aa.net|bellsouth.net|wco.com|aztec.co.za|freehold.org|wfn.net|worldnet.att.net|wwisp.com|ilc.or.jp|online-la.com|ciai.net|cece.es" badnumdoms2="primenet.com|sunn.com|neuronet.co.uk|ienet.com|xnet.com|mcimail.com|notax.com|pbi.net|delphi.com|rt66.com|tm.net|uunet.ca|cpr.com|ici.net|exo.com|cyberbundle.net|cyberquest.com|htnet.net|zvision.com|.*internext.com|compulink.gr|cmc.net|magna.com.au|rocketmail.(net|com)|alice-compusystems.com|telepath.com|lowdown.com|kconline.com|adsnet.com|nac.net|vaxxine.com|pensacola.com|delfi.com|sky.fr|c-corp.net|polarnet.com|iway.fr|demon.co.uk|inreach.com|alaska.net|.*sgi.com|accessone.com|way.com|gte.net|netaxis.com|ican.net|mtinter.net|bji.net|home.com|master.com|mci.net|mailexcite.com|sanet.ge" badnumdoms="$badnumdoms1|$badnumdoms2" bad_username (key, addr) { local tmp tmp=$(smtp_useratdomain "$addr") sift "$tmp" in (.+)@($badnumdoms) case "\1" in *[a-zA-Z._-]*) ;; *) return 0;; esac ;; # mutter TSF\.MARKETING@.+ return 0;; MARKETING\.NET@.+ return 0;; GATE\.COM@.+ return 0;; SuperStealth\.OMC@.+ return 0;; TSF@.*watson.ibm.com return 0;; House\.of\.the\.Red\.Light@.+ return 0;; Wealth\.Potential@.+ return 0;; lose\.weight\.today@.+ return 0;; ad\.for\.weight\.loss@.+ return 0;; money-recipe\.ad@.+ return 0;; HT-NET\.Fax\.Service@.+ return 0;; # this one might get smart someday islandofoahu\.land@.+ return 0;; Selective\.Marketing@.+ return 0;; continental\.land@.+ return 0;; Continental\.unk@.+ return 0;; windowsandoffice95@.+ return 0;; important\.news@.+ return 0;; e-strip-a-gram@.+ return 0;; time\.is\.slipping\.away@.+ return 0;; time\.to\.lose\.that\.extra\.weight@.+ return 0;; high\.end\.software@.+ return 0;; a\.friend@.+ return 0;; damex\.research@.+ return 0;; # mutter. changeyourlife@.+ return 0;; brgon@sllar.* return 0;; # sigh. virginia\.jones@(apinet.fr) return 0;; # this appears to be a new wave of spammers. opsys\.net@.+ return 0;; gli\.com@.+ return 0;; fdi\.net@.+ return 0;; # when in doubt, get a bigger club # it's nice to see people be consistent in their random userids. (xlry16wzjux|zxj7lry16zx|xlr16wtrxz8|xlr16qxmut8|vxlr16wrux7)@.+ return 0;; greatopportunity@.+ return 0;; (.+)@(golfweb.com|golfnet.com|gi.net|golf.net) case "\1" in golfer*) return 0;; golf[0-9]*) return 0;; esac;; (.+)@.*caspertown.com case "\1" in [a-z][a-z]*[0-9]*[a-z][a-z][a-z]) return 0;; esac;; (.+)@juno.com case "\1" in [a-z][a-z][0-9]*[0-9]*[a-z][a-z]) return 0;; [a-z][a-z]*[0-9][0-9][0-9][0-9]*) return 0;; [a-z][a-z][a-z][0-9]*[a-z]*[0-9]) return 0;; [a-z][a-z]*[a-z][0-9][0-9][0-9]) return 0;; [a-z][a-z]*[0-9][0-9]*[0-9]) return 0;; [a-z][0-9]*[0-9][0-9][0-9]) return 0;; # sigh. remove[0-9]*) return 0;; # juno postmaster says no account starts with a # number. Yay. [0-9]*) return 0;; esac;; (.+)@royf.netc.net case "\1" in list[0-9]) return 0;; esac;; (.+)@you.com case "\1" in nullsender[0-9]*) return 0;; esac;; # sigh (.+)@prodigy.net case "\1" in ANP[0-9][0-9][0-9]) return 0;; esac;; (.+)@hotmail.com case "\1" in freemoney*) return 0;; jann[0-9][0-9][0-9]) return 0;; susanthomas[0-9]*) return 0;; freedom[0-9]*) return 0;; annharris[0-9]*) return 0;; *\$*) return 0;; esac;; (.+)@aol.com case "\1" in livelove[0-9][0-9][0-9]) return 0;; magicmoney[0-9][0-9][0-9]) return 0;; jean[0-9][0-9][0-9]) return 0;; aliveinlove*) return 0;; findoutfirst*) return 0;; meetwomen*) return 0;; [Tt]bird_blaster*) return 0;; lover4u*) return 0;; powerturbo[0-9]) return 0;; addalover*) return 0;; moredates*) return 0;; # the maximum length of AOL usernames is # apparently 10 characters. ???????????*) return 0;; esac;; (.+)@msn.com case "\1" in [a-z][a-z][a-z][0-9][0-9]) return 0;; esac;; # Handle people that we don't accept mail from except when it comes # from their SMTP server. (.+)@(sprynet.com|auracom.com|aol.com) if bad_helosrc "\2" $key; then badusererror=badsource return 0; fi ;; # maybe we should take usa.net addresses only from usa.net # machines? (.+)@usa.net case "\1" in o[A-Z]o) return 0;; liveyourdream*) return 0;; actondreams*) return 0;; dreamsworthliving*) return 0;; udeservelove*) return 0;; loveinyourlife*) return 0;; loveinlife*) return 0;; rdenterpris*) return 0;; dreamlove*) return 0;; beautyfulgirls*) return 0;; meetwomen*) return 0;; gogetlove*) return 0;; beautylover*) return 0;; gorgeousgirls*) return 0;; saveenviron[0-9][0-9][0-9]) return 0;; # to hell with it. I'll just slamdunk this # general spammer pattern. *[a-z][a-z][0-9][0-9][0-9]) return 0;; esac;; (.+)@compuserve.com case "\1" in [A-Z]*[0-9]*[A-Z]) return 0;; [a-zA-Z][a-zA-Z][0-9]*[a-z][0-9]) return 0;; [a-z][0-9]??????[A-Z]) return 0;; esac;; (.+)@intelli-net.com case "\1" in opp[0-9]*) return 0;; esac;; (.+)@uu.net case "\1" in --*) return 0;; esac;; biz_opp@.*aracnet.net return 0;; # too many. (feesii|wiroi|ziy|cefa|bou|guewea|fuesaa)@inreach.com return 0;; # growl. b1iilz23@.*sympatico.ca return 0;; # admire the persistence of ix.netcom.com spammers. (.+)@ix.netcom.com case "\1" in *69|*69[Xx]) return 0;; Victoria) return 0;; esac;; zx325s7xv@.*(aimnet.com|li.net|naplesnet.com) return 0;; # precautions. # same person here: (hehehehehehehe|mguava)@usa.net return 0;; sales@.*dyn.ml.org return 0;; znoj@.*cyberatl.net return 0;; # sigh. debbie\.byrd@.*(skylink.net|gis.net|netmagic.net) return 0;; # grrrr empower@(one.net|.*uu.net|.*greenapple.com|.*navicom.com|murlin.com) return 0;; # i hate wildcard MX's .+@.+\.asianet\.net return 0;; # sigh. patrickwc@(li.net|.*micro-net.com|.*pacbell.net|compstarplus.com) return 0;; # idirect.com, are you home? busopp@.*idirect.com return 0;; # Bite me. raage@.*idirect.com return 0;; # mack1.wlu.ca doesn't exist, but people attempt to send UUCP mail # there via utcsri!utgpu!utugw!mack1.wlu.ca!lane6930 (.+)@(mack1|machl|macwi|machi).wlu.ca return 0;; # A spammer, routing through bad places. Alas this might get someone # good, but to heck with it. # remove this in a bit. (danielle-cindy|cindy-linda|conchita|shelly-rebecca|lorettax|lolitax|maria-jodi|savannah-x|sabrina69x|candy69x|Lynnette69|cindi69x)@.