amber -- amber-list for incoming mail

       amber [-lnNeE] [-d dir] [-c secs] [-t secs] [-T secs]
             [-i secs] [-I secs] [-g file] [-r file] [-p NAME[=VAL]]
             [-s NNN  Message ] [command [args]...]

       amber -V

       Amber sits in the tcpserver chain for qmail and implements
       an "amber list" for incoming mail, not accepting or rejecting
       it but deferring connections from new IP addresses for some
       time (default five minutes) before it starts accepting mail
       from them.

       -l     Log  messages to syslog instead of printing them on
	      standard error. This is partly  redundant  for  the
	      normal  configuration  under  qmail  since standard
	      error will already be logged to syslog. You can use
	      this  to	take  distinguish between different error
	      priorities: amber generates  LOG_ERR,  LOG_WARNING,
	      and LOG_NOTICE.

       -d dir Change directory to "dir" first thing.  Amber main-
	      tains its connection database in the current direc-
	      tory. It is recommended that the database be pruned
	      periodically, with a command like find  $dir  -name
	      '*.t' -mtime +2 -exec rm '{}' ';'

       -t delay-time
	      How  long to keep delaying new connections. Time is
	      seconds, [HH:]MM:SS, or  any  combination  of  DDd,
	      HHh,  MMm,  and  SSs (eg: 300, 5m, 5:00 are all the
	      same period, as are 90, 1:30, or 1m30s).

       -T long-delay-time
	      Alternate delay to apply to connections from  unre-
	      solved IP addresses. Default is 6 times delay-time.

       -i idle-time
	      Reset connection to idle after this  long.  Accepts
	      the same time formats as -t

       -I long-idle-time
	      Alternate   idle	 reset	time  for  unresolved  IP
	      addresses. Default is idle-time.

       -p NAME[=VALUE]
	      If this variable is set (and has the specied value,
	      if provided) then amber will pass it without check-
	      ing. There may be multiple -p options. The  default
	      value  "AMBERCHECK=NO"  is implicitly in this list,
	      but additional values  (such  as	"RELAYCLIENT"  or
	      "RBLSMTPD=") can help avoid embarassment, depending
	      on your configuration.

       -n     Throttle	 connections   from    unresolvable    IP
	      addresses.   That   is,  after  one  connection  is
	      allowed, the address is immediately reset to  idle,
	      throttling the connection to at most once-per-long-
	      delay-time.

       -N     Throttles connections  from  domains  that  contain
	      strings  that imply the connection is a dynamic IP.
	      The compiled-in list  is	{"dsl",  "cable",  "dyn",
	      "ppp", and "dial"}.

       -c connection-delay
	      Waits connection-delay seconds before continuing on
	      to the next stage in the pipeline. This causes some
	      simplistic spambots and viruses to disconnect.  The
	      -c option also logs eager-writers  that  send  data
	      during  the connection delay (legitimate mail soft-
	      ware is supposed to wait for the HELO before  send-
	      ing  any	commands) and applies the same delays and
	      timeouts to them as unresolved IP addresses.

       -e     Throttle eager writers to one  message  per  delay-
	      time.

       -E     Defer eager writers indefinitely.

       -s "NNN Message"
	      Specify an alternate SMTP error code to generate on
	      connection instead  of  the  default  "430  Message
	      Deferred".

       -b bad-file (v 0.1)
       -r redlist-file (v 0.2)
	      If  everything else passes, check this file for bad
	      IP addresses to explicitly block. The  file  format
	      is  one address per line, optionally followed by an
	      alternate SMTP error code and  message.  This  file
	      may be fed from a spamtrap, or statically built, or
	      created using any other method that makes sense  in
	      your environment.

       -g greenlist-file (v 0.2)
              After  the connection delay, check this file for IP
              addresses to explicitly allow. The file  format  is
              one  address  per line. This file may be fed from a
              mail  server  for  POP3/IMAP4-before-SMTP,  or  any
              other  method  that fits your policies. This should
              be a small  file  for  sort-lived  greenlisting  to
              avoid  beating on tcpserver's tcp.smtp.cdb file (or
              your local equivalent)...  long  term  greenlisting
              would be handled before amber.

       command [args]...
	      On  success,  run this command. On failure, send an
	      SMTP code back down the socket and close	the  con-
	      nection.	If  this  is omitted then amber returns a
	      success or failure status  but  doesn't  send  any-
	      thing...	normally  a command such as "qmail-smtpd"
	      would be provided, but this feature could  be  used
	      if amber is run from a script.

       -V     Print version and exit.
       amber -i 1d -p RELAYCLIENT qmail-smtpd

       amber-0.2.tar.gz

       Amber  is  released  under a "Berkeley" style license.

       Peter da Silva <peter at taronga.com>


      Freshmeat
      Sourceforge