Damn spammers

Since I spent quite some time thinking about my SMTP setup earlier today, I finally took the time to hack up a little perl script to parse my mainlog, pick out the IP addresses of hosts that appear to have been spamming me, put them in a database, and modified my exim4.conf to look them up and deny them access if I want to.

Those lookups are pretty easy, really. In the first section of your exim4.conf, I have this:

hide pgsql_servers = (/var/run/postgresql/.s.PGSQL.5432)/*/spam/Debian-exim/

with '*' being the password. Except that this is ident authentication, so I don't need a password, but apparently exim still expects something (if I'm not on crack). Oh well.

Then, in an acl, I have this:

  deny
    message = "Your IP was used for spamming over the last few days. Please stop the spamming, wait a few days, and try again."
    log_message = "denied access for $sender_host_address: in blacklist database"
    condition = ${lookup pgsql{SELECT id FROM spammer WHERE       \
       adres='$sender_host_address' AND lastseen > now() - '10 \
       days'::interval}{true}{false}}

(with the backslashed lines being one line, really, but I didn't want to fuck up scrolling)

You can put this in any ACL you want, really. In my case, since I'm very sure by the nature of the way I gather these IP addresses that they're spammers, it's in acl_smtp_helo. Depending on how you populate your database, you may want to put this in a different place. If you want, you can teergrube them a bit by adding delay=30s.

An alternative would be to set up a DNS blacklist; but that would just take too much effort to set up properly, and I just didn't feel like it. This works.