Email Authentication Gateway Software? (Challenge/Response)


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Email Authentication Gateway Software? (Challenge/Response)
# 1  
Old 12-30-2004
Email Authentication Gateway Software? (Challenge/Response)

Happy Holiday Season All,

I once found a software package on the web that was pretty cool. The package was used in conjunction with sendmail or procmail (I think) and would compare the senders email address to a database on the server. If the senders address was not in the database, it would send an email to the sender, requesting they go to a web site (click on a link) and enter a code generated by the server.

After the sender entered the code, the senders address was added to the database and they could send email to the server, bypassing the gate, so to speak. (Challenge/Response)

I searched the web for quite some time and can't find it. I want to install something like that on one of my linux servers (perhaps as a procmail recipe) and am lazy to write it (sound fairly straight forward though).

Anyone know of a utility such as this?

Thanks,

Neo
# 2  
Old 12-31-2004
I found this procmail recipe:

http://www.angel.net/~nic/spam-x/

Quote:
How it works

When someone sends you mail from an address from which you've never received mail before, procmail will store their mail away without delivering it to you, and send them a message explaining that their mail hasn't been delivered yet. When they reply to that message as instructed, their original message will be delivered instead, and their address will be added to the list of addresses from which to accept mail in the future.

That's really about it - your friends and correspondents won't be inconvenienced much, and you may never get another piece of spam!
Which also points to:

http://tmda.net/

So I'll hunt around a bit more and install one of the above and test. I might try both.......

Neo

PS: See also: http://ii.best.vwh.net/internet/messaging/spam/

# 3  
Old 12-31-2004
Quote:
Originally posted by Neo
I found this procmail recipe:

http://www.angel.net/~nic/spam-x/


So I'll hunt around a bit more and install one of the above and test. I might try both.......

Neo
The .procmailrc above works OK and was easy to install.


Reference: http://www.angel.net/~nic/spam-x/


Quote:

# Blocking spam with an accept list, version 030131
# Info at http://angel.net/~nic/spam-x.html


# Customize all these constants:

# Your e-mail address
MY_EMAIL=nic@angel.net

# Your name
MY_NAME="Nic Wolff"

# This should be either blank, or a regex that matches any addresses from which
# you get lots of mail that you want to archive but not read:
BOTS=(root@.*angel.net|domainA|domainB|domainC)

# This should be a regex that matches all domains from which you know you
# won't get spammed:
KNOWN_DOMAINS=(angel.net|domain1.com|domain2.com)$

# This should be either blank, or a regex that matches the To: headers of any
# mailing lists you're on:
LISTS=


# Customize this to change the autoreply sent to messages from addresses
# that are not in the accept list
AUTOREPLY="Hi!

Your message has been received, but it hasn't been delivered to me yet. Since I don't have any record of your sending me mail from this address before, I need to verify that you're not a spammer. Please just hit 'Reply' and send this message back to me, and your previous message will be delivered, as will all your future messages.

(If your mail server can run procmail and you'd like to avoid receiving spam, you can find out how at http://angel.net/~nic/spam-x/.)

Thanks, and sorry for the inconvenience -"


# Customize these if they're not right on your system:
FORMAIL=/usr/bin/formail
GREP=/usr/bin/grep
HEAD=/usr/ucb/head
SENDMAIL=/usr/lib/sendmail
LS=/bin/ls
TR=/usr/bin/tr


# Customize these if you want to put addresses and pending messages elsewhere -
# make sure PENDING_DIR exists!
DB=$HOME/.accept-list
DENY_DB=$HOME/.deny-list
PENDING_DIR=$HOME/pending_messages


##############################
# Don't change anything else unless you know why you're doing it!

SHELL=/bin/sh
PATH
COMSAT
VERBOSE=on
LOGFILE=${LOGFILE-".procmail_log"}

:0 c
$HOME/.save_all

# You can mail yourself a request for the list of pending senders
:0
* ^Subject: List senders
{
:0 fbw
| $LS -t $PENDING_DIR

:0:
${DEFAULT}
}

# You can mail yourself to approve an address
:0 fw
* ^Subject: Accept \/.*
* ? echo $MATCH >> $DB
* ? test -e $PENDING_DIR/$MATCH
| ( cat $PENDING_DIR/$MATCH || true )

