Experimental: check_header

This is an experimental release. Use it at your own risk. Headerchecking will be included in sendmail 8.9. You should better wait for it. New rulesets for sendmail-8.9-beta are available at http://www.unix-ag.uni-hannover.de/soft/check_local/

How to install

  1. You need map-regex Version 2.7 or later. If you want to use the Option _FRIEND_STORAGE_, move map_storage.c to sendmail-?.?.?/src and compile with OBJADD=map_storage.o, DBMDEF= -DMAP_STORAGE ...
  2. Apply the patch (headers.c.patch) to sendmail-8.8.?/src/headers.c
  3. Edit conf.h: Enlarge the size of MAXNAME to 2048, MAXATOM to 1024. This is needed for long Received-lines and cc-lines. 
    #define MAXNAME        2048            /* max length of a name */
#define MAXATOM        1024             /* max atoms per address */
  4. Edit your Makefile in sendmail-8.8.?/src/Makefiles/ 
    O= ... -D_FFR_HEADER_RSCHECK ...
  5. Edit parseaddr.c, find rscheck() and comment out the syserr: 
            if (pvp == NULL)
        {
        /*
                syserr("rscheck: cannot prescan input: \"%s\"",
                        shortenstring(buf, 203));
                rstat = EX_DATAERR;
        */
                goto finis;
        }

  6. ./makesendmail clean; ./makesendmail

  7. copy check_header.m4 to sendmail-8.8.?/cf/hack

  8. edit your .mc-file

    ...
dnl * put options here i.e. *
define(`_CHECK_HEADER_RECEIVED_', `1')dnl
define(`_CHECK_HEADER_FROM_', `1')dnl
define(`_CHECK_HEADER_REPLY_TO_', `1')dnl
dnl * this is an experimental hack, i use it at my own risk *
HACK(check_header)
...

    

  9. send feedback to 
Jan.Krueger+map@stud.uni-hannover.de

Options for check_header.m4

_CHECK_HEADER_RECEIVED_
Parse the Received:-lines of the header and check them against junk.db

_MAPS_RBL_
Make use of Paul Vixie's RBL.

_FRIEND_STORAGE_ (recommended) (see "known Problems")
Use the map-storage for spam_friends. Don't filter their mail. Compile sendmail with DBMDEF= ... -DMAP_STORAGE ... Assign the storage map in your check_rcpt, e.g.: 

Scheckrcpt
# allow some local addresses; use only legal syntax
R<$+@$=w>               $: <$(spam_friends $1 $) @ $2>
R<$+@SPAMFRIEND@$=w>    $@ $(friend YES $)

_X_SPAM_HEADER_
Don't return an error, if check_header detects a spam, but set the header-field X-Spam-Header: for later processing (i.e. with procmail). Needs v2.5 or later.

_CHECK_HEADER_FROM_
Check the address given in the From:-line of the header against junk.db This option is needed for the following, because it activates the ruleset check_from.

_CHECK_HEADER_REPLY_TO_
Check the address given in the Reply-To:-line of the header against junk.db. Uses the ruleset check_from.

_CHECK_HEADER_SENDER_
Check the address given in the Sender:-line of the header against junk.db. Uses the ruleset check_from.

_CHECK_HEADER_TO_
Check the address given in the To:-line of the header against junk.db. Uses the ruleset check_from.

_CHECK_HEADER_CC_
Check the address given in the Cc:-line of the header against junk.db. Uses the ruleset check_from.

_CHECK_HEADER_MESSAGE_ID_
Check the Message-Id (rfc822).

Check_header needs the rulesets junk and junkIP. They are included in "Using check_* in sendmail 8.8" by Claus Aßmann.

The parse_received pattern can parse the following formats (host = hostname or [ip]): 

from host
from host (1.2.3.4)
from host ([1.2.3.4])
from host (user@host)
from host (hostname [1.2.3.4])
from host (hostname[1.2.3.4])
from host (keyword hostname [1.2.3.4])
(from user@localhost) is not matching
The pattern is not universal, I know. If you find a non matching Received-line or if you have a more universal pattern, please send an email to Jan.Krueger+map@stud.uni-hannover.de.

Known problems

 If more than one recipient is specified, the friend storage can't work properly. If you use _SPAM_FRIENDS_ and one recipient is a friend, it will not check for all. If you use _SPAM_HATERS_ and one recipient is a hater, it will check for all. You can work around this problem using _X_SPAM_HEADER_.

What is the patch doing?

The patch changes in the file headers.c. You can define a check_ruleset for each header-field using the following syntax: 
HFname: $>check_ruleset
HFname: $>"check_ruleset (encapsulate the value in "")
HFname: $>$|check_ruleset (normal and encapsulated value seperated by $|)

Scheck_ruleset
...
In the encapsulated value the comments in () are not discarded by prescan() in rscheck(). We need this for parsing the comments in Received:-lines. The patch only affects the header-checkig part of the sendmail source. The code is not used, if you don't define _FFR_HEADER_RSCHECK.
Jan Krüger, Jan.Krueger+map@stud.uni-hannover.de