|
|||
Confirmed Mail Delivery |
Home | John | Connie | Publications | Software | Correspondence | NtropiX | NdustriX | NformatiX | NdeX | Thanks
Confirmed Mail Delivery, CMD, is a way of reducing UCE, (Unsolicited Commercial Email, or spam.) Other similar implementations have been developed by Thomas Erskine using a Perl(1) script named "Tagged Message Sender" and Jason R. Mastaler's Tagged Message Delivery Agent, TMDA. Basically, what CMD does is maintain a "whitelist" of e-mail addresses that have had legitimate correspondence through an e-mail server/gateway. If the server/gateway is handling a message from an e-mail address that is in the "whitelist", it is delivered with no intervention. However, if the e-mail address is not in the "whitelist", the message is filed, and a request sent back to the sender asking for a reply confirmation; if the sender replies, then the original message is delivered , and the sender's e-mail address added to the "whitelist". For small organizations, Procmail/Smartlist scripts using Qmail as an MTA can be used to implement CMD. Smartlist scripts are available for download, and the "whitelist" database maintenance sources are available from the E-mail "Received: " Header IP Address Auditing page. As an example usage in ~/.procmailrc: :0 wfh * ^delivered-to: * ! ^x-delivered-to: | formail -R "Delivered-To:" "X-Delivered-To:" # :0 wfh * ^delivered-to: | formail -I "Delivered-To:" Which renames the Qmail specific "Delivered-To:" record as "X-Delivered-To:", and is the recipient of the message's e-mail address-which will be used in the confirmation reply message. :0 * ! ^x-delivered-sender: { :0 wh SENDER=| formail -rzx To: # :0 wfha | formail -A "X-Delivered-Sender: ${SENDER}" # :0 E { :0 wfh | formail -A "X-Diagnostic: No machine generated \ return address" # :0: x-diagnostic } } # :0 whE SENDER=| formail -zx "X-Delivered-Sender:" # :0 * ! ^x-delivered-from: { :0 wh FROM=| formail -rzx To: # :0 wfha | formail -A "X-Delivered-From: ${FROM}" # :0 E { :0 wfh | formail -A "X-Diagnostic: No trusted \ return address" # :0: x-diagnostic } } # :0 whE FROM=| formail -zx "X-Delivered-From:" # :0 wfh * ! ^x-name: | formail -A "X-Name: User Name" Which sets ${SENDER} to the machine generated, and ${FROM} to the trusted, e-mail address of the sender; an "X-Name:" record is inserted with the user's name-all of which will be used in the confirmation reply message. :0 * ^((x-)?delivered-to|to|cc):.*\/[-0-9a-z._]+-[0-9]+-[0-9]+\.\ [0-9]+@[-0-9a-z._]+ { CMDADDRESS="${MATCH}" # :0 * CMDADDRESS ?? ^^\/[-0-9a-z._]+[^-0-9.@] { CMDUSER="${MATCH}" # :0 * CMDADDRESS ?? ^^.*@\/[-0-9a-z._]+ { CMDFQDN="${MATCH}" # :0 * CMDADDRESS ?? ^^[-0-9a-z._]+-[0-9]+-\/[0-9]+\.\ [0-9]+[^@] { :0 * CMDADDRESS ?? ^^[-0-9a-z._]+-\/[0-9]+[^-] { :0 * ? /usr/local/bin/bsearchtext -r n -f \ "${HOME}/.procmail.addresses" \ "${CMDUSER}@${CMDFQDN}" ! cmd-request@somedomain.com } } } } # :0 wfh | formail -A "X-Diagnostic: Malformed CMD address" # :0: x-diagnostic } A message with an address of the form someuser-1234-123456789012.12345@somedomain.com was routed to the user's ~/.procmailrc file via Qmail's "dot-qmail" mechanism; it is the reply confirmation from the sender-a reply to the confirmation request originally sent from the CMD Smartlist scripts. Sending this message to cmd-request will retrieve the sender's original message with an "X-CMD:" header, and it would be filed in the user's inbox file. :0: * !^x-cmd: * 1^0 ? /usr/local/bin/bsearchtext -r n -f \ "${HOME}/.procmail.accept" "${FROM}" "${SENDER}" * 1^0 ? fgrep -i -s -e "${FROM}" "${HOME}/.mailrc" \ "${HOME}/.address/maillog" inbox Searches the database file, ~/.procmail.accept, (which is a Unix flat file database,) using the bsearchtext(1) program, from the E-mail "Received: " Header IP Address Auditing suite, and the user's ~/.mailrc and ~/.address/maillog files for the sender's return address. If the address is found, then then the message is filed in the user's inbox folder. :0 Wic * ^x-cmd: | echo -e "${FROM}\n${SENDER}" >> \ "${HOME}/.address/maillog" # :0: inbox A message that has been filed by the Smartlist CMD scripts, and received a reply confirmation from the sender, will have an "X-CMD:" header-neither the sender's trusted or machine generated address is in any database; if the message has an "X-CMD:" header, the message has been confirmed-file it in the users inbox file, after adding the sender's trusted, and machine generated e-mail addresses to the ~/.address/maillog file. InstallationAn installation will require a Unix or Linux system, (which inherently provides access control to virtually every feature of the Internet,) with Qmail and both Procmail and Smartlist installed. The CMD Smartlist scripts should be installed in the Smartlist account. Although the CMD scripts can be used for general e-mail services, they tend to be overly restrictive. However, such functionality is an advantage for children's accounts since a complete audit trail can be maintained for each initial e-mail contact, (and e-mail using falsified addresses, like used in the distribution of UCE-Unsolicited Commercial Email, which will be discarded.) To enable CMD under Qmail, include the following lines