Re: [Mimedefang] Problem scanning multiple attachments with Kaspersky Anti-Virus for Linux Workstation 5.0.2.0
On Fri, 2 Apr 2004, Ernst-Paul ten Brinke wrote: > Let's say you send a message with an attachment a.zip en b.zip and a.zip > contains a virus and b.zip not. [...] > Calling aveclient with multiple files or in this case with a * returns only > the scan return code of the last MIME part scanned. Wow. aveclient is badly broken, then; I recommend switching to a different virus scanner. Otherwise, you'll have to call entity_contains_virus for each part, and that's a waste of time. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Problem scanning multiple attachments with Kaspersky Anti-Virus for Linux Workstation 5.0.2.0
I'm using MD 2.42 with Kaspersky Anti-Virus for Linux Workstation 5.0.2.0
I noticed a problem with scanning multiple attachments.
In mimedefang.pl I see the following code in the subroutine for
message_contains_virus_avp5 :
# Run aveclient
my($code, $category, $action) = run_virus_scanner($Features{'Virus:AVP5'} .
" -s -p /var/run/aveserver $CWD/Work/* 2>&1","INFECTED");
Let's say you send a message with an attachment a.zip en b.zip and a.zip
contains a virus and b.zip not.
You would expect a scan return code 4 from aveclient. The a.zip MIME part is
INFECTED and the b.zip part NOT.
But the scan result of aveclient depends of the order in which the parts
will be scanned.
Calling aveclient with multiple files or in this case with a * returns only
the scan return code of the last MIME part scanned.
So adding a.zip first as attachment and b.zip second results in return code
0. No virus found in MIME parts.
But adding b.zip first and a.zip second results in a return code 4. Virus
found in MIME parts.
Example with an infected .zip file and a not infected .com file. (order
.zip, .com)
/var/log/kav/aveserver.log after running message_contains_virus_avp5 :
[02-04-2004 01:01:57 A] [19908] New local connection accepted from
/var/run/aveserver, connection ID 149
[02-04-2004 01:01:57 A] [19908] [26543] Scan started:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-72.txt
[02-04-2004 01:01:57 A] [19908] [26543] Scan progress:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-72.txt OK
[02-04-2004 01:01:57 A] [19908] [26543] Scan result:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-72.txt OK
[02-04-2004 01:01:57 A] [19908] [26543] Scan started:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-73.html
[02-04-2004 01:01:57 A] [19908] [26543] Scan progress:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-73.html OK
[02-04-2004 01:01:57 A] [19908] [26543] Scan result:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-73.html OK
[02-04-2004 01:01:57 A] [19908] [26543] Scan started:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-74.zip
[02-04-2004 01:01:57 A] [19908] [26543] Scan progress:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-74.zip/me.htm.pi
f INFECTED I-Worm.Moodown.b
[02-04-2004 01:01:57 A] [19908] [26543] Scan result:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-74.zip INFECTED
[02-04-2004 01:01:57 A] [19908] [26543] Scan started:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-75.com
[02-04-2004 01:01:57 A] [19908] [26543] Scan progress:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-75.com OK
[02-04-2004 01:01:57 A] [19908] [26543] Scan result:
/var/spool/MIMEDefang/mdefang-i31N1vHK026539/Work/msg-25543-75.com OK
In this case message_contains_virus_avp5 results : return code 0, categorie
: ok, action : ok which is not ok.
Changing the order will result in return code 4, categorie : virus, action :
quarantine.
Ernst-Paul
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Help with filter - modified
In my last email, I posted the wrong filter - I forgot to uncomment out
stuff.
Here is the current (not working) one.
Thanks
Mark
# -*- Perl -*-
#***
#
# mimedefang-filter
#
# Suggested minimum-protection filter for Microsoft Windows clients,
plus
# SpamAssassin checks if SpamAssassin is installed.
#
# Copyright (C) 2002 Roaring Penguin Software Inc.
#
# This program may be distributed under the terms of the GNU General
# Public License, Version 2, or (at your option) any later version.
#
# $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14
21:33:20 dfs Exp $
#***
#***
# Set administrator's e-mail address here. The administrator receives
# quarantine messages and is listed as the contact for site-wide
# MIMEDefang policy. A good example would be
'[EMAIL PROTECTED]'
#***
$AdminAddress = '[EMAIL PROTECTED]';
$AdminName = "Mark Penkower";
#***
# Set the e-mail address from which MIMEDefang quarantine warnings and
# user notifications appear to come. A good example would be
# '[EMAIL PROTECTED]'. Make sure to have an alias for this
# address if you want replies to it to work.
#***
$DaemonAddress = '[EMAIL PROTECTED]';
#***
# If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard
# to add warnings directly in the message body (text or html) rather
# than adding a separate "WARNING.TXT" MIME part. If the message
# has no text or html part, then a separate MIME part is still used.
#***
$AddWarningsInline = 0;
#***
# To enable syslogging of virus and spam activity, add the following
# to the filter:
md_graphdefang_log_enable();
# You may optionally provide a syslogging facility by passing an
# argument such as: md_graphdefang_log_enable('local4'); If you do
this, be
# sure to setup the new syslog facility (probably in /etc/syslog.conf).
# An optional second argument causes a line of output to be produced
# for each recipient (if it is 1), or only a single summary line
# for all recipients (if it is 0.) The default is 1.
# Comment this line out to disable logging.
#***
md_graphdefang_log_enable('mail', 1);
#***
# Uncomment this to block messages with more than 50 parts. This will
# *NOT* work unless you're using Roaring Penguin's patched version
# of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later.
#
# WARNING: DO NOT SET THIS VARIABLE unless you're using at least
# MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail.
#***
# $MaxMIMEParts = 50;
#***
# Set various stupid things your mail client does below.
#***
# Set the next one if your mail client cannot handle nested multipart
# messages. DO NOT set this lightly; it will cause action_add_part to
# work rather strangely. Leave it at zero, even for MS Outlook, unless
# you have serious problems.
$Stupidity{"flatten"} = 0;
# Set the next one if your mail client cannot handle multiple "inline"
# parts.
$Stupidity{"NoMultipleInlines"} = 0;
# This procedure returns true for entities with bad filenames.
sub filter_bad_filename ($) {
my($entity) = @_;
my($bad_exts, $re);
# Bad extensions
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|ht
a|hto|inf|ini|ins|isp|jar|js|jse|lib|lnk|mdb|mde|msc|msi|msp|mst|pcd|prg
|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbg|vbs|vcs|vxd|wmd|wms|wmz|wsc|w
sf|wsh|zls|\{[^\}]+\})';
#***
# %PROCEDURE: filter_begin
# %ARGUMENTS:
# None
# %RETURNS:
# Nothing
# %DESCRIPTION:
# Called just before e-mail parts are processed
#***
sub filter_begin () {
#***
# %PROCEDURE: filter
# %ARGUMENTS:
# entity -- a Mime::Entity object (see MIME-tools documentation for
details)
# fname -- the suggested filename, taken from the MIME
Content-Disposition:
# header. If no filename was suggested, then fname is ""
# ext -- the file extension (everything from the last period in th
[Mimedefang] Please help with filter!
I have attached my mimedefang-filter.
All that I need fot it to do is to block the banned extensions and to
add the boilerplate disclaimer. I know that this does not work because
I have the wrong number of brackets somewhere.
This is driving me up a wall!
Could somebody please post the corrected code.
Thank you so much.
Mark Penkower
# -*- Perl -*-
#***
#
# mimedefang-filter
#
# Suggested minimum-protection filter for Microsoft Windows clients,
plus
# SpamAssassin checks if SpamAssassin is installed.
#
# Copyright (C) 2002 Roaring Penguin Software Inc.
#
# This program may be distributed under the terms of the GNU General
# Public License, Version 2, or (at your option) any later version.
#
# $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14
21:33:20 dfs Exp $
#***
#***
# Set administrator's e-mail address here. The administrator receives
# quarantine messages and is listed as the contact for site-wide
# MIMEDefang policy. A good example would be
'[EMAIL PROTECTED]'
#***
$AdminAddress = '[EMAIL PROTECTED]';
$AdminName = "Mark Penkower";
#***
# Set the e-mail address from which MIMEDefang quarantine warnings and
# user notifications appear to come. A good example would be
# '[EMAIL PROTECTED]'. Make sure to have an alias for this
# address if you want replies to it to work.
#***
$DaemonAddress = '[EMAIL PROTECTED]';
#***
# If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard
# to add warnings directly in the message body (text or html) rather
# than adding a separate "WARNING.TXT" MIME part. If the message
# has no text or html part, then a separate MIME part is still used.
#***
$AddWarningsInline = 0;
#***
# To enable syslogging of virus and spam activity, add the following
# to the filter:
md_graphdefang_log_enable();
# You may optionally provide a syslogging facility by passing an
# argument such as: md_graphdefang_log_enable('local4'); If you do
this, be
# sure to setup the new syslog facility (probably in /etc/syslog.conf).
# An optional second argument causes a line of output to be produced
# for each recipient (if it is 1), or only a single summary line
# for all recipients (if it is 0.) The default is 1.
# Comment this line out to disable logging.
#***
md_graphdefang_log_enable('mail', 1);
#***
# Uncomment this to block messages with more than 50 parts. This will
# *NOT* work unless you're using Roaring Penguin's patched version
# of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later.
#
# WARNING: DO NOT SET THIS VARIABLE unless you're using at least
# MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail.
#***
# $MaxMIMEParts = 50;
#***
# Set various stupid things your mail client does below.
#***
# Set the next one if your mail client cannot handle nested multipart
# messages. DO NOT set this lightly; it will cause action_add_part to
# work rather strangely. Leave it at zero, even for MS Outlook, unless
# you have serious problems.
$Stupidity{"flatten"} = 0;
# Set the next one if your mail client cannot handle multiple "inline"
# parts.
$Stupidity{"NoMultipleInlines"} = 0;
# This procedure returns true for entities with bad filenames.
#sub filter_bad_filename ($) {
#my($entity) = @_;
#my($bad_exts, $re);
# Bad extensions
$bad_exts =
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|ht
a|hto|inf|ini|ins|isp|jar|js|jse|lib|lnk|mdb|mde|msc|msi|msp|mst|pcd|prg
|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbg|vbs|vcs|vxd|wmd|wms|wmz|wsc|w
sf|wsh|zls|\{[^\}]+\})';
#***
# %PROCEDURE: filter_begin
# %ARGUMENTS:
# None
# %RETURNS:
# Nothing
# %DESCRIPTION:
# Called just before e-mail parts are processed
#***
sub filter_begin () {
#***
# %PROCEDURE: filter
# %ARGUMENTS:
# entity -- a Mime::Entity object (see MIME-tools documentation for
details)
Re: [Mimedefang] Correct order
[EMAIL PROTECTED] wrote on 04/01/2004 02:17:55 PM: > My free disk space is limited right now, therefore I thought if I can scan > for viruses and reject if found before quarantining based on bad file > types, it would save on disk space. Yes it uses a bit more processor > power, but my greylisting has made a big difference keeping that on the > low side. That makes sense, since you're quarentining bad extensions. I was misled by your original message where it said you were rejecting bad files. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Correct order
> > I'm doing the following using MIMEDefang: > > > > - Use filter_relay to bypass outgoing mail > > - Greylisting > > - Virus scanning (with uvscan) > > - Rejecting on bad filename extensions > > - Checking for SPAM with SpamAssassin > > > Why wouldn't you reject executable extensions before virus scanning? You > wouldnt be scanning any executable files. My free disk space is limited right now, therefore I thought if I can scan for viruses and reject if found before quarantining based on bad file types, it would save on disk space. Yes it uses a bit more processor power, but my greylisting has made a big difference keeping that on the low side. CU L8R... Todd A. Aiken Systems Analyst - Administrator Cole Computer Centre BISHOP'S UNIVERSITY Lennoxville, Quebec, CANADA "GUIs on servers... That's like putting an air conditioner on a motorcycle..." -BEGIN GEEK CODE BLOCK- Version 3.12 (http://www.geekcode.com) GCS$/MU d+(-) s++:+ a C++$ UL$ P+ L++ E->+ W+>++ N++ o? K- w O- M V? PS PE- Y PGP- t+ 5 X R- tv+ b DI(+) D++ G e+ h !r>r+++ y- --END GEEK CODE BLOCK-- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Correct order
[EMAIL PROTECTED] wrote on 04/01/2004 01:15:37 PM: > I'm doing the following using MIMEDefang: > > - Use filter_relay to bypass outgoing mail > - Greylisting > - Virus scanning (with uvscan) > - Rejecting on bad filename extensions > - Checking for SPAM with SpamAssassin > Why wouldn't you reject executable extensions before virus scanning? You wouldnt be scanning any executable files. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] slave error with razor2
At 01:24 PM 3/31/2004, [EMAIL PROTECTED] wrote: mimedefang-multiplexor: Slave 12 stderr: razor2 check skipped: Bad file descriptor Died at /usr/local/lib/perl5/site_perl/5.005/Mail/SpamAssassin/Dns.pm line 409. IIRC, this means queries to the Razor servers are not responding. Try running razor-admin -discover as your MIMEDefang user. This should pick up a current list of Razor servers. Kelson Vibber SpeedGate Communications ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Quarantine management - anyone else working on
Paul,
I have a stop-gap system that I have been using, so if you want to
develop a full blown system, that would be great. What I am about to
describe probably has security holes, but that is not a problem for me,
and I'm sure if someone wants to use this method and it's a problem,
they will fix it. The standard "it works for me" disclaimers apply.
