« Links Roundup | Main | Links Roundup »

September 20, 2005

new release 20050920

This release is currently in production on my servers, under sendmail
8.13.4.

Download it here:

http://enemieslist.com/downloads/release.m4.tgz
http://enemieslist.com/downloads/release-20050920.m4.tgz

Highlights:

SYSERR, WILL ROBINSON!

NOTE: PLEASE READ IF YOU ARE USING THE _EL_CONFIG / sendmail_rules_config
DISTRIBUTION. The changes this go-round are NOT backwards compatible with
that version, and yes, it's on purpose. :-)

- Some big changes, to make room for the "canonical", or "default" generic
rDNS check ruleset, which excludes patterns otherwise matched by a list
of a few dozen "left anchored pattern substrings" and those matched by a
similar list of "right anchored substrings" used by access.db. In short,
it's a /lot/ smaller, somewhat faster, and will make life easier for me
as I won't have to add records for hosts that already match the left
anchor strings (~60% of the total). Plus you get the added benefit of a
full set of edge cases that don't otherwise match the common cases.

NOTE: to use the new rules, change your .mc lines that read

define(`_EL_CONFIG', `1')
and
HACK(`sendmail_rules_config')dnl

to

define(`_EL_POLICY', `1')
and
HACK(`sendmail_rules')dnl

To continue to use the old "sendmail_rules_config" version, YOU MUST
ENABLE the m4 switch "_EL_CONFIG_WORKAROUND". YOU MUST ALSO ENABLE
the m4 switch _EL_POLICY, which if left disabled will utterly gut the
policy-based framework of the rules.

ALL previous instances of _EL_CONFIG have been changed to use
_EL_POLICY as fits the proper sense of what the switch actually does -
check for the presence of the EL_Policy file. So, technically, I could
have left the one _EL_CONFIG switch usage where it would check for
sendmail_rules_config and perform as it used to, but I wanted to make
sure nobody left it in along with the new HACK, thereby causing the
tests to be run /twice/, once the long way, and once more the shorter
way.

- added check for common Hotmail 419 scammers; works by way of a set of
common substrings found in hotmail account names, like "lottery" and
"winner"; to enable, use:

define(`_EL_HOTMAIL_419', `1')
m4 error: confEL_Hotmail419AFF
policy token: HOTM419

- added check similar to the X-SpamStatus check in last release, this
time for X-SpamDetect headers, which also feature a score. To enable,
use:

HACK(`EL_Check_Header_XSpamDetect')dnl
and define a ceiling for TRUSTSD (e.g., "TRUSTSD:10") in your policy
file.

- new check, allows refusal of "repaired" virus mail from rr.com et al.
m4 switch: just include the file
m4 error: confEL_ErrXVirusScanResult
error token: REPAIRED

To use,

HACK(`EL_Check_Header_XVirusScanResult')dnl

- expanded set of Geographic checks to include a variety of new formats.

- added check for bogus quoted sender.
m4 switch: _EL_BOGUS_QUOTED_SENDER
m4 error: confEL_ErrBogusQuotedSender
error token: BOGUSQS

To use,

define(`_EL_BOGUS_QUOTED_SENDER', `1')dnl

Posted by schampeo at September 20, 2005 6:34 PM

Search Blog

Browse

• Archives
• Categories
  • antispam in practice
  • consortiae
  • gripes
  • history
  • legal
  • news
  • privacy
  • project
  • security
  • spammers
  • studies and statistics
  • tactics
  • tools
  • viruses and worms

Feeds

• RSS
• ATOM

• Classifications
• News
• Request Eval