Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/0321213335/index/costales_inde… ·...
Transcript of Index [ptgmedia.pearsoncmg.com]ptgmedia.pearsoncmg.com/images/0321213335/index/costales_inde… ·...
307
Index
$_ macro, 114${auth_authen} macro, 114, 170${auth_author} macro, 114, 170${auth_ssf} macro, 114, 170${auth_type} macro, 114, 170${cert_issuer} macro, 114, 165${cert_subject} macro, 114, 165${cipher_bits} macro, 114, 165${cipher} macro, 114, 165${client_resolve} macro, 161${daemon_name} macro, 114, 160${if_addr} macro, 114, 160${if_name} macro, 114, 160${i} macro, 170${mail_addr} macro, 114, 170${mail_host} macro, 114, 170${mail_mailer} macro, 114, 170${msg_id} macro, 193${nbadrcpts} macro, 193${rcpt_addr} macro, 114, 176${rcpt_host} macro, 114, 176${rcpt_mailer} macro, 114, 176${_} macro, 160${tls_version} macro, 114, 1652yz SMTP return code, 71, 72–73
3yz return code, 724yz SMTP code, 120, 1225yz SMTP reply code, 71, 119, 122220 SMTP success code, 12–13, 78419 baiting, 7419 fraud, 7421 SMTP error code, 122550 SMTP error, 78554 SMTP error, 13
A
<a command and web references, 27Abort item, 101Abort phase, 96Abort section, 87Aborting envelopes, 197–200Accept decision, 88Accept reply, 89–90, 92–95Advance Fee fraud, 7Advisory-oriented handler functions, 155AF_INET, 159AF_INET6, 159
Constales.book Page 307 Wednesday, January 12, 2005 10:18 AM
INDEX
308
Aliaseshosts, 49–50rebuilding database, 54, 62sendmail, 53–54
Aliases file, 62, 65Allocated memory, freeing up, 236alt.test newsgroup, 74amper program, 270amper() subroutine, 270–272, 275Apache HTTP server, 58, 65Architecture, 231–232Archiving spam, 244–246argv argument, 166, 172argv array, 167, 172Arrays
CONF type, 247of pointers to strings, 166
ArticlesDate: header, 72Lines: header, 73mandatory headers, 72–73Message-Id: header, 73posting, 70–71
Asterisk (*) special character, 33Atkinson Caller-ID standard, 6Attachments
base64-decoding, 285–286base64-encoded, 24–25binary, 24MIME (Multipurpose Internet Mail
Extensions), 24–25MIME headers, 285quoted-printable encoded, 24–25
Authentication, 170autoconf, 226, 290autoheader, 226automake, 226
B
Baby-sitting script, 215–217Background, running Milters in, 217–219
backlog argument, 127Bait machine, 11
choosing platform, 44–47compiler choice, 45–46configuring sendmail, 50–54database support, 46–47excluding non-email ports, 56–58forwarding copies of good email to,
64–65installing Milters library, 46network connections, 46posix threads, 44–45rebooting, 58–59scanning, 56–57sendmail version, 45setting up
DNS records, 47–50logging, 54–56
Bank card information theft, 7–8<base command, 31Base64 encoding
decoding, 258–265marking end of data, 261
base64decode() function, 261, 264Base64-decoding attachments, 285–286Base64-encoded data, 258Base64-encoding
attachments, 24–25Subject: headers, 17–18
base64total() subroutine, 262ba.test newsgroup, 74Bayesian filters, xv–xvi, 288–293Berkeley database, 232, 237bg() function, 217–219Binary attachments, 24Bitwise OR (|), 104BL (Blackhole List) sites, xvBlacklisting, 232Blocked senders, 232Body, 92, 176–177, 190
deleting, 191Milter replies per chunk, 94modifying, 191
Constales.book Page 308 Wednesday, January 12, 2005 10:18 AM
INDEX
309
replacing, 143–145, 191routines, 255–293
Body item, 101Body section, 87Bounce address, 5Bounce email, 245Bounce information, multiline, 124Bounce messages, 5, 167Bounce reply envelope sender address, 15Bouncing email, 16, 235Boundary, 256–258BSD method used to halt Milter, 215bsearch() C library function, 281, 292Buffers
containing replacement body, 144for incoming message, 12–13length of, 144
Bulletproof multithreaded code, 214
C
C language compiler, keeping up-to-date, 45–46C language programs main() function, 99–100Cable accounts and nonfixed IP addresses, 4Camouflaging HTML body, 18–22Certificates, 165cf variable, 181cf/cf directory, 50Chapters source code, 290char *addr; regular expression, 243Character-entity encoding, 20–21
decoding, 269–276keywords, 20–21, 270literal #, 20–21, 270web references, 22
Characterscharacter-entity encoding, 269–276converting to hexadecimal ASCII
equivalent, 277–279quoted-printable encoding, 265–269URL-encoding, 21
chdir() function, 208–209
check_mail rule set, 51check_rcpt rule set, 51check_relay rule set, 51Child, 218Chunks (of body), 255
concatenating, 187containing too many characters with high
bit set, 189–190counting number of bytes in, 187Milter replies per, 94reviewing, 186–190unsigned char* type, 187writing to disk file, 256
Cleanup section, 87cleanup() routine, 247–248, 250Clickable link, 12Close item, 101CNAME records
adding, 49–50infinite loops, 35leading to other CNAME records, 35URLs and, 35–36
Commands, case insensitive, 29Comments
breaking up words with, 18–19.forward file, 64HTML, 18–20intervening newlines, 19–20spam aliases, 63unbalanced angle brackets, 20unknown HTML keyword in angle brackets
acting like, 19URLs used as, 36–37
comments() function, 281, 284Compilers, choosing, 45–46Complex data, storing, 117Concatenating chunks, 187config_getitem() routine, 251–252config_read() routine, 248–249Configuration files
# comment character, 246cleaning spaces around strings, 247–248looking up values, 251–252
Constales.book Page 309 Wednesday, January 12, 2005 10:18 AM
INDEX
310
Configuration files continuedrereading, 220routine actually reading, 248running, 253simplest form, 246
Configurationsdynamic, 246–256static, 246
configure script, creation of, 226configure.ac template file, 226confINPUT_MAIL_FILTERS mc macro, 51confMILTER_MACROS_CONNECT mc
macro, 115confMILTER_MACROS_ENVFROM mc
macro, 115confMILTER_MACROS_ENVRCPT mc
macro, 115confMILTER_MACROS_EOM mc macro, 115confMILTER_MACROS_HELO mc macro,
115Connect item, 100Connect phase and Milter replies, 89–90Connect section, 87Connecting host
name of, 157result of lookup of name, 161
Connection-context type, 154Connection-oriented handler functions, 155Connection-oriented resources, deallocating, 155Connection-persistent information,
deallocating, 228Connections
affecting, 155behavior, 12–13cipher suite used for, 165cleanup, 200–203deferring if host cannot be looked up, 164defining context, 157disconnecting by rejecting with tempfail, 121initializing and timeout, 109keeping track of, 161listening for incoming, 126–127
logging, 161number of envelopes processed during
connection, 202–203total duration, 202–203
Milters rejecting, 89rejecting, 122reviewing, 156–161skipping checks, 159termination, 200–203
Connection-specific macros, 115Content-Transfer-Encoding: header, 25Content-Type: header, 256Continue reply, 89–94, 96cp pointer, 175, 189–190Credit card information theft, 7–8ctx context pointer, 113–114, 116–117, 121,
153, 155, 157, 166, 172, 178, 183, 194Custom-added headers, 132
D
Daemons, 58Data access routines, 113–127DATA SMTP command, 120, 190DATA phase, 133Data portion
body, 190headers, 190reviewing, 176, 182–186
Databases, support for, 46–47Date: header, 72, 131&#ddd; expressions, 272dealloc envelope() handler function, 229Deallocating connection-oriented resources,
155dealloc_connection() routine, 228dealloc_envelope() routine, 228–229deamper() routine, 274–275Debugging
default level, 125setting level, 124–126
Constales.book Page 310 Wednesday, January 12, 2005 10:18 AM
INDEX
311
decimal() subroutine, 272–275Decoding
base64 encoding, 258–265character-entity encoding, 269–276quoted-printable encoding, 265–269URL-encoding, 277–279
Default SMTP replies, 120Deferring envelopes, 245#define statement, 212delay_checks FEATURE, 51/dev/null file, 53, 65, 218df queue file, truncating, 144Dial-up accounts and nonfixed IP addresses, 4Dictionaries, 288–293dig program, 48Directories
accepting core dumps, 208defining with preprocessor #define
directive, 209for Milters, 215
Discard reply, 89, 91–95Discarding envelopes, 245Disguising Subject: header, 16–18Distributed model, 232dn_expand() function, 224DNS (Domain Name Service)
adding CNAME records, 49–50sender identification, xviTXT record, 6
DNS and BIND (Albitz and Liu), 50DNS (Domain Name Services)-based services,
xv–xviDNS records
domain versus subdomain, 47–48setting up, 47–50wildcard, 34–35
dn_skipname() function, 223Domain Keys standard, 6Domain names, 47
case insensitive, 29registering for testing, 48
Domain records, controlling, 15
_domainkey domain, 6Domains
adding new host, 47–48enclosed in quotation marks, 29–30versus subdomains, 47–48
-D_REENTRANT, 112DSL (digital subscriber line) and nonfixed IP
addresses, 4dsn argument, 122DSN reply code, changing, 121Dynamic configurations, 246–256
E
EHLO commandarriving at unexpected times, 90requiring before MAIL FROM: command, 161reviewing, 161–165sending site, 172
EHLO/HELO phases and Milter replies, 89Email
composed of multiple parts, 256–258delivered using order specified by MX
records, 14detecting when received from MX servers,
221–225dividing into small, well-defined units, xvifalse positives, 10fictional persons created to receive, 61–63filtering out unwanted, xvgraylisting, 242–244literal "+" character inserted in user part,
75–77maximum size, 247policies for inbound and outbound, 232postage, xviiprotecting good, 64–65screening inbound and outbound, 234significant spam rating, xviunsolicited, xivwhitelisting, 241–242
Constales.book Page 311 Wednesday, January 12, 2005 10:18 AM
INDEX
312
Email addressesdetermining who may have sold, 76encoded @ character, 79expressing abstractly as possible, 79–80innocent person's as bounce address, 5JavaScript obscuring, 80masking URLs, 31as plain text outside mailto: command, 79posting to newsgroup, 67–74reader cutting and pasting, 79setting up for spam, 65–67showing ultimate recipient, 77–78spam email, 38Usenet, 68verifying, 77–78
Email fraudbank or credit card information theft, 7–8Nigerian fraud, 7password theft, 8viruses and worms, 8–9
Email readers, 233Empty addresses, 167Encryption key length, 170End of envelope, 190–197End of headers section, 87End of message section, 87End users
internal customer as, 233–234modeling, 233–234outside world as, 234
End-of-body semaphore, 186End-of-envelope cleanup, 192–193End-of-message phase timeout, 192End-of-message routine and Milter replies, 95–96Envelope recipients
accepting, 91, 154adding recipient, 138–140addresses, 141–142delivery agent name, 176maximum number, 247number of, 239possible replies, 92
processing, 117recipient address, 176rejecting, 172relay host, 176removing, 140–143removing address from list, 142rule sets and aliasing modifying, 142
Envelope sendersaccepting, 156address, 5, 91, 165–166, 170authentication, 170bounce messages, 167deferring, 169delivery agent name, 170discarding, 156, 169error notification sent, 166MTAs rejecting, 16rejecting, 156, 169relay host part, 170reviewing, 90saving address, 169–170source of spam email, 6
Envelope-handling functions, deallocating resources, 156