in /var/qmail/users/assign, (in the standard Qmail installation aliases file,) using example UIDs and GIDs: =cmd:list:38:38:/var/list:-:cmd: =cmd-request:list:38:38:/var/list:-:cmd-request: and for each user: +akid-:akid:503:100:/home/akid:-:: =akid:akid:503:100:/home/akid::: where akid is the name of a user's account, and /var/list is the account/directory of the Smartlist programs, (in the standard Debian Linux.) To enable Procmail, in each user's directory that is going to use the CMD scripts, place two identical files, .qmail and .qmail-default, containing: |preline /usr/bin/procmail (Again, /usr/bin/procmail is the path to the Procmail program-using the standard Debian distribution.) Place the following fragment, (editing names, where appropriate,) in each user's ~/.procmailrc file: :0 wfh * ^delivered-to: * ! ^x-delivered-to: | formail -R "Delivered-To:" "X-Delivered-To:" # :0 wfh * ^delivered-to: | formail -I "Delivered-To:" # :0 * ! ^x-delivered-sender: { :0 wh SENDER=| formail -rzx To: # :0 wfha | formail -A "X-Delivered-Sender: ${SENDER}" # :0 E { :0 wfh | formail -A "X-Diagnostic: No machine generated \ return address" # :0: x-diagnostic } } # :0 whE SENDER=| formail -zx "X-Delivered-Sender:" # :0 * ! ^x-delivered-from: { :0 wh FROM=| formail -rzx To: # :0 wfha | formail -A "X-Delivered-From: ${FROM}" # :0 E { :0 wfh | formail -A "X-Diagnostic: No trusted return address" # :0: x-diagnostic } } # :0 whE FROM=| formail -zx "X-Delivered-From:" # :0 wfh * ! ^x-name: | formail -A "X-Name: User Name" # :0 * ^((x-)?delivered-to|to|cc):.*\/[-0-9a-z._]+-[0-9]+-[0-9]+\.\ [0-9]+@[-0-9a-z._]+ { CMDADDRESS="${MATCH}" # :0 * CMDADDRESS ?? ^^\/[-0-9a-z._]+[^-0-9.@] { CMDUSER="${MATCH}" # :0 * CMDADDRESS ?? ^^.*@\/[-0-9a-z._]+ { CMDFQDN="${MATCH}" # :0 * CMDADDRESS ?? ^^[-0-9a-z._]+-[0-9]+-\/[0-9]+\.\ [0-9]+[^@] { :0 * CMDADDRESS ?? ^^[-0-9a-z._]+-\/[0-9]+[^-] { :0 * ? /usr/local/bin/bsearchtext -r n -f \ "${HOME}/.procmail.addresses" \ "${CMDUSER}@${CMDFQDN}" ! cmd-request@somedomain.com } } } } # :0 wfh | formail -A "X-Diagnostic: Malformed CMD address" # :0: x-diagnostic } # :0: * !^x-cmd: * 1^0 ? /usr/local/bin/bsearchtext -r n -f \ "${HOME}/.procmail.accept" "${FROM}" "${SENDER}" * 1^0 ? fgrep -i -s -e "${FROM}" "${HOME}/.mailrc" \ "${HOME}/.address/maillog" inbox # :0 Wic * ^x-cmd: | echo -e "${FROM}\n${SENDER}" >> \ "${HOME}/.address/maillog" # :0: inbox which will route e-mail back and forth to Smartlist for potential delivery-all transparent to the user. Since Smartlist uses standard Procmail scripts to control how e-mail is handled, there is substantial configuration extensibility. In the cmd directory of the Smartlist account, the log file contains a list of all transactions made through the CMD agent. The returns file contains the e-mail confirmation replies from senders contacting the kids, and the header file is filled in by the Smartlist scripts-and can be altered as appropriate for your environment; this is the message that a sender will see when requesting a confirmation reply. The ${HOME}/.procmail.accept file in each user's home directory has to be updated manually, (from each user's ~/.address/maillog file.) A more elegant approach would be to modify the rc.requests script in the cmd directory to automatically update a database. The sources to a very efficient database are available at http://cr.yp.to/cdb.html and comes highly recommended-use a :0:lockfile construct on the database file while automatically updating the database to include a new confirmed e-mail address. All-in-all, a system that exercises reasonable control over what children have access to via Internet e-mail, while not being overly invasive-however, as a word of caution, like all informatic systems used by children, adult diligence is in order. ExtensionQuarantining Malicious Outlook Attachments is a procmail script that is compatible with CMD, as is the Stochastic UCE Detection procmail script, which is very effective at reducing the amount of commercial e-mail received by users. The Smartlist scripts constitute a full text information retrieval system and are, also, compatible with the rel(1) full text information retrieval system at NformatiX, (the CMD Smartlist scripts are actually modifications of scripts distributed with rel.) ThanksA special note of appreciation to Stephen R. van den Berg, (AKA BuGless,) the author of Procmail/Smartlist, who for nine years developed and supported the procmail program, (the "e-mail system administrator's crescent wrench,") for the Internet community. LicenseA license is hereby granted to reproduce this design for personal, non-commercial use. THIS DESIGN IS PROVIDED "AS IS". THE AUTHOR PROVIDES NO WARRANTIES WHATSOEVER, EXPRESSED OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, TITLE, OR FITNESS FOR ANY PARTICULAR PURPOSE. THE AUTHOR DOES NOT WARRANT THAT USE OF THIS DESIGN DOES NOT INFRINGE THE INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY IN ANY COUNTRY. So there. Copyright © 1992-2005, John Conover, All Rights Reserved. Comments and/or problem reports should be addressed to:
|
Home | John | Connie | Publications | Software | Correspondence | NtropiX | NdustriX | NformatiX | NdeX | Thanks