# You can mail yourself to deny an address
:0 fw
* ^Subject: Deny \/.*
* ? echo $MATCH >> $DENY_DB
/dev/null

# Get sender
:0 hw
FROM=|$FORMAIL -rzxTo:|$TR / _

# If message is from a local bot then archive it
:0
* BOTS ?? (.)
* $ FROM ?? $BOTS
notifications

# If message is an NDN then archive it
:0 h
* MAILER-DAEMON
NDNs

# If message is from a known domain then deliver it
:0
* KNOWN_DOMAINS ?? (.)
* $ FROM ?? $KNOWN_DOMAINS
$DEFAULT

# If message is to a list we're on then deliver it
:0
* LISTS ?? (.)
* $ ^TO_$LISTS
$DEFAULT

# If message is from a known non-spam UCE sender then dump it
:0 h
* ? $GREP -i ^$FROM $DENY_DB
/dev/null

# Else if message has chicken then register sender and deliver stored messages
:0 Efw
* $ ^Subject:.*Verify.*for.*$MY_EMAIL
* ? echo $FROM >> $DB
* ? test -e $PENDING_DIR/$FROM
| ( ( cat $PENDING_DIR/$FROM && rm $PENDING_DIR/$FROM ) || true )

# Else if sender isn't in DB then send request for chicken and store message
:0 E
* $ ! ^X-Loop: $MY_EMAIL
* ! ? $GREP -i ^$FROM $DB
{
:0 c
* ? test ! -e $PENDING_DIR/$FROM
| ( $FORMAIL -rt -I"To: $FROM" -A"X-Loop: $MY_EMAIL" -I"Subject: Verify $FROM for $MY_EMAIL"; echo "$AUTOREPLY"; echo; echo "$MY_NAME" ) | $SENDMAIL -t

:0:
$PENDING_DIR/$FROM
}

# Else deliver normally
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Inconsistency between RedHat 6.5 global gateway and single gateway leads to loss of default gateway

Dear friends I use RedHat 6.5, which sets the gateway in the configuration file / etc / sysconfig / network as GATEWAY = 192.168.1.26, and the gateway in the configuration file / etc / sysconfig / network-scripts / ifcfg-eth11 as GATEWAY = 192.168.1.256. The two gateways are different.... (6 Replies)
Discussion started by: tanpeng
6 Replies

2. Shell Programming and Scripting

Anyone like a challenge?

I have searched through google, and this forum to try and find the answer, but alas, nothing quite hits the whole answer. I am trying to read the last line (or lines) of some log files. I do this often. The files are named sequentially, using the date as part of the file name, and appending... (18 Replies)
Discussion started by: BatterBits
18 Replies

3. Shell Programming and Scripting

Automating a Challenge/Response Method.

Hi guys, I will need some help with a to automate a challenge/response sequence when I try to SCP files from a server to another. The scenario is like this : After selecting in a script the option to send files via scp (case switch): I get this output from linux term: The... (4 Replies)
Discussion started by: REX:)
4 Replies

4. Linux

GNUGK-How to setup static gateway to gateway routing

Dear Sir I am a newbie in the world of IP telephony. I have been working with Asterisk PBX (SIP) and Cisco Call Manager (MGCP) but now I am learning on how to work GNUGK for H.323 Gatekeeper. I am having a problem, configuring static call routing on GNUGK in the section ... (0 Replies)
Discussion started by: mfondoum
0 Replies

5. Web Development

[PHP] Script to Time Remote Server Response and Email

Here is a simple PHP script I wrote that times getting a link using mtime with curl and emails if it does not meet my objective. I use it in production for checking the performance of a Content Delivery Network (CDN), but you can use it for any web server. <?php $heartbeat =... (1 Reply)
Discussion started by: Neo
1 Replies

6. UNIX for Advanced & Expert Users

ssh error: Error reading response length from authentication socket

Hi - I am getting the error `Error reading response length from authentication socket' when I ssh from my cluster to another cluster, and then back to my cluster. It doesn't seem to affect anything, but it's just annoying that it always pops up and tends to confuse new users of the cluster. I... (1 Reply)
Discussion started by: cpp6f
1 Replies

7. Cybersecurity

Password-based challenge-response

Hello all, I have this question, hope to get some guidance... Fora simple password-based challenge-response protocol between a user A and a server S, where Pa is A's password, n is a random nonce generated by the server, and h is a known cryptographic hash function. 1. S -> A:... (1 Reply)
Discussion started by: heroine
1 Replies
Login or Register to Ask a Question

Featured Tech Videos