Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-30 Thread Matus UHLAR - fantomas 
> > On 28.04.10 12:59, Alessandro Vesely wrote:
> >>  You mean you read recipients from ctlfile lines starting with "r"?

> On 28/Apr/10 19:51, Matus UHLAR - fantomas wrote:
> > I already do it in our logging filter.

On 29.04.10 18:48, Alessandro Vesely wrote:
> Fine. I hoped to find a trick to do it for all filters at once.

Since I will need to check for recipients and parse them by two functions
(logging and phish checking), I think I'll split the functionality first to
get recipients, then process them, where all functions will be able to
process them.

Hmmm, as long as we're already parsing the mail header to get the
message-id, I'll apparently be able to parse recipients from header, howevee
I don't need it yet.

> >>  How are you going to handle an abusive message for multiple
> >>  recipients, only one of which is  or? Courier
> >>  already has a whitelisted/not-whitelisted mechanism, but it only works
> >>  for whitelistable filters...
> >
> > what would be the difference between multiple recipients in To/Cc and in
> > envelope ?

> Not much, besides what Michelle noted. I guess it is a policy rule. A 
> site's policy might be to only concede special whitelisting when 
>  --or -- is the sole recipient, equally addressed 
> in envelope and header. (BTW, I get very few spam into these 
> mailboxes, compared to what I get in into the others.)

I get quite much spam to abuse mailbox, its address is mentionsd in RIPE
(RIR) database. Looking at it, we get many reports that do not contain our
address(es) in headers but are informational for us (well, if they are real
reports...?)

> The mechanism I was referring to is the one that sets whitelisting 
> from rcptfilters. Courier splits recipients by temporarily rejecting 
> the non-matching ones, so as to force the client to send the message 
> twice.

That is precisely what I'd like to achieve:

if first recipient is abuse, temporarily reject all non-abuse recipients
if first recipient is not abuse, temporarily reject all abuse recipients

but looking at rcptfilter, I can't imagine how I'd implement this, do you
have any hints?

> Global filters not using the "allfilters" socket directory can be 
> skipped that way, so this could be the trick I was looking for. 
> However, moving all filters to plain "filters" mode would then require 
> an extra smtpfilter call for the normal case of global filters being 
> active, if I've understood it correctly. IOW: by returning 99, 
> rcptfilters enable _both_ global plain filters and local content 
> filters. There is no way to enable global but not local ones, is there?
> 
> As a final note, recent TB versions apparently skip filtering if 
> .mailfilter has something like
> 
>if ($nofiltering)
>{
>  KEYWORDS="NonJunk"
>  to "./Maildir/.MyAbuseFolder"
>}
> 
> -- 
> 
> --
> ___
> courier-users mailing list
> courier-users@lists.sourceforge.net
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name. 

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-29 Thread Alessandro Vesely 
On 28/Apr/10 19:51, Matus UHLAR - fantomas wrote:
> On 28.04.10 12:59, Alessandro Vesely wrote:
>>  You mean you read recipients from ctlfile lines starting with "r"?
>
> I already do it in our logging filter.

Fine. I hoped to find a trick to do it for all filters at once.

>>  How are you going to handle an abusive message for multiple
>>  recipients, only one of which is  or? Courier
>>  already has a whitelisted/not-whitelisted mechanism, but it only works
>>  for whitelistable filters...
>
> what would be the difference between multiple recipients in To/Cc and in
> envelope ?

Not much, besides what Michelle noted. I guess it is a policy rule. A 
site's policy might be to only concede special whitelisting when 
 --or -- is the sole recipient, equally addressed 
in envelope and header. (BTW, I get very few spam into these 
mailboxes, compared to what I get in into the others.)

The mechanism I was referring to is the one that sets whitelisting 
from rcptfilters. Courier splits recipients by temporarily rejecting 
the non-matching ones, so as to force the client to send the message 
twice.

Global filters not using the "allfilters" socket directory can be 
skipped that way, so this could be the trick I was looking for. 
However, moving all filters to plain "filters" mode would then require 
an extra smtpfilter call for the normal case of global filters being 
active, if I've understood it correctly. IOW: by returning 99, 
rcptfilters enable _both_ global plain filters and local content 
filters. There is no way to enable global but not local ones, is there?

As a final note, recent TB versions apparently skip filtering if 
.mailfilter has something like

   if ($nofiltering)
   {
 KEYWORDS="NonJunk"
 to "./Maildir/.MyAbuseFolder"
   }

-- 

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-29 Thread Matus UHLAR - fantomas 
> >>  Mails to  and  should be passed as they are.
> > [...]
> > On 19.04.10 14:00, Michelle Konzack wrote:
> >>  Is it not enough to catch the To: and Cc: from the incoming mail and  if
> >>  it is for  or  stop the processing and return an Exit
> >>  Status 0?

> On 26/Apr/10 17:25, Matus UHLAR - fantomas wrote:
> > The real recipient might not be in To/Cc and vice versa.
> > I'm working on the script.

On 28.04.10 12:59, Alessandro Vesely wrote:
> You mean you read recipients from ctlfile lines starting with "r"?
> 
> How are you going to handle an abusive message for multiple 
> recipients, only one of which is  or ? Courier 
> already has a whitelisted/not-whitelisted mechanism, but it only works 
> for whitelistable filters...

hmmm, I feel to be a bit out... what mechanism?
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-28 Thread Gordon Messmer 
On 04/18/2010 11:46 PM, Matus UHLAR - fantomas wrote:
>
> It's a filter for courierperlfilter that integrated into courier package. It
> only has to process single e-mail, the rest is done by other infrastructure.
>

Goes to show what I know about courierperlfilter. ;)

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-28 Thread Matus UHLAR - fantomas 
> Am 2010-04-26 17:25:36, hacktest Du folgendes herunter:
> > > Is it not enough to catch the To: and Cc: from the incoming mail and  if
> > > it is for  or  stop the processing and return an Exit
> > > Status 0?

> Hello Matus UHLAR - fantomas,
> > The real recipient might not be in To/Cc and vice versa.
> > I'm working on the script.

On 28.04.10 19:32, Michelle Konzack wrote:
> Oh, I get tonns of spam for  and  but they are  NEVER
> in To: and Cc:.  So any serious reporter has to put it into To. or Cc:.

I wouldn't better count on that. I can see some statistics but we're
already getting mail to @abuse.net sometimes.

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"One World. One Web. One Program." - Microsoft promotional advertisement
"Ein Volk, ein Reich, ein Fuhrer!" - Adolf Hitler

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-28 Thread Matus UHLAR - fantomas 
> On 26/Apr/10 17:25, Matus UHLAR - fantomas wrote:
> >>  Mails to  and  should be passed as they are.
> > [...]
> > On 19.04.10 14:00, Michelle Konzack wrote:
> >>  Is it not enough to catch the To: and Cc: from the incoming mail and  if
> >>  it is for  or  stop the processing and return an Exit
> >>  Status 0?
> >
> > The real recipient might not be in To/Cc and vice versa.
> > I'm working on the script.

On 28.04.10 12:59, Alessandro Vesely wrote:
> You mean you read recipients from ctlfile lines starting with "r"?

I already do it in our logging filter.

> How are you going to handle an abusive message for multiple 
> recipients, only one of which is  or ? Courier 
> already has a whitelisted/not-whitelisted mechanism, but it only works 
> for whitelistable filters...

what would be the difference between multiple recipients in To/Cc and in
envelope ?
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-28 Thread Michelle Konzack 
Hello Matus UHLAR - fantomas,

Am 2010-04-26 17:25:36, hacktest Du folgendes herunter:
> > Is it not enough to catch the To: and Cc: from the incoming mail and  if
> > it is for  or  stop the processing and return an Exit
> > Status 0?
> The real recipient might not be in To/Cc and vice versa.
> I'm working on the script.

Oh, I get tonns of spam for  and  but they are  NEVER
in To: and Cc:.  So any serious reporter has to put it into To. or Cc:.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France   itsyst...@tdnet UG (haftungsbeschränkt)
Gesch. Michelle Konzack  Gesch. Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz   Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil   Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature
--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-28 Thread Alessandro Vesely 
On 26/Apr/10 17:25, Matus UHLAR - fantomas wrote:
>>  Mails to  and  should be passed as they are.
> [...]
> On 19.04.10 14:00, Michelle Konzack wrote:
>>  Is it not enough to catch the To: and Cc: from the incoming mail and  if
>>  it is for  or  stop the processing and return an Exit
>>  Status 0?
>
> The real recipient might not be in To/Cc and vice versa.
> I'm working on the script.

You mean you read recipients from ctlfile lines starting with "r"?

How are you going to handle an abusive message for multiple 
recipients, only one of which is  or ? Courier 
already has a whitelisted/not-whitelisted mechanism, but it only works 
for whitelistable filters...

-- 

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-26 Thread Matus UHLAR - fantomas 
> Hello Matus UHLAR - fantomas,
> 
> Am 2010-04-19 08:46:23, hacktest Du folgendes herunter:
> > It's a filter for courierperlfilter that integrated into courier package. It
> > only has to process single e-mail, the rest is done by other infrastructure.
> > 
> > I'm currently using something very similar, but I have to re-write it since
> > mail to abuse@ address should not be filtered from phishing mail (abuse
> > reports). Unluckily it ain't so easy, since the data files are checked
> > before control files (recipients).
> 
> Right, here we have the same problem...
> Mails to  and  should be passed as they are.
> 
> > Does anyone have implemented this?

On 19.04.10 14:00, Michelle Konzack wrote:
> Is it not enough to catch the To: and Cc: from the incoming mail and  if
> it is for  or  stop the processing and return an Exit
> Status 0?

The real recipient might not be in To/Cc and vice versa.
I'm working on the script.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

--
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-19 Thread Michelle Konzack 
Hello Matus UHLAR - fantomas,

Am 2010-04-19 08:46:23, hacktest Du folgendes herunter:
> It's a filter for courierperlfilter that integrated into courier package. It
> only has to process single e-mail, the rest is done by other infrastructure.
> 
> I'm currently using something very similar, but I have to re-write it since
> mail to abuse@ address should not be filtered from phishing mail (abuse
> reports). Unluckily it ain't so easy, since the data files are checked
> before control files (recipients).

Right, here we have the same problem...
Mails to  and  should be passed as they are.

> Does anyone have implemented this?

Is it not enough to catch the To: and Cc: from the incoming mail and  if
it is for  or  stop the processing and return an Exit
Status 0?

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France   itsyst...@tdnet UG (haftungsbeschränkt)
Gesch. Michelle Konzack  Gesch. Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz   Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil   Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-19 Thread Michelle Konzack 
Hello Jérôme Blion,

Am 2010-04-18 13:35:39, hacktest Du folgendes herunter:
> Le 18/04/2010 10:52, Aidas Kasparas a écrit
> > on debian you have to use testing packages of python-clamav,
> > as stable do not support recent signatures.
> That's why volatile.debian.org exists... ;-)

Right, was surprising that the Debian Maintainers had  already
the new package there...  One reason more for Debian!

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France   itsyst...@tdnet UG (haftungsbeschränkt)
Gesch. Michelle Konzack  Gesch. Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz   Kinzigstraße 17
67100 Strasbourg/France 77694 Kehl/Germany
Tel: +33-6-61925193 mobil   Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-18 Thread Matus UHLAR - fantomas 
> On 04/18/2010 02:43 AM, Alexei Batyr' wrote:
> > I've successfully using attached perlfilter for several years.

On 18.04.10 11:10, Gordon Messmer wrote:
> Your filter doesn't thread or fork.  If you accept mail more rapidly 
> than you can scan it, there will be problems.

It's a filter for courierperlfilter that integrated into courier package. It
only has to process single e-mail, the rest is done by other infrastructure.

I'm currently using something very similar, but I have to re-write it since
mail to abuse@ address should not be filtered from phishing mail (abuse
reports). Unluckily it ain't so easy, since the data files are checked
before control files (recipients).

Does anyone have implemented this?

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fucking windows! Bring Bill Gates! (Southpark the movie)

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-18 Thread Gordon Messmer 
On 04/18/2010 02:43 AM, Alexei Batyr' wrote:
> I've successfully using attached perlfilter for several years.

Your filter doesn't thread or fork.  If you accept mail more rapidly 
than you can scan it, there will be problems.


--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-18 Thread Jérôme Blion 
Le 18/04/2010 10:52, Aidas Kasparas a écrit
> on debian you have to use testing packages of python-clamav,
> as stable do not support recent signatures.
>

That's why volatile.debian.org exists... ;-)

HTH.
Jerome Blion.

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-18 Thread Alexei Batyr' 
Michelle Konzack writes: 


does someone have a script,  which  integrate  ClamAV  into  SMTP  level
scanning over network?


I've successfully using attached perlfilter for several years. 


--
Alexei.


perlfilter-clam.pl
Description: Perl program
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-18 Thread Aidas Kasparas 
On 2010.04.18 10:54, Michelle Konzack wrote:
> does someone have a script,  which  integrate  ClamAV  into  SMTP  level
> scanning over network?
> 
> Currently I do only offline scaning on a Per-Users-Base but  since  some
> weeks, the number of Viriies  increase  dramaticaly  (I  now  have  many
> Windows users) and now I want to configure my courier-proxy to pass  any
> incoming messages to standalone SpamAssassin and ClamAV  scanners  using
> Round-Robin DNS.

pythonfilter has clamav module. Works well and "in SMTP level". The only
nuisance -- on debian you have to use testing packages of python-clamav,
as stable do not support recent signatures.


-- 
Aidas Kasparas
IT administrator
GM Consult Group, UAB

+370 686 08473
http://www.gmc.lt

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Howe to integate ClamAV to scan on SMTP level?

2010-04-18 Thread Michelle Konzack 
Hello *,

does someone have a script,  which  integrate  ClamAV  into  SMTP  level
scanning over network?

Currently I do only offline scaning on a Per-Users-Base but  since  some
weeks, the number of Viriies  increase  dramaticaly  (I  now  have  many
Windows users) and now I want to configure my courier-proxy to pass  any
incoming messages to standalone SpamAssassin and ClamAV  scanners  using
Round-Robin DNS.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator

-- 
# Debian GNU/Linux Consultant ##
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsyst...@tdnet France   itsyst...@tdnet UG (haftungsbeschränkt)
Gesch. Michelle Konzack  Gesch. Michelle Konzack

Apt. 917 (homeoffice)
50, rue de SoultzKinzigstraße 17
67100 Strasbourg/France  77694 Kehl/Germany
Tel: +33-6-61925193 mobilTel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

  
 

Jabber linux4miche...@jabber.ccc.de
ICQ#328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/


signature.pgp
Description: Digital signature
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev___
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users