Quick overview of what I do:
1. I have the quarantine directories linked into my webspace so I can
see the directories using a web browser. My webserver is configured to
allow directory listings.
2. Crontab entry for directory permissions (otherwise #1 doesn't work!)
3. In the top MD-Quarantine directory, I put a file called "README.html"
with a simple table form to call a cgi-script which will delete all
directories (a recent addition because I got tired of deleting
directories one at a time).
4. When something is to be quarantined, I have mimedefang drop a
HEADER.html and a README.html file in the directory (Details below).
5. I have a cgi script and a "helper" script that actually do the
deleting and/or remailing.
---
Details:
1. I will leave it up to you to figure out how to configure the
webserver and directories.
2. Of course, I need a crontab entry to change permissions:
# Change permissions
* * * * * chmod -R 755
/var/spool/MD-Quarantine/
3. Here's the README.html file for the MD-Quarantine directory:
4. I have a routine in my mimedefang-filter:
#***
# %Procedure: write_qfiles()
# %Prerequiste: creation of quarantine directory
# %ARGUMENTS:
#
# %RETURNS:
#
#
# %DESCRIPTION:
# Writes README.html and HEADER.html files for quarantine directories
#***
sub write_qfiles()
{
my $newsender = escapeHTML($Sender);
my $newrec = escapeHTML($Recipients[0]);
if (open(OUT,">$QuarantineSubdir/HEADER.html")) {
print OUT "Quarantined Message: $Subject\n";
print OUT "To: $newrec\n";
print OUT "From: $newsender\n";
print OUT "Relay info: $RelayHostname ($RelayAddr),
helo=$Helo\n";
close OUT;
}
if (open(OUT,">$QuarantineSubdir/README.html")) {
print OUT << "BLOCK";
BLOCK
print OUT "$report";
close OUT;
}
}
--
To quarantine, I do the following (This is a SPAM example):
# Quarantine messages above the $qspam theshold
action_quarantine_entire_message();
get_quarantine_dir();
write_qfiles();
action_notify_administrator("Message\n$Subject\nfrom $Sender to
$Recipients[0] quarantined because SPAM score exceeded threshold.\n\nSee
http://www.carpenter.cx$QuarantineSubdir/\n\nCopy sent to
[EMAIL PROTECTED] report:\n$report\n");
---
So when this is done, the messages has been quarantined with the
HEADER.html and README.html files, and a message was sent to the
administrator with a link to the Quarantine directory.
5. The quarantine.cgi script:
#!/usr/bin/perl -w
use CGI qw(:standard);
my $action = '';
my $sendto = '';
my $qdir = '';
my $cmd= '/usr/sbin/sendmail ';
$action = param('action');
$sendto = param('newuser');
$qdir = param('qdir');
if ($action =~ /original/i) {
$msg = "Message sent to original recipient";
$cmd = $cmd . "-t < $qdir/ENTIRE_MESSAGE";
}
elsif ($action =~ /address/i) {
$msg = "Sent message to new address";
if ($sendto eq "") {
$msg = $msg . ", but no new address given.";
}
else {
$msg = $msg . ": $sendto";
$cmd = $cmd . "$sendto < $qdir/ENTIRE_MESSAGE";
}
}
else {
$msg = "Quarantine directory deleted.";
$cmd = "sudo /usr/local/bin/qdirhelper $qdir";
}
system $cmd;
print header(); # print out correct content header
print <<"EOF"
Quarantine Action: $action
$msg
Executed command was:$cmd
Back to quarantine directory
EOF
---
The qdirhelper script:
rm -r -f $1
The qdirhelper script needs to be listed in sudoers:
apache ALL= NOPASSWD:/usr/local/bin/qdirhelper
I think that does it.
Let me know if there are any questions. Be aware that I use the digest
feature of this list, so I might not answer right away.
Troy Carpenter
[EMAIL PROTECTED]
-Original Message-
Date: Thu, 1 Apr 2004 11:31:59 +0100
From: "Paul Murphy" <[EMAIL PROTECTED]>
Subject: [Mimedefang] Quarantine management - anyone else working on
this?