Envelopes, 155aborting, 197–200accepting, 156arbitrary number of recipients, 171DATA headers, 191DATA portion, 143, 191deferring, 245direct access to raw information, 43discarding, 156, 245end of, 190–197falsifying sender address, 15–16headers, 143identifying, 225MAIL FROM: command, 91MAIL FROM envelope sender, 191private data, 239RCPT TO envelope recipients, 191rejecting, 122, 156, 180, 245
Constales.book Page 312 Wednesday, January 12, 2005 10:18 AM
INDEX
313
Envelope-specific information, deallocating, 228
Envelope-specific macros, 115Envelope-specific resources, deallocating, 169,
184, 188, 192Envfrom item, 100Envrcpt item, 100Eoh item, 101Eom item, 101ep pointer, 189errno variable, 108, 111errno.h included file, 111Error messages, name of program for use in,
68Errors
recording, 218smfi_setconn() routine, 107
/etc/aliases fileediting, 62–63minimal, 53–54
/etc/inetd.conf file, minimizing, 56–58/etc/init.d directory, 57, 213/etc/init.d/apache file, 58/etc/magic file
tests in, 286usage, 284–288
/etc/mail directory, running Milters under, 209–210
/etc/mail/aliases file, 53–54/etc/mail/local-host-names file, setting up,
52–53/etc/mail/milters directory, 209/etc/rc* files, 57/etc/syslog.conf file, 55Exception process, whitelisting, 242exit(2), 148EXPN command, 77–78Exporting shell macros, 215EX_SOFTWARE, 111Extended SMTP commands, 166, 172EX_UNAVAILABLE, 111
F
Fake recipientsautomatic addresses, 62creation of, 61–63names corresponding to real services, 62non-user names, 62UNIX administrative names, 62
Fallback hosts and mail, 13–14False positives, 10Falsifying envelope sender address, 15Fatal (nonrecoverable) errors, 148Feedback
human, 237–239possible mechanisms, 237–240
file (for viewing local files), 29file program, 284–285
simplified, 286testing, 287
Files, identifying types by file contents, 284–288Financial institutions, 8–9finger program, 75, 81Firewalls, 9, 234Fixed IP addresses, 4Flags and smfiDesc structure, 103–104flags item, 100fork() function, 218.forward file, 64–65FreeBSD
copying startup scripts, 213/root/bin/roll shell script, 56
freehostent() function, 236ftp (File Transfer Protocol), 29ftp daemon, 57ftp host name, 52Fudgenews, 67
missing command-line switches, 69opening connection to news posting host, 69post() subroutine, 70–71switches, 68
Functions and Milter phases, 102
Constales.book Page 313 Wednesday, January 12, 2005 10:18 AM
INDEX
314
Fuzzy address matching, 242–244fuzzy() subroutine, 243
G
gethostbyname() function, 236getipnodebyname() C library function, 164,
222, 236GETLONG, 224getpeername(3), 157GETSHORT, 224getuid function, 211g.msn.com websites, 33GNU autoconf suite, 226–227GoodMailSystems website, xviiGorillas, 3, 4–5Graylisting, 242–244greetpause FEATURE, 13Grokking site, 26–37GROUP command, 72Group ID, 213Guerrillas, 3, 5–6
H
haddr argument, 159Handle signals, 219–221Handler functions, 116, 151–203
advisory-oriented, 155belonging to connection, 113connection-oriented, 155message-oriented (envelope-oriented), 154recipient-oriented, 154smfi data access routines, 113–127xxfi_ prefix, 102xxfi_ prefix for names, 102
header item, 100Header sender address, 5Headers, 92, 143, 176–177, 190
adding, 129–132, 191
appearing multiple times, 177case insensitive names, 181changing, 135–138count of, 133custom-added, 132end of, 182–186illegal values, 179index into list of existing, 133inserting in messages, 132–135Milters, 93–94MIME, 178missing, 177modifying, 191multiple lines, 177–178name, 177
in form of string, 130, 133, 136name portion, 178ordering, 93prefixed with literal X-, 131recording presence, 182rejecting, 180–182removing, 135–138, 191reviewing, 176–182RFC standards, 130, 134trace-type, 136tracking of offset, 136user-added, 136value, 130–131, 134, 177value portion, 178
Headers section, 87HELO command
arriving at unexpected times, 90requiring before MAIL FROM: command,
161reviewing, 161–165skipping, 90
helo item, 100HELO/EHLO section, 87HELO/EHLO SMTP command, 120hicount counter, 189Hijacked PCs, xv, 5, 234host argument, 162
Constales.book Page 314 Wednesday, January 12, 2005 10:18 AM
INDEX
315
Host names, 157accepting, 162adding to spam database, 234–235case insensitive, 29looking up, 161
for MX records, 48records, 223
for posting to Usenet, 68random word masquerading, 34–35string containing, 162validity, 162
host.domain form, 32host.domain part, expressed as IP number, 32Hosts
adding to existing domain, 47–48comparing IP numbers, 235–237disguising name, 32enclosed in quotation marks, 29–30IP number of connecting, 157MX records, 13, 223names of, 175redirecting site, 33–34using other aliases, 49–50
HTMLbogus keywords, 283–284camouflaging body, 18–22character-entity encoding, 20–21clickable link in code, 12commands and URLs referenced case
insensitive, 29commands and web references, 27–28comments, 18–20declaring common keywords, 280detecting non-HTML words, 281documentation, 99intervening newlines in comments, 19–20keywords, 283order of encoding, 22unknown keywords acting like comments,
19URL encoding, 21–22valid keywords, 19
HTML commentsillegal form, 280legal form, 279–280stripping, 279–284
HTML documents and special characters, 20–21, 269–276
HTML (Hypertext Markup Language)-enabled email readers, 8
HTML-capable mail programs, 18–19http (Hypertext Transport Protocol), 29HTTP listener, 58https (HTTP with Secure Sockets Layer, or
SSL), 29Human feedback, 237–239
I
$i macro, 114, 226ident lookup, 160identd, 75Idle, Eric, 10if clause, 117IMAP (Internet Message Access protocol)