+ return 0;; Dorinda@.*(iw.net|ipns.com) return 0;; Lorraine@.*cynet.net return 0;; # hmm. Popular lately. bambi@.+(cz|sk) return 0;; webpromo@.+(es|it) return 0;; (promoweb|sarah69|hotbabe69|nataliex)@.*(ameritech.net) return 0;; # precautions goherenowplease@.+ return 0;; earthsmartcd@.+ return 0;; megamoneymakers@.+ return 0;; winker&associates@.+ return 0;; # boy, people who think they're being creative... success@extravaganza.* return 0;; # Poor guy. (.+)@live.net case "\1" in *[Tt][Aa][Rr][Oo][Tt]*) return 0;; esac;; # snarl # bt.net, get off your ASS. .+@dpinc.ml.org case "$smtp_heloname+$key" in *.[Bb][Tt].[Nn][Ee][Tt]+from) return 0;; *.powernet.co.uk+from) return 0;; *.bt.co.uk+from) return 0;; esac;; # grr. But we HAVE the technology. postmaster@concentric.net case "$smtp_heloname+$key" in .[Cc][Oo][Nn][Cc][Ee][Nn][Tt][Rr][Ii][Cc].[Nn][Ee][Tt]+*) ;; *+to) ;; .[Cc][Rr][Ii][Ss].[Cc][Oo][Mm]+*) ;; *) return 0;; esac;; (.+)@concentric.net case "$smtp_heloname+$key" in *.worldnet.att.net+from) return 0;; esac;; (.+)@world.std.com case "$smtp_heloname+$key" in *.[Ss][Tt][Dd].[Cc][Oo][Mm]+from) ;; *+to) ;; *) badusererror=badsource; return 0;; esac;; # sigh. replyXXX@(.+) case "\1" in [0-9]*[0-9]*[0-9]*.???) return 0;; esac;; (.+)@(.+) case "\1" in [a-z][a-z][0-9][0-9][0-9][a-z][0-9][a-z][a-z]) return 0;; # sigh xlr16*8) return 0;; *xlr16*[a-z][0-9]) return 0;; FREE.MONEY-*) return 0;; # when in doubt, get a bigger hammer *.C[O0]M|*.NET) return 0;; # or a REALLY big one \"*\") return 0;; esac;; # aargh. (.+)@($mynames) case "$smtp_heloname+$key" in SWBELL.net+from) return 0;; esac;; tfis # GRR. # SMTP from worldnet has to be from a worldnet user. # Similarly for a few other places. if [ "$key" = "from" ]; then sift "$smtp_heloname" in .*(worldnet.att.net|firstnethou.com|rema.co.at|calvacom.fr|iram.fr|singnet.com.sg|connectinc.com|nsis.com|atcon.com|iway.fr|recif.fr|emirates.net.ae|apinet.fr|snerpa.is) bad_isfrom "$tmp" "\1" || { badusererror=badsource; return 0 } ;; danpost.uni-c.dk bad_isfrom "$tmp" "uni-c.dk" || { badusererror=badsource; return 0 } ;; pop1-wcom.uu.net bad_isfrom "$tmp" "uu.net" || { badusererror=badsource; return 0 } ;; tfis fi return 1 } # This is for expensive (ie, DNS) checks. bad_userexp (key, addr) { local tmp tmp=$(smtp_useratdomain "$addr") sift "$tmp" in # big hammer. BIG hammer. # this is more than a little bit obscure. # don't worry, this works (doesn't lose mail) if there is no # $MAILBIN/cks/nscheck. .+@(.+) if $MAILBIN/cks/nscheck "\1" 2>/dev/null; then echo "554-Nameservice by a blocked source for \1" badusererror=blockeddns # synthetic error return 0; fi;; tfis return 1 } # Is address $1 from domains $2? bad_isfrom (addr, doms) { sift "$addr" in (.+)@.*($doms) return 0;; tfis return 1 } # is the HELO from a domain or subdomain $1, if this is a MAIL FROM ($2)? # returns 0 if *not*. bad_helosrc (dom, key) { case "$key" in to) return 1;; esac sift "$smtp_heloname" in .*($dom) return 1;; tfis return 0; }