To: <[EMAIL PROTECTED]>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Hi,
I've been working on a CGI program to assist with managing the
quarantine folders, which is now working but nowhere near ready for
public inspection.
The system consists of two Perl CGI s
[Mimedefang] Correct order
I'm doing the following using MIMEDefang: - Use filter_relay to bypass outgoing mail - Greylisting - Virus scanning (with uvscan) - Rejecting on bad filename extensions - Checking for SPAM with SpamAssassin I had to place greylist checking in filter_end because it seemed to be running before filter_relay and was greylisting all of my external mail. But I thought to save some processing power, I would move virus scanning to filter_end as well so that only if a mail passed the greylist would it be scanned for viruses. However, by doing that, I now find that my quarantine directory is filling up fast, because stuff is being moved there being detected as having a bad filename before it is being scanned (and rejected) for viruses. Can somebody suggest a way that I can move stuff around so that all of the above list is processed in the listed order? If it is somehow possible to do the filter_relay checking in filter_begin before everything starts, I could then place greylist checking back in filter_begin and that would probably solve my problem. My mimedefang-filter can for now be found at: http://staarage.ubishops.ca/mimedefang-filter Thanks. CU L8R... Todd A. Aiken Systems Analyst - Administrator Cole Computer Centre BISHOP'S UNIVERSITY Lennoxville, Quebec, CANADA "GUIs on servers... That's like putting an air conditioner on a motorcycle..." -BEGIN GEEK CODE BLOCK- Version 3.12 (http://www.geekcode.com) GCS$/MU d+(-) s++:+ a C++$ UL$ P+ L++ E->+ W+>++ N++ o? K- w O- M V? PS PE- Y PGP- t+ 5 X R- tv+ b DI(+) D++ G e+ h !r>r+++ y- --END GEEK CODE BLOCK-- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] greylisting software... what do people use?
[EMAIL PROTECTED] wrote on 04/01/2004 10:48:10 AM: > > What greylisting tools or programs do people use? I need something robust. > Volume of mail is not too high, but the software needs to work reliability. I use CanIT Pro. Works like a champ! ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server question
Thanks, that'll work! KAM > You don't need to hack the function. Just do this in filter_recipient: > # Convert TEMPFAIL to CONTINUE > $answer = 'CONTINUE' if ($answer eq 'TEMPFAIL'); > return ($answer, $explanation); ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] greylisting software... what do people use?
There are 3-4 implementation out that that seem to work, including mine. I've never had any complaints about mine, or of the others...failing. Search the archives. The mimedefang one's use perl db-file. With that said, canit-pro is fuller featured and works out of the box with greylisting. Henrik Schmiediche said: > > Hello, > I am thinking of implementing greylisting. I am using mimedefang 2.41 with > spamassassin 2.63. > > What greylisting tools or programs do people use? I need something robust. > Volume of mail is not too high, but the software needs to work > reliability. > > Sincerely, > > - Henrik > > > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang > -- Luke Computer Science System Administrator Security Administrator,College of Engineering Montana State University-Bozeman,Montana ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server question
On Thu, 1 Apr 2004, Kevin A. McGrail wrote:
> be queried cannot be reached. Since I am implementing this on the Backup
> MX, I NEED it to queue if it can't be reached.
> I was thinking that one parameter could be added to allow for this and I've
> worked up the following code for comment:
You don't need to hack the function. Just do this in filter_recipient:
sub filter_recipient {
my($recipient, $sender, $rest) = @_;
my($answer, $explanation) =
md_check_against_smtp_server($sender, $recip, "helo", 'server');
# Convert TEMPFAIL to CONTINUE
$answer = 'CONTINUE' if ($answer eq 'TEMPFAIL');
return ($answer, $explanation);
}
Regards,
David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] md_check_against_smtp_server question
I believe md_check_against_smtp_server will TEMPFAIL if the server trying to
be queried cannot be reached. Since I am implementing this on the Backup
MX, I NEED it to queue if it can't be reached.