email readers, 233include/milter.h file, 154inet: prefix, 106–107, 112inet6: prefix, 106–107inetd daemon, 58, 81inetd.conf file, commenting out lines, 58INPUT_MAIL_FILTER mc command, 51Installing Milter library, 46Internal PCs, risks imposed by, 234IP addresses
associated with receiving (listening) interface, 160
fixed, 4nonfixed, 4–5reverse look up, 157
IP numbersassigning multiple to network interface, 15comparing, 235–237
Constales.book Page 315 Wednesday, January 12, 2005 10:18 AM
INDEX
316
IP numbers continuedconnecting host, 157decimal or hexadecimal, 32rejecting connections from, 221spam-sending site, xvused by machines without fixed IP
numbers, xvip pointer, 261–262IPv4 socket, 106–107IPv6 socket, 106–107ishtmlcmp() function, 281ISPs, 4–5isspace() C language library routine, 259Items and zero-length string, 250
J
JavaScript, obscuring email address, 80JavaScript.Encode URLs, 37Jones, Terry, 10
K
Keystroke logging, 8–9Keywords
character-entity encoding, 20–21valid HTML, 19
Kill (Ctrl+C) keyboard shortcut, 112
L
-l items, 112Large ISPs
policies, 5spam, 4–5TXT record, 6whitelisting, 241
LDAP (Lightweight Directory Access Protocol), 232
Leftmost comparison, 251len argument, 187libmilter directory, 46libmilter RPM (Redhat Package Manager), 45libmilter/docs documentation, 151–152libmilter.h file, 102libmilter/mfapi.h included file, 111Library routines, reporting errors to, 124–126Lines: header, 73Linux
copying startup scripts, 213method used to halt Milter, 215/usr/sbin/logrotate file, 56
listen(3), 126Listeners
daemons as, 58eliminating unwanted, 57
Listening connection, establishing, 109Listening daemon, name of, 160listen(2) queue, 126–127listen(3) queue, 127Literal character-entity encoding, 20–21-lnsl, 112loadwords() routine, 288–289local: prefix, defining, 105–106local3 logging facility, 55localhost loopback interface, 112local-host-names file, 52–53Log files. limiting size, 56logadm program, 56Logging
connections, 161defensive programming, 226facilities available for nonsystem programs,
55Milters, 225–226number of envelopes processed during
connection, 202–203overview, 54–55queue identifiers, 225recording every connection, 161rotating logs, 56
Constales.book Page 316 Wednesday, January 12, 2005 10:18 AM
INDEX
317
sendmail, 128–129, 225setting up, 54–56setting up local#, 55–56Solaris, 225total connection duration, 202–203
logmilter Milter, 289Logs, rotating, 56Lost productivity, 9
M
m4 Build file, 45Macros
adding to default list, 160–161connection-specific, 115defining, 111, 258–259
end-of-file (or end of buffer), 259illegal input character or white space
characters, 259needed, 111
envelope-specific, 115fetching values, 114–115name whose value is looked up, 114–115passing sendmail macros to Milter, 115persisting, 114xxfi handler function return values, 153xxfi_connect() handler function, 160–161xxfi_envfrom() handler function, 170xxfi_envrcpt() handler function, 176xxfi_eom() handler function, 193xxfi_helo() handler function, 165
magic() routine, 286–287Mail Abuse website, xvimail facility, 54Mail fallback hosts, 13–14MAIL FROM: command, 51, 86, 87, 120,
154–155calling Milters, 85ESMTP (Extended SMTP) arguments, 91Milter replies, 90–91reviewing, 165–171
mail host name, 52mailto: command, 78–79
searching for, 65main() function, 99, 252
arguments, 111changing default socket time out, 100minimal, 110–112routing, 97
Makefile, 51, 226Makefile.am template file, 226malloc, 119Masking signals, 220Masking web addresses, 78–80maxrcpts item, 247maxsize item, 247mc configuration file
addingmacros to default list, 160Milter support, 51
adding macros, 193delay_checks FEATURE, 51editing, 50–51naming Milters, 101–102smfi_setconn() routine, 107
mc macros, 115Memory
allocating for strings, 122freeing allocated, 118
Memory leaks, avoiding, 227–229Message-Id: header, 73, 185, 193Message-oriented (envelope-oriented) handler
functions, 154Messages
aborting, 96accepting, 135, 154adding header, 129–132to be logged, 54body, 92bouncing, 5, 235changing, 121data portion, 178discarding, 135
Constales.book Page 317 Wednesday, January 12, 2005 10:18 AM
INDEX
318
Messages continuedheaders, 92, 132–135lacking Message-Id: header, 185large chunks of random text, 23–24left with no recipients, 141multiple Milters reviewing, 131–132, 135quarantining, 146–148, 191rejecting, 135, 185reviewing data portion, 176, 182–186
Microsoft Windows, 285MI_FAILURE value, 103, 109, 119, 121–123,
127, 130, 132–136, 139, 141, 143–144, 146
Milter header file, 99MILTER macro, 215MILTERARGS macro, 215MILTERDIR macro, 215MilterEmailAddress variable, 240milter.init script, 214–216MILTERKILL macro, 215Milter-library, 97
declaring Milter phases, 100installing, 46overview, 97–99registering smfiDesc structure with, 112routines, 97–98smfi_prefix, 97, 99version, 102xxfi_prefix, 99
MILTERRUN macro, 215Milters, 85
abort phase, 96aborting, 214adding support in sendmail, 50–52architecture, 231–232baby-sitting script sleep time, 215beginning execution, 100capabilities, 103–104command-line arguments, 215communicating with sendmail, 104configuration file, 209, 232considering portability early, 226–227
database, 209debugging level, 124–126declaring phases acceptable or ignorable, 100default wait, 109defining
macros, 111name, 215
