------------------------------------------------
EASY IP BLACKLISTING FOR PROCMAIL USING GREPCIDR
------------------------------------------------
For junk mail / spam filtering etc.
http://www.pc-tools.net/unix/grepcidr/
------------------------------------------------

To do this you would make an external script, checkblack.sh. When an email
is fed to this script the GNU grep (-o option) will extract IP addresses
from Received headers and feed the IP address(es) to grepcidr. The grepcidr
process will compare the incoming IP against a blacklist loaded from a file.
That file can contain single IPs, netblocks in CIDR format, or ranges.


#!/bin/sh
grep ^Received | grep -o "[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*" \
    	| grepcidr -f $HOME/blacklist > /dev/null
exit $?


Then your .procmailrc would just check this exit code, which cleans up 
your procmail rule. The flag is to wait for exitcode; kill it or not?


:0 wh
* ? $HOME/checkblack.sh
/dev/null


And as you need to update your blacklist you can then update a single 
external file. If you're interested, adding CBL to your blacklist will 
really kill your spam - rsync://rsync.cbl.abuseat.org/cbl/list.txt

-- 
Jem Berkes
Software design for Windows and Linux/Unix-like systems
http://www.sysdesign.ca/