I was thinking that one parameter could be added to allow for this and I've
worked up the following code for comment:
http://www.peregrinehw.com/downloads/MIMEDefang/contrib/md_check_disable_tempfail_patch
--- mimedefang.pl.inWed Mar 24 22:47:58 2004
+++ mimedefang.pl.KAM Thu Apr 1 11:21:35 2004
@@ -6227,7 +6227,7 @@
# HELO / MAIL FROM: / RCPT TO: / QUIT sequence
#***
sub md_check_against_smtp_server () {
-my($sender, $recip, $helo, $server) = @_;
+my($sender, $recip, $helo, $server, $notempfail) = @_;
my($code, $text, $dsn, $retval);
# Add angle-brackets if needed
@@ -6243,8 +6243,14 @@
PeerPort => 'smtp(25)',
Proto=> 'tcp',
Timeout => 15);
+
if (!defined($sock)) {
- return ('TEMPFAIL', "Could not connect to other SMTP server: $!");
+if ($notempfail) {
+#tempfail disabled - continue regardless
+return ('CONTINUE', "Accepting Message: TEMPFAIL Disabled &
could not connect to other SMTP server: $!", 250, "2.1.5");
+} else {
+return ('TEMPFAIL', "Could not connect to other SMTP server:
$!");
+}
}
($retval, $code, $dsn, $text) = get_smtp_return_code($sock);
regards,
KAM
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] greylisting software... what do people use?
On Thu, 1 Apr 2004, Henrik Schmiediche wrote: > What greylisting tools or programs do people use? I use CanIt-PRO. :-) It's our commercial product. The greylisting uses PostgreSQL as a back-end DB. Evan Harris has a MySQL-based greylisting implementation; there are links to various greylisting implementations at http://projects.puremagic.com/greylisting/ Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] greylisting software... what do people use?
Hello, I am thinking of implementing greylisting. I am using mimedefang 2.41 with spamassassin 2.63. What greylisting tools or programs do people use? I need something robust. Volume of mail is not too high, but the software needs to work reliability. Sincerely, - Henrik ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_copy_orig_msg question
Kevin A. McGrail wrote: From the readings, I understand that clamav definitely will catch more viruses if you did this. Can anyone comment on the validity of using this with other scanners? Specifically, my interest is with McAfee's uvscan. Regards, KAM <>PLEASE NOTE: If you want your original input message to be scanned by a virus scanner, you *must* call one of md_copy_orig_msg_to_work_dir or md_copy_orig_msg_to_work_dir_as_mbox_file in your filter before invoking a virus-scanning function. I have installed release 2.42 now. I was using a modified mimedefang-filter from a few revs back (probably 2.34 or so) and noticed the new changes that have now morphed into 2.42. I decided to take the stock 2.42 mimedefang-filter (windows minimum) and rework my specific changes. I can say the "yes" it seems to work with other virus scanners. I am using Frisk Software's F-Prot Antivirus for Linux Mail Servers. I've only been running with the new filter for 24 hours, but things are definitely working. The only difference that I have noticed is that my old filter dropped SPAM messages into a MSG.0 log and VIRUS messages into a MSG.1 log. All of my messages are now in MSG.0 log. I suspect that this is more due to differences in the way that I modified the new filter than anything else. Either way, I'm saving the information that I need. Regards -- Doug Brott [EMAIL PROTECTED] ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] HX- Header instead of Milter add: header X-
I just upgraded mimedefang from 2.39 to 2.40 on four of my
machines. On all the boxes I have nearly the same mimedefang-filter
using for instance action_add_header("X-Spam-Flag", "YES"); to add
headers to the mails in filter_end. On ONE box I now get differnt
syslog entries for this action. I used to get (and get on the three
other boxes):
wintermute sm-mta[8346]: i319AC07008346: Milter add: header: X-Spam-Flag: YES
wintermute sm-mta[8346]: i319AC07008346: Milter add: header: X-Spam-Warning:
SpamAssassin says this message is SPAM
wintermute sm-mta[8346]: i319AC07008346: Milter add: header: X-Scanned-By: MIMEDefang
2.40
On the ONE machine I now get:
charlie HX-Spam-Warning SpamAssassin%20says%20this%20message%20is%20SPAM HX-Spam-Flag
YES
charlie sm-mta[29383]: i319AGmV029383: Milter add: header: X-Scanned-By: MIMEDefang
2.40
The changed or added headers are also not written into the mail.
Any hints?
Christoph
--
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: [EMAIL PROTECTED]
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Quarantine management - anyone else working on this?
Hi, I've been working on a CGI program to assist with managing the quarantine folders, which is now working but nowhere near ready for public inspection. The system consists of two Perl CGI scripts - one to display the message details for all quarantined messages (and to approve/delete them) and the other to inspect the quarantined message, and a cron job to sort out the permissions on the qdirs so that the CGI scripts can read the files. Before I invest too much time in this, is there anything else out there to assist with this task? Best Wishes, Paul. __ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 ___ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 ___ ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