directory for, 215distributed model, 232dynamic configurations, 246–256email address stored in variable, 240failing, 103, 214functions for phases, 102headers, 93–94immediate abort, 219interweaving calls to many, 86–87killing, 112learning from human input, 238–239libraries needed, 112listening, 109logging, 225–226macros for passing sendmail macros to, 115main() function, 99–100method used to halt, 215multiple reviewing message, 131–132, 135multithreaded, 113, 214name of, 101–102non-root user, 211–213order called, 132, 135, 138orderly shutdown, 219phrases accepted or ignored, 100–103port numbers listening on, 106post-connection cleanup, 96preventing from running as root, 211private variables, 100process phases, 87queue identifiers, 225quitting, 148–149real user ID, 211as recipient, 240registering with library, 88regular-expression rules, 244
Constales.book Page 318 Wednesday, January 12, 2005 10:18 AM
INDEX
319
rejecting connection, 89rejecting SMTP command, 119–120replies
for Connect and Ehlo/Helo, 89–90at end-of-message routine, 95–96to MAIL FROM: command, 90–91per chunk, 94to RCPT TO: command, 91–92
required initialization elements, 99–100return values from multiple, 88reviewing recipients, 91–92role of, 85–86running
in background, 110, 217–219under /etc/mail directory, 209–210in foreground for testing, 219by root, 105in /usr/local directory, 210
sendmailpoint of view, 86–87supporting, 45
SMTP DATA replies, 92–94sockets, 100source code examples, 289–290starting, 213–217startup script, 213–217static configurations, 246status or startup files, 209stopping, 213–217syslog records, 102T parameter, 191tempfailing SMTP command, 119–120time before restarting, 215timeout on amount of time, 145UNIX domain socket, 210updating knowledge, 232use of multiple, 85user ID, 210–213waiting for connection from sendmail, 112where to run, 208–210
milters directory, 289–290MILTERSEMAPHORE macro, 215
MIME (Multipurpose Internet Mail Extensions)
attachments, 24–25Content-Type: header, 256headers, 178headers and attachments, 285
MIME-encoded boundaries, parsing, 256–258MIME-encoded messages, 187Missing headers, 177MI_SUCCESS value, 119, 121, 125, 130, 133,
136, 139, 141, 144, 146Monty Python's Flying Circus, 10msg argument, 122–123MTAMARK (Marking Mail Transfer Agents) x
standard, 6MTAs (mail transfer agents), xiii, 6
multiline reports, 124rejecting envelope sender, 16
Multiline replies, 123–124Multipart messages, 256–258Multithreaded mode, launching, 109–110Multithreaded operation, 112Multithreaded program
deallocating resources, 96signals, 220
MX host, spam email sent directly to highest-numbered, 222
MX records, 13adding, 48–49controlling domain records, 15extracting host name associated with, 224looking up, 48–49printing, 225trapping IP number subterfuge, 14
MX (mail exchange) serversanticipating, 221–225deferring envelopes, 245detecting when mail received from,
221–225looking up, 222–224relaying spam through, 13–15unable to run spam filters on, 222
Constales.book Page 319 Wednesday, January 12, 2005 10:18 AM
INDEX
320
mx() function, 222testing, 208, 224
mySQL, 232
N
name argument, 178Name item, 100Named pipes, 104–106Named sockets, 105–106Network connections and bait machine, 46newaliases command, 54newaliases program, running, 65Newline characters, 289–290News server
acknowledging posting, 73allowing posting, 72host sending greeting, 71
Newsgroupsto post to, 68posting to, 67validating existence, 72
Nigerian fraud, 7nmap program, 56–57Non-root user, 211–213NOQUEUEID string, 226Nwords global variable, 289nwords() function, 290–291
O
okaymail user, 65~/.oksenders file, 244Old MTA addresses, 167, 173op pointer, 261–262Operating systems
posix threads, 44thread-safe C language library, 44–45
Organized crime and Nigerian fraud, 7ourmilt.run script, 216–217
P
Parent, 218Parsing MIME-encoded boundaries, 256–258Passing state, 255Passwords, 8–9Paul Graham Spam website, xviPdata structure, 119pdatap pointer, 119percenthex() subroutine, 277–279Phone numbers
detection of, 38whitelisting, 242
Phonemes, 23Platform, choosing for bait machine, 44–47Plus addressing, 75–77Pointers, storing single, 119POP (Post Office Protocol) email readers,
233Portability, 226–227Ports
excluding non-email, 56–58list of numbers, 57unnecessary services listening, 57
Posix threads, 44–45POST command, 72Postage, xv, xviiPost-connection cleanup, 96Posting
articles, 70–71to Usenet news groups, 67–74
post() subroutine, 70–71Preventive measures
EXPN command, 77–78telling users about plus addressing, 75–77
Printer hosts name, 175printf() statements, 219Printing MX records, 225priv pointer, 170priv variable, 185Private data, 239
allocating memory to pointer, 117
Constales.book Page 320 Wednesday, January 12, 2005 10:18 AM
INDEX
321
fetching, 118–119registering, 116–118
Private variables, 100priv->qid variable, 226procmail program, 242Programs run as root, 211Protecting good email, 64–65Protocols
default, 31enclosed in quotation marks, 29–30identifying in URL, 29–30not actually present with each URL, 31
Pthreads. See posix threadspthread_sigmask() library routine, 221
Q
qpdecode() function, 266–269Quarantine reply, 96Quarantining messages, 146–148, 191Queue identifiers, 225–226Queued messages
not seen by sendmail, 146–148sendmail identifier, 170
QUIT command, 74Quitting Milters, 148–149Quoted-printable encoded attachments, 24–25Quoted-printable encoding, decoding, 265–269
R
Random text, 23–24RCPT TO: command, 117, 120
calling Milters, 85Milter replies to, 91–92reviewing, 171–176
RCTP TO: command, 87rd.yahoo.com website, 33README file, 46Real user IDs, 211
Rebooting bait machine, 58–59Received: headers, 131, 177, 182Receiving (listening) interface, 160Recipient address @ character, 175Recipient-oriented handler functions, 154Recipients
accepting, 154counting number of, 116–117number of bad, 193rejecting, 122
Recording errors, 218Redirect servers, 33–34Redirecting site, 33–34regerror() function, 244regexec() C library routine, 243Registering private data, 116–118Regular-expression evaluation, 243Reject decision, 88Reject reply, 89, 91–95Rejecting
connections from IP numbers, 221envelopes, 245spam, 244–246
Relaying through MX (mail exchange), 13–15
Resourcesdeallocating, 96
connection-oriented, 155envelope-handling functions, 156
failure to deallocate temporary, 118res_query() function, 223return keyword, 112Return values from multiple milters, 88Reverse DNS, 6Reverse lookup of IP address, 157Reviewing connections, 156–161Reviewing SMTP HELO/EHLO, 161–165RFC1413 validation, 160Risks with internal PC customers, 234root user
delivering mail for, 53executing programs, 211
Constales.book Page 321 Wednesday, January 12, 2005 10:18 AM
INDEX
322
root user continuedpreventing Milters from running as, 211programs run as, 211
/root/bin/roll shell script, 56Rotating logs, 56Routers, 9, 234Routines
body, 255–293decoding
base64 encoding, 258–265character-entity encoding, 269–276quoted-printable encoding, 265–269URL-encoding, 277–279
/etc/magic file usage, 284–288parsing MIME-encoded boundaries, 256–258passing state, 255stripping HTML comments, 279–284
Rule setsdisposing of message, 96rejecting connection, 89
runas() function, 211–213
S
Sanity process and whitelisting, 242<script command, 37Semaphore file, 217Sender identification, xviSending site
connection cleanup, 200–203EHLO command, 172
sendmail220 greeting, 12–13, 90220 SMTP code, 156adding Milter support, 50–52aliases, 53–54buffer for incoming message, 12–13configuring, 50–54connection request from sending host, 89getpeername(3), 157greetpause FEATURE, 13
header added by Milter, 131host and RFC1413 validation, 160interweaving calls to many Milters, 86–87killing and restarting, 52log records, 225logging, 128–129mail facility, 54mc macros, 115minimal aliases file, 53as MTA (mail transfer agent), xiiimultiple Milter programs, 85plus addressing, 75–77point of view on Milters, 86–87queried files not seen by, 146–148rejecting envelope recipient, 172reverse lookup of IP address, 157setting up local-host-names file, 52–53SMART_HOST option, 4source directory, 50version supporting Milters, 45where and how to deliver email, 64
sendmail, 3rd edition (Costales and Allman), xivsendmail configuration file
Milter.LogLevel option, 128–129, 131, 134, 136, 138, 140, 142, 145, 147
order Milters called, 132, 135, 138sendmail Cookbook (Hunt), xivsendmail macros
fetching values, 114–115xxfi_connect() handler function, 160–161xxfi_envfrom() handler function, 170xxfi_envrcpt() handler function, 176xxfi_helo() handler function, 165
sendmail Milters, xv, 43sendmail Performance Tuning (Christenson), xivsendmail website, 45sendmail.cf file, 52sendmail.mc file, 50–52Services
screening URLs, xvi–xviiunnecessary listening on ports, 57
setsid() function, 218
Constales.book Page 322 Wednesday, January 12, 2005 10:18 AM
INDEX
323
sfsistat type, 153, 157–158, 166, 168, 171, 174, 178, 180, 183–184, 186, 194–195, 197, 201
Shell macros, 214–215Shutting down in stages, 148sig() function, 220SIGHUP signal, 219–221SIGINT signal, 219–221sigmarkreadconf() function, 220sigmarkrereadconf() function, 220–221Signals, 219–220Signature detectors, attempting to fool, 23–24SIGPIPE signal, 219–221SIGTERM signal, 219–221SIGUSR1 signal, 219–221SIGUSR2 signal, 219sizeof (3) integer, 117Sleepycat DB, 46–47slocal program, 64, 242slowmilt open source, 290Small businesses and whitelisting, 241SMART_HOST option, 4smfi data access routines, 113–127smfi modifier routines, 127–149smfi routines, 97, 151smfi_addheader() routine, 98, 129–130, 191, 196
ctx connection-context pointer, 130smfi_addrcpt() routine, 98, 138–140smfi_chgheader() routine, 98, 135–138, 191smfi_delrcpt() routine, 98, 140–141, 240smfiDesc structure, 100–103, 111–112, 158,
162–163, 167–168, 173, 179, 183, 187, 194, 198, 201
declaring xxfi_ functions, 155flags, 103–104global or local, 101items, 100–101position of xxfi_connect() handler
function, 158registering, 100
with milter-library, 112with smfi_register() function, 103
SMFIF_ADDHDRS flag, 104, 129, 132
SMFIF_ADDRCPT flag, 104, 138–139SMFIF_CHGBODY flag, 104, 143SMFIF_CHGHDRS flag, 104, 135SMFIF_DELRCPT flag, 104, 140–141SMFIF_QUARANTINE flag, 104, 146–147SMFIF_ADDHDRS flag, 104, 129, 132SMFIF_ADDRCPT flag, 104, 138–139SMFIF_CHGBODY flag, 104, 143SMFIF_CHGHDRS flag, 104, 135SMFIF_DELRCPT flag, 104, 140–141SMFIF_NONE flag, 104SMFIF_QUARANTINE flag, 104smfi_getpriv() routine, 98, 113, 117–119, 170,
192, 199, 203, 239smfi_getsymval() routine, 98, 112–115, 165,
170, 176, 193, 226smfi_insheader() routine, 98, 132–135smfilter structure, 103smfi_main() routine, 98, 100, 109–110, 112smfi_opensocket() routine, 98, 104–109, 112smfi_prefix, 97, 99smfi_progress() routine, 98, 145–146, 191, 192smfi_quarantine() routine, 98, 146–147, 191smfi_register() routine, 97–98, 100–103, 102,
112, 158, 162, 167, 173, 179, 183, 187, 194, 198, 201
smfi_replacebody() routine, 98, 143–144, 191SMFIS_ACCEPT return value, 153, 158–159,
163, 168, 174, 180, 184, 188, 195SMFIS_CONTINUE return value, 153, 159,
