SourceForge Logo

Perl Antispam ESMTPD

Project Summary

UPDATE:

I've personally discontinued using the Perl ESMTPD in favor of SpamAssassin's smtp proxy. See http://www.spamassassin.org/dist/spamproxy/README

I'll keep the esmtpd project here because I think the code has some merrit and some may want to borrow from it, but anyone who's interested in this project should definately see what they're doing at SpamAssassin.

john

About the project...

I support a number of Outlook Express (and Outlook) clients. They want to send and receive email in the office and at home, ie using our office LAN and using their dialup service. I found that Stunnel could provide them secure IMAP and POP3 service, but the qmail-smtp I was using would be an open relay if I ran it through Stunnel. I tried the smtp-auth patches for qmail, but I was getting core dumps. What I really wanted was an integrated package which included:

Then I found the Courier project. It seemd to have most of what I wanted. The trouble was, after three weeks of hacking with it, I still couldn't make it build and run stablely. I monitored the maillist and saw that I wasn't alone. It's a good project, but not yet ready for FreeBSD.

So, back to the drawing board... I figured I could write a SMTP daemon to do most of what I wanted, so that's what I did. And since I do all my development in Perl these days...

Questions Answers
Isn't PERL fat and slow for a daemon? Yes, but it's quick to develop, easy to maintain, and, as it turns out, I was running Perl for all my local deliveries anyway, so this will probably end up being a lighter-weight solution for me in the long run. Besides, RAM is cheep these days.
Isn't there already a SMTP-Server-1.1 on CPAN? Yes, and I plan to keep Habeeb J. Dihu abreast of the project. I hope he will find some of my material useful for integration to the Net::SMTP::Server module. Honestly, I don't trust modules. I suppose that's my failing... Anyway, Dihu's work didn't contain any of the bells & whistles which were central to my project, so I hacked away.
Wouldn't this be better in C or Python? Probably -- but I wrote mine in Perl.
Is it stable? I'm just deploying it here. We do a few thousand emails a week, so I expect to have the bugs worked out real soon. -- Actually we've run it for more than a year now with great success. I don't know of any other tool which filters so much spam at the server level.
How do you virus-scan your incoming email? I'm using AvpBSD from Kaspersky Labs which has been quite effective for me. You can use whatever you want -- it should take about 10 minutes to switch to another scanner.
Where do you plan to go with the project? I'm releasing the current version and I doubt I'll do much more with it. I've wondered about creating an SPAM IP log to try to may my own blacklist, but I think the existing spam checks are probably sufficient.
But you didn't answer my question! Then email me and let me know what it is!

Assumptions

Ok, so I wanted to simplify some things to streamline the project. If you don't like my assumptions, fix them in your copy and I'll make the patch available.

Installation

Virus Check Script

The point of the virus check script is to (a) find out if the email contains a virus and (b) sequester it if found. I do that by zipping and uuencoding the email, relaying only the sender address and the subject. When the client receives it the user is alerted to the infection and must unzip the file before opening it. This prevents any VBS type email bombs from activating.

Configuration Options

$locals= ## hosts for whom you accept mail
'mydomain.com|mydomain.org';

$localrelays= ## hosts for whom we accept mail to relay
'myfriend.org|myotherfriend.org';

$me= ## your host name
'mydomain.com';

$pw= ## your relay password -- must be lowercase
'secret';

$home= ## where your homes are
'/usr/home';

$alias= ## where your alias list is
'/usr/local/qmail/alias';

$spamboxes= ## addresses which only receive spam
'spamme|olduser';

$spamdb= ## location of spam dbm file
'/usr/home/incomingmail/spam';

$inject= ## your local mailer
'/usr/local/qmail/bin/qmail-inject';

$tmp= ## your temp file location
'/usr/home/incomingmail';

$blackholes= ## blackhole dns's to test
'rbl.maps.vix.com|dul.maps.vix.com|relays.mail-abuse.org';

$relays= ## relaying is allowed for these hosts
'10.|127.0.0.1';

$user= ## who daemon runs as
'nobody';

$log= ## your log file location
'/var/log/smtp.log';

$blackholedelay=30; ## seconds to make blackholed servers wait

$port=25; ## your smtp port -- probably 25

$interface='127.0.0.1'; ## interface to bind to

$evil= ## list of re phrases to cause bounce (case ignored)
'\bbarely legal\b
\bUnsensored pics\b
\brated adult site\b
(find out|learn|discover) ANYTHING about anyone
(remove.*\@dcemail\.com)
bagboy\@burmeses\.net
\(a\) *\(2\) *\(C\).*1618
hot\w*\s+hardcore';

$smallestvirus=2500; ## size must be greater than this for viruscheck to run

$viruscheck='/usr/local/bin/viruscheck.sh'; ## adjust your antivirus settings here

Updated 8/15/01