OK, here's my code (attached) as it stands at the moment, with some instructions and comments below.
Status ====== This is very much ALPHA code - if you read the source, you'll see that it uses a horrible mix of Perl CGI calls and raw HTML, which is not good style. However, it works, and I'll have time later to carry out some plastic surgery to make it look better. Use it at your own risk - there is no warranty. Installation ============ Drop the two files into your CGI bin, making sure that they are executable, and owned by the user you run your webserver as, so that they can be executed. Ensure that they cannot be modified by anyone else. Configure your webserver to include an appropriate CGI handler for Perl code, if it doesn't already have one. On Apache, this should be something like: AddHandler cgi-script .cgi .sh .pl You must also edit the main quarantine.pl script as indicated, so that it uses the correct inbound and outbound e-mail servers - the assumption is that the server running MIMEDefang is a gateway system, which forwards incoming mail to another server, and which optionally forwards outbound mail to a smart host for onward delivery. If your system is an end-node which does direct outbound delivery, set both the local and remote SMTP servers to localhost, and ensure that your mimedefang-filter has a way to skip checks on mail from the local system, otherwise you will re-examine and re-quarantine released messages. Permissions =========== MIMEDefang creates its quarantine folders as the defang user (or whatever user you've configured MIMEDefang to run as), which means that your webserver user probably has no access to the quarantine folders. This has to be sorted out before the scripts will work. There are three approaches: A. Make all of your programs run as the same unprivileged user, such as defang or nobody. While this will work, it can possibly open up all of the systems to compromise if one has a security issue. B. Patch the MIMEDefang code to force all quarantine folders to be created with full group access (mode 770), and to set the group to something which the web server is a member of, so that full access is granted. This works OK, but has to be re-done every time a new version of MIMEDefang is installed, and is not guaranteed to be future proof. C. Have a cron job which runs every minute (or whatever interval you prefer) which changes the permissions appropriately. I use this method, running chmod -R g+rwx /var/spool/MD-Quarantine If the permissions are incorrect, the main script will display a warning that it cannot access the folder. Note that if a message has been quarantined after the last run of the cron job, you will not be able to view it until the next cron run has completed. Functionality ============= This code is intended to perform five main tasks: A. Display a summary of the messages which have been quarantined so that the queue can be managed B. Release messages for delivery if they have been quarantined in error C. Delete messages which have been quarantined correctly D. Re-direct messages to IT Support addresses for further inspection or action E. Allow viewing of the message details wherever possible. The main display presents a table of messages which are being held in quarantine. These are displayed in date order. The table shows the sender, recipients, subject, the filename of quarantined parts, and the reason for a message being quarantined. Sorting of messages by other field headings is not supported at this time. When viewing a message, the display program will show a navigation header which lists the files which can be viewed in the quarantine folder. Binary files (from quarantined parts) are not displayed. When an entire message has been quarantined, this can be viewed, but you should be wary of large messages as this could cause difficulties when the file is sent to the browser. All fields which could contain HTML code are displayed using the <XMP> formatting tag, which prevents interpretation of the contents as HTML - this tag is supported by most browsers but is described as obsolete, which is a shame since the suggested replacement is <PRE>, which most browsers treat in the same way as <FONT> or <B>, i.e. they change the formatting, but embedded HTML tags are still interpreted. Think of a message which has something nasty in it, either as javascript or something like an image which has a remote CGI script as its source. Since you want to look at the source, we have to stop the HTML being interpreted. Security ======== These scripts make no effort to authenticate the user who runs them - this is not the job of the script, since the web server is more than capable of doing this for you using an or all of the following: basic/digest/certificate authentication SSL .htaccess files httpd.conf directives to restrict access by username/password, certificate ownership, IP address, etc, etc. Comments welcome! Best Wishes, Paul. __________________________________________________ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 _______________________________________________________________________ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 _______________________________________________________________________
quar_display.pl
Description: quar_display.pl
quarantine.pl
Description: quarantine.pl
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang