© 1997 Ken Lucke - all rights reserved 
NNRP Post Filter patch
This is a modification to nnrpd which allows you to take "bad" posts from a spammer and drop them on the floor, while returning success to the client. If you know a spammer is starting up, you can ensure that he will be wasting his time with your server.
Create a file called nnrp.post-filter (you need to specify the location in the code before compiling it). The file should contain a list of "banned" strings, one per line. If any of these strings appears in a post, nnrpd will return a success response to the client, but fail to post it to the server. Obviously this is most useful if you can keep an eye on what your spammer is doing.
For example, if a spammer tries to post ten thousand copies of "come to http://dirty.pictures.com", you can put "http://dirty.pictures.com" into nnrp.post-filter, and he will waste his time all evening, thinking he's getting lots of spam out. The failures will be logged to news.notice.
The patch is against the nnrpd in the standard INN 1.5.1 distribution. Apply it in $INN/nnrpd. You need only recompile nnrpd (do a `make' in the nnrpd directory) and move the new executable to the right place.
This patch for INN has been released to the public domain by Joe Greco and sol.net Network Services, 11 Aug 1997. Please visit http://www.nntp.sol.net/patches for other neat stuff!
Spam sucks! Kill it dead.
The code was hacked in and tested, and the patch was created, by Jeremy Nixon. It's had a lot of testing; as of this writing, I have over 95,000 spams dropped from a certain mega-spammer in the space of two days.
Standard warning:
Some browsers interpret the">"and"<"symbols in the text below as HTML tag delimiters, and will not display this correctly. Saving the page as text (or viewing as HTML source) and cutting/pasting from that text will solve this problem
-8<----------CUT here------------------------------------------------
*** post.c.orig Fri Aug 8 16:31:38 1997
--- post.c Mon Aug 11 20:56:31 1997
***************
*** 548,553 ****
--- 548,592 ----
return NULL;
}
+ /* Case-insensitive substring search */
+ char *strcasestr(char *str1, char *str2)
+ {
+ int len = strlen(str2);
+
+ while (*str1) {
+ if (! strncasecmp(str1, str2, len)) {
+ return(str1);
+ }
+ str1++;
+ }
+ return(NULL);
+ }
+
+ /* Takes a list of "banned strings" from a file, and */
+ /* silently drops posts containing them */
+ int NnrpPostFilter(char *article)
+ {
+ FILE *fp;
+ char buffer[1024], *ptr;
+
+ if (! (fp = fopen("/var/news/etc/nnrp.post-filter", "r"))) {
+ return(0);
+ }
+ while (! feof(fp)) {
+ fgets(buffer, sizeof(buffer), fp);
+ if (! feof(fp)) {
+ if (ptr = strrchr(buffer, '\n')) {
+ *ptr = '\0';
+ }
+ if (strcasestr(article, buffer)) {
+ fclose(fp);
+ return(1);
+ }
+ }
+ }
+ fclose(fp);
+ return(0);
+ }
/*
** Check the newsgroups and make sure they're all valid, that none are
***************
*** 785,790 ****
--- 824,836 ----
if ((error = CheckIncludedText(article, i)) != NULL)
return error;
#endif /* defined(DO_CHECK_INCLUDED_TEXT) */
+
+ /* Check the filter list */
+ if (NnrpPostFilter(article)) {
+ syslog(L_NOTICE, "%s post dropped by NNRP filter", ClientHost);
+ return(NULL);
+ }
+
if ((error = ProcessHeaders(i)) != NULL)
return error;
if (i == 0 && HDR(_control) == NULL)
-8<----------CUT here------------------------------------------------
Return to the News Server Patches Page
Home - Usenet Area - General - Email Area
© 1997 Ken Lucke - all rights reserved