A technical guide for configuring and sending real-time SMTP transaction data to Abusix via UDP to enhance Guardian Mail’s accuracy and intelligence.
Data | Description |
---|---|
Feed ID | This will be provided to you by Abusix and is used to identify which feed the data is coming from and is used as a lookup key to find the shared key used to compute the checksum. |
Timestamp | The UNIX epoch time in seconds that the connection was received. |
Port | The TCP server port that the connection was received. e.g., 25, 587, 465. This is used to distinguish between MUA->MTA traffic and MTA->MTA traffic. |
IP Address | IPv4 or IPv6 address of the SMTP client. |
rDNS | Reverse DNS name of the SMTP client; multiple names should be separated by commas. |
HELO | HELO/EHLO sent by the SMTP client. |
ESMTP Flag | ‘Y’ if the SMTP client sent EHLO, ‘N’ if the client sent ‘HELO’. |
TLS Flag | ‘Y’ if the SMTP client used TLS, ‘N’ if the client did not use TLS. |
AUTH Flag | ‘Y’ if the SMTP client is authenticated using SMTP AUTH, ‘N’ if not. |
MAIL FROM domain | The right-hand side of the ‘@’ of the SMTP MAIL FROM command. In the case of a null-sender or an unqualified user, e.g., MAIL FROM:<postmaster> or MAIL FROM:<>, the full argument can be sent. |
Extended JSON | For future use – this field should be empty. |
Checksum | This is an MD5 hash computed by taking all of the previous data, including the line-feed separators, including a trailing line-feed, along with the shared key supplied to you by Abusix added to this. e.g. checksum = data + “\n” + shared key Once this is computed, the following is then sent over the UDP socket to the feed receiver: data + “\n” + checksum |
txnNNN\n
1540299376001\n
25\n
127.0.0.1\n
localhost\n
this.is.a.test.helo\n
N\n
N\n
N\n
test.com\n
\n
8c86e0ab24415f726e4def79ce9502c5
/etc/exim4/conf.d/acl/00_exim4-config-header
– I added the following lines to the top (as macros); these must appear before the “begin acl
” directive:
ABUSIX_HOST=smtprttf.abusix.com
ABUSIX_PORT=12211
ABUSIX_FEED_ID=<Your Feed ID>
ABUSIX_FEED_KEY=<Your Feed Key>
Then in 30_exim4_config_check_mail
we want the “udpsend
” to run for every message, accepted or not: