Introduction ------------ For the past 10 years the e-mail spam has become perhaps the biggest problem that comes along with the e-mail protocol. For me it is definitely the most annoying one. The war against spam is very much like the so-called war in terror. In order to combat spam, much of the user's freedom has been taken. Several techniques for preventing, detecting and fighting spam have been introduced including: mail-content inspection, black/gray listing, spamtraps... and some of them have been destructive for the user's freedom. I belive in every man's right to send and receive an e-mail from its own computer. Taking care of my own email has always been giving me pleasure and satisfaction. In spite of securing my MTA against open mail relay and providing it with a reverse DNS entry (hostname), my outgoing mails have been blocked by several mail-providers (including Hotmail) because my IP belongs to a blacklisted IP-range. I find this to be a violation of my rights. The dyn-host-filter ------------------- dyn-host-filter implements another well-known anti-spam technique. The idea behind this technique is to block mails that originate from sources with dynamic hostnames (hostnames that are automatically generated by the ISP) as well as from sources that do not possess a reverse DNS-entry. A huge part of the spam that is generated every day comes from infected/exploited computers or temporary MTAs who don't necessarily have open relay. Since most of the so-called black lists that contain whole IP-ranges are useless for admins who respect the freedom of others to send mail and the rest of the black lists are simply ineffective, one could try another strategy. This strategy for distinguishing a legal sender from spammer is based on two requirements: 1. Reverse DNS entry - a legal sender should always resolve. 2. Proper hostname - a legal sender should not be identified with a dynamic hostname. The first requirement is easy to check. An IP either resolves or not. The second one on the other hand is more tricky. There is no single standard for generating dynamic hostnames that is used by all ISPs. A dynamic hostname may look like: p50424219.dip.ip.com or ppp-89-217-16-161.dynamic.ip.com while hostnames like: company.com or myfriend.net can be considered as "proper". But how can a program distinguish the dynamic host from the "proper" one? The answer is: Regular expressions (regexp) In order to separate "bad" sources from "good", dyn-host-filter uses user-defined rules based on regexp. The mail is separated at the very early stage of qmail's mail processing pipeline, so the blocked mail doesn't even enter the mail system. Other spam-detection techniques (like content inspection) can be applied afterwards (look at the diagram bellow). ______________ ________________________ ______________________ _________________ | | | | | | | | | | | tcpserver | (company.com, johnson.net) | qmail | OK | | | Mail Entry |--->| (dyn-host-filter) |--------------------------->| (content inspection) |---->| Mailbox/Maildir | | | | block dynamic.ip.com$ | | | | | |______________| |________________________| |______________________| |_________________| | | | | | | reject | reject/modify | <--------------------------| <-------------------------------| (ppp123-44-567.dynamic.ip.com, 80.123.90.33) (Subject: V1agra, Subject: 5eX) Supported systems & requirements -------------------------------- dyn-host-filter is expected to compile on all systems supported by ucspi-tcp, though it's only tested under: GNU/Linux (Gentoo), FreeBSD 5.*/6.* If you experience compilation/installation problems on systems where you are currently running qmail (ucspi-tcp), please let me know (I'll only support free operating systems). Requirements: qmail with ucspi-tcp, glibc (or compatible std library) Further reading --------------- There are several manual pages that come with dyn-host-filter as well as those from the ucspi-tcp collection: dyn-host-filter(1), dhf-test(1), dhf.conf(5), tcpserver(1), tcprules(1), rblsmtpd(1).... In addition, Wikipedia is always a good start when it comes to general knowledge about spam and regular expressions. And finally... use your head and imagination! :) Contact me ---------- The easiest way to reach me is to join the Freenode IRC-network. Direct your questions/suggestions to: Blackmore or join #blackmore. License ------- This file is part of dyn-host-filter. dyn-host-filter is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. dyn-host-filter is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with dyn-host-filter; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.