/****************************************************************/ /* Filter for use with Weasel */ /* */ /* Block incoming mail that claims to be coming */ /* from my own IP address */ /* */ /* WARNING: Read these comments before using the filter. */ /* It will not be suitable for everyone. */ /* */ /* BACKGROUND */ /* */ /* I wrote this filter after noticing that a significant */ /* subset of the spam I was receiving had a header line */ /* that began with */ /* Received: from 220.245.55.114 */ /* ([46.209.17.195] [46.209.17.195]) by ... */ /* Here, 220.245.55.114 is the address in the HELO or EHLO */ /* command, and 46.209.17.195 is the actual address of the */ /* machine that is sending the mail. The actual address is */ /* not much help for filtering (unless you build a huge */ /* blacklist) because the spam is coming from many different */ /* addresses. However, 220.245.55.114 is MY address, which */ /* is a clear indication that the HELO or EHLO command has */ /* been faked. Therefore, this must be spam. */ /* */ /* But what about legitimate mail from my address? Well, that */ /* is possible with some server configurations, which is why */ /* I said this filter might not be suitable for everyone. */ /* In my configuration, however, legitimate mail from that */ /* address is impossible. All real mail from that address is */ /* outgoing mail, not incoming. There are a few rare cases, */ /* related to the "separate filter" option, where Weasel */ /* sends mail back to itself, but in such cases it uses the */ /* loopback address 127.0.0.1 rather than its externally */ /* visible address. There are other cases where software */ /* puts mail directly into the "forward" directory, but in */ /* such cases there is either no HELO command, or a HELO */ /* command using the address 127.0.0.1. In every scenario I */ /* can think of, the only way incoming mail can seem to come */ /* from my own address is if the address is faked. */ /* */ /* HOW TO USE THIS SCRIPT */ /* */ /* 1. In the "Configuration Settings section below, set */ /* MyAddress to your server's external address, i.e. the */ /* address that senders will see. */ /* 2. In Weasel Setup, make the stage 1 filter point to */ /* this script. */ /* */ /* Author: Peter Moylan (peter@pmoylan.org) */ /* Started: 2 November 2015 */ /* Last revised: 3 November 2015 */ /* */ /****************************************************************/ /****************************************************************/ /* CONFIGURATION SETTINGS */ /****************************************************************/ MyAddress = "220.245.55.114" /****************************************************************/ /* END OF CONFIGURATION SETTINGS */ /****************************************************************/ CALL RxFuncAdd SysLoadFuncs, rexxutil, sysloadfuncs CALL SysLoadFuncs PARSE ARG NameFile SrcFile /* From NameFile, find the sender address. */ CALL LineIn NameFile claimedname = LineIn(NameFile) IF claimedname = MyAddress THEN RETURN 3 ELSE RETURN 0