Mail Filter for IP Ban List File

By David Efflandt

Some of us do not have direct control to at the server level to limit what abusive servers repeatedly send or relay spam and worms to us. Procmail recipes can grow to the point that they are difficult to manage.

So I wrote a Perl script that can be launched by procmail to compare received headers against a file list of full or partial banned IPs. It adds an X-Banned header that can easily be redirected or dumped with a following recipe or other filter on your mail client.

A simple example of a .procmailrc to launch it and dump banned mail into a separate file:

MAILDIR=$HOME/Mail
LOGFILE=$MAILDIR/from
SHELL=/bin/sh
BAD=$MAILDIR/badmail

:0 fw
| $HOME/baniptest

:0
* ^X-Banned:.*yes
$BAD

Script source for Baniptest

I also wrote a script to add IPs to the file list, sort them and eliminate duplicates. It allows adding a partial IP (ending on any dot) or full IP. If no IP is included on commandline, it just sorts the file and weeds out any duplicates. Script source for Banip

To do

Filter more specific subnets by bits or subnet mask.
Filter hostnames or domains from file list.