164, 169, 174, 180, 184, 188, 195, 240SMFIS_DISCARD return value, 153, 159, 164,
169, 174, 180, 184, 188, 195smfi_section() routine, 105–107smfi_setbacklog() routine, 98, 113, 126smfi_setconn() routine, 98, 104–109, 112smfi_setdbg() routine, 98, 113, 124smfi_setmlreply() routine, 98, 113, 123–124smfi_setpriv() routine, 98, 113, 116–118, 193,
203, 228smfi_setreply() routine, 113, 119–122smfi_settimeout() routine, 98, 109, 112
Constales.book Page 323 Wednesday, January 12, 2005 10:18 AM
INDEX
324
SMFIS_REJECT return value, 153, 159, 163, 168, 174, 180, 184, 188, 195
SMFIS_TEMPFAIL return value, 153, 159, 163, 168, 174, 180, 184, 188, 195
smfi_stop() routine, 98, 148–149SMFI_VERSION literal expression, 102SMFI_VERSION macro, 111SMTP (Simple Mail Transfer Protocol)
changing reply, 119–122DATA portion, 190EHLO command, 90envelopes, 15EXPN command, 77–78HELO command, 90MAIL FROM: command, 90MAIL FROM part, 5Milter replies with data, 92–94modifying messages, 127–149reply code, 122reviewing HELO/EHLO, 161–165
smtp argument, 121SMTP commands
extended, 166, 172rejecting, 119–120tempfailing, 119–120
Socketschanging default time out, 100opening, 107–109setting up, 112smfi_setconn() routine, 107
Solarisbaby-sitting script, 217copying startup scripts, 213-lnsl switch, 68log records, 225logadm program, 56method used to halt Milter, 215
Source code Milter examples, 289–290SPAM, xivSpam, xiv
adding URL's host to database, 234–235aliases and comments, 63
archiving, 244–246attempting to fool signature detectors,
23–24bouncing, 16camouflaging HTML body, 18–22clickable web reference (URL), 26connection behavior, 12–13constantly changing and evolving, 12disguising Subject: header, 16–18disposing of, 234email addresses, 38evolution of, 3exponential growth, 10falsifying envelope sender address, 15filtering, xvi, 234full-blown war against, 3grokking site, 26–37human view of, 11internally structured, 12ISPs, 4–5large ISPs, 4–5lost productivity, 9maintaining history, 234–237method to contact spammer, 26passing through, 244–246phone numbers, 38possible feedback mechanisms, 237–240rejecting, 244–246relaying through MX (mail exchange),
13–15religiously or politically motivated, 38selling something, 38setting up addresses to be gathered, 65–67speeding up process, 12tracking source, 76unnecessary encoding, 24–25what to do with, 232
Spam address-gathering software, 77–78Spam detection software
envelope sender, 16phonemes, 23
“Spam Song,” 10
Constales.book Page 324 Wednesday, January 12, 2005 10:18 AM
INDEX
325
Spam suppressioncost of, 9–10software, 10
Spam-blocking software recognizing spam, 11Spammers
hijacked PCs, 5method for recipient to contract, 26thinking like, 38–39
Spam-screening software, 19Spam-sending sites
false envelope sender, 16IP number, xv
Special charactersHTML documents, 20–21, 269–276redirect servers, 33–34
SPF (Sender Policy Framework) standard, 6Spyware, 8SQL (Structured Query Language) database,
232src directory, 290_srv._smtp.perm domain, 6start argument, 216Startup script, 213–217State, passing, 255stat() function, 289Static configurations, 246Status information, 155stdin, 218stdio.h included file, 111stdout, 218stop argument, 216strerror() function, 108, 111, 121String constants, 276string.h included file, 111Strings
allocating memory for, 122cleaning spaces around, 247–248longer than 980 characters, 122–123
Stripping HTML comments, 279–284strtol() C library function, 268struct keyword, 101struct priv_struct type, 170
Structure, 101Subdomains, 47–48Subject: headers, 181
base64-encoding, 17–18disguising, 16–18
submit.cf file, 52Syntax error, 122–123sysexits.h included file, 111, 208syslog(3), 203syslog records, 102syslogd daemon, restarting, 56syslog() function, 218, 226System password database, 212
T
Target file, 55TCP sockets, 104, 106–107, 112TCP/IP (Transmission Control Protocol/
Internet Protocol), 12–13Telnet to known web server on port 80, 66Tempfail decision, 88Tempfail reply, 89, 91–95Template include file, 226Test machine. See bait machinetest Milter, 290Text, computing value for, 23–24Theft
of bank or credit card information, 7–8of passwords, 8
Thinking like spammers, 38–39Threads, 148, 220time(3) C library routine, 203TLS encryption key length, 165TLS/SSL (Transaction Layer/Secure Socket
Layer) version, 165T_MX type, 224Tomlinson, Fred, 10Trace-type headers, 136Trapping signals, 220ttl (time to live), 224
Constales.book Page 325 Wednesday, January 12, 2005 10:18 AM
INDEX
326
TXT record, 6Type, 224
U
umask, 105Underlying database whitelisting, 241Units, xviUNIX, 284–285unix: prefix, 105–106UNIX domain socket, 108, 210UNIX System Administration Handbook, 3rd
edition (Nemeth, Snyder, Seebass, and Hein), xiv
Unnecessary encoding, 24–25unsigned char* type, 187Unsolicited email, xivUnwanted headers, 182URL detection, xvi–xviiURL-encoding, 21–22
decoding, 277–279URLs (Uniform Resource Locators)
case insensitive, 29CNAME records and, 35–36decoding, 22email addresses masking, 31encoding, 21–22encountering @, 32hand-screening, xvhost.domain form, 32hostname random word masquerading,
34–35identifying protocol, 29–30JavaScript.Encode, 37quotation marks when pasting, 29–30recording host names in database, 26services that screen, xvi–xviiused as comments, 36–37
Usenetcommercial postings, xivemail addresses, 68
plus addressing, 77posting to news groups, 67–74spam risks, 77
User IDsavoiding use of, 210Milters, 210–213nonzero, 213real, 211resetting, 213value as, 212
User names, 8–9user variable, 212User-added headers, 136Users
discovering if logged in, 81modeling, 233–234outside world as, 234telling about plus addressing, 75–77
/usr/local directory, 210/usr/local/etc/rc.d directory, 213/usr/local/nmh/lib/slocal program, 64/usr/sbin/logrotate file, 56/usr/share/dict/words file
loading, 288–289usage, 288–293
V
Valid HTML keywords, 19value argument, 178Values and zero-length string, 250/var/log/maillog file, 55/var/log/milter.log file, 56/var/log/syslog file, 54/var/run/ourmilter.sock socket, 51/var/run/yourmilter directory, 208Version item, 100Vikings, 10Virtual Conspiracy website, 37Viruses, 8–9VRFY command, 77–78
Constales.book Page 326 Wednesday, January 12, 2005 10:18 AM
INDEX
327
W
Web addresses, masking, 78–80Web interface
email readers, 233whitelisting, 241
Web references, 21character-entity encoding, 22<a command, 27disguising, 26HTML commands, 27–28
Web servers, running, 65–67Websites, xvwhile loop, 217White space characters, 259–260Whitelisting, 232, 241–242Wildcard DNS records, 34–35Words, breaking up with HTML comments,
18–19Words global variable, 289Worms, 8–9write program, 81www host name, 52
X
xfi_eom() handler function, 132X-milter: header, 131XMTP, VRFY command, 77–78xxfi_ handler functions, 226
common characteristics, 153ctx argument, 154declaring, 153types, 154–155
xxfi_abort() handler function, 117, 152, 155–156, 169, 184–185, 191, 192, 194, 197
calling common subroutine to deallocate envelope data, 200
ctx private-context pointer, 198deallocation routines called from, 227example, 199
recording that Milter aborted, 200usage, 197–199
xxfi_body() handler function, 143, 152, 154, 156, 255
allowing selected local recipients to receive messages, 190
archiving copy of outbound email, 190arguments, 186–187calling, 186ctx private-context pointer, 186example, 189–190len argument, 187return values, 188saving (buffering) body to file or in
memory, 190saving (buffering) body without
attachments, 190screening body for viruses, 190storing attachments in database, 190usage, 186–189
xxfi_close() function handler, 193xxfi_close() handler function, 118, 152, 155,
169, 184, 185, 199, 228calling, 200–201ctx private-context pointer, 201ensuring allocated envelope data
deallocated, 203example, 202–203summarizing actions taken by connecting
site, 203usage, 200–202
xxfi_connect() handler function, 114, 118–119, 152, 155–157
detecting if connection is on loopback interface, 161
example, 159–160haddr argument, 159keeping track of connections, 161looking up host name and IP number,
161return values, 158–159sendmail macros, 160–161
Constales.book Page 327 Wednesday, January 12, 2005 10:18 AM
INDEX
328
xxfi_connect() handler function continuedsfsistat type, 158usage, 158–159
xxfi_envfrom() handler function, 114, 117, 152, 154, 156, 165–166, 170, 185, 191, 197, 225–226
comparing IP address to list of rejected addresses, 171
envelope sender allowed to send mail in domain, 171
example of, 169–170rejecting connections with small
encryption key length, 171return values, 168–169sendmail macros, 170usage, 166–169
xxfi_envrcpt() handler function, 114, 117, 142, 152, 154, 156, 191
addressees of message inside, 239arguments, 172argv argument, 172calling, 171counting number of good recipients, 176ctx private-context pointer, 172example, 175–176list of honey-pot (bait) recipients, 176missing recipients can be found, 176return values, 174sendmail macros, 176usage, 171–174validating whitelisting pairs, 176
xxfi_eoh() handler function, 152, 154, 156calling, 183comparing number of envelope recipients
to number of header recipients, 186ctx private-context pointer, 183example, 185flagging missing headers, 186logging statistical review of headers, 186return values, 184usage, 183–184
xxfi_eom() handler function, 117, 127, 129, 132–133, 135–136, 138–139, 141, 143–145, 147, 152, 154, 156, 169, 185–186, 190–191, 240
adding envelope recipient, 197adding headers found to be missing, 196argument, 194calling, 227changing value of headers, 197constrained by time limits, 191–192ctx private-context pointer, 194deallocation routines called from, 227decoding body, 197example, 196logging summary of everything Milter did
with envelope, 196removing envelope recipient, 197removing junk headers, 197return values, 195screening body to detect spam, viruses, and
unwanted attachments, 197sendmail macros, 193usage, 194–195
xxfi_header() handler function, 152, 154, 156, 176–177, 185, 191
arguments, 178checking header values for adherence to
standards, 182ctx private-context pointer, 178detecting bogus Received: headers, 182example, 180–182name argument, 178recording presence of header, 182return values, 180unwanted headers, 182usage, 178–180value argument, 178
xxfi_helo() handler function, 114, 152, 155, 161arguments, 162calling, 162ctx private-context pointer, 162
Constales.book Page 328 Wednesday, January 12, 2005 10:18 AM
INDEX
329
detecting spamming software patterns in HELO/EHLO string, 165
example, 164host argument, 162return values, 163–164sendmail macros, 165sfsistat type, 162usage, 162–164verifying correct cipher suite, 165
xxfi_prefix, 99xxfi_rcpt() handler function, 97
Z
Zero-length file for logging messages, 55Zero-length string, 250Zombie mail machine, 9
Constales.book Page 329 Wednesday, January 12, 2005 10:18 AM
Constales.book Page 330 Wednesday, January 12, 2005 10:18 AM