Re: [Mimedefang] Managing Quarantined Messages
David F. Skoll wrote: You can write your own function (my_action_quarantine_entire_message) inside your filter, and leave mimedefang.pl untouched. That's the beauty (?) of using Perl as a configuration file language. I can see that I am going to go down the rabbit hole here. I've been thinking about this, and I think that the only real way to do this is do as you suggested. I think I would want to do any processing of the message, then detect if there is a condition that warrants the message to be quarantined, then qurantine the processed message. I suppose I'd have to rebuild the message myself based on the MIME::Entity object in filter_end, write out the message (quarantine it), then reject it so MD doesn't deliver it. Does it sound like I'm way off base here? Any quick recipes for rebuilding a message out of the MIME::Entity object in filter_end? ;-) Thanks, Tim ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] cannot write to /var/spool/MIMEDefang_journal
You may also want to check the permissions of /var and /var/spool, to make sure MD has access to the directory. SRAR Mail Administrator wrote: I happened to need to restart our mail server today, and when I tailed the maillog (paranoia runs deep), I noticed this message: May 3 15:11:17 meow mimedefang-multiplexor: Slave 0 stderr: cannot write to /var/spool/MIMEDefang_journal, Bayes db update ignored ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Detecting and adding headers if attachment found.
A lame newbie questions but here we go. My intentions are to have procmailrc copy any message which has an attachment to a certain directory but I need to have mimedefang add a header to label it as such. This way I can see what files are being blocked and if any adjustments need to be made. I come from a windows background so I attempted to add a "global variable" to the top of the "mimedefang-filter" located in "/etc/mail". With that I had plans to make the global variable on/off to indicate whether or not mimedefang found an attachment. I added this at the top "$invalidAttachment = "No";" which to me indicates a global variable being defined with "No" as the default value. Next inside the "filter" sub inside the "if (filter_bad_filename($entity)) {" block I added "$invalidAttachment = "Yes";" to indicate that an attachment has been found. Later inside the "filter_end" I added a statement like this: # BM 4/28/04 - Attempt to check for attachments if (my($invalidAttachment) eq "Yes"){ action_add_header("X-Attachment-Removed", "$invalidAttachment"); add_recipient($AdminAddress); }else{ action_add_header("X-Attachment-Removed", "$invalidAttachment"); } However, the message always comes in with "X-Attachment-Removed" equaling nothing. Can someone help me out? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] cannot write to /var/spool/MIMEDefang_journal
On May 3, 2004, at 3:41 PM, Patrick Morris wrote: You may also want to check the permissions of /var and /var/spool, to make sure MD has access to the directory. /var & /var/spool are & have always been: root.root - 755. I upgraded MD to 2.41 (from 2.39) last month. Perhaps there's a change there that I missed? SRAR Mail Administrator wrote: I happened to need to restart our mail server today, and when I tailed the maillog (paranoia runs deep), I noticed this message: May 3 15:11:17 meow mimedefang-multiplexor: Slave 0 stderr: cannot write to /var/spool/MIMEDefang_journal, Bayes db update ignored ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -Loren K Louthan | tel: 818 786 2110 | AIM: LorenSRAR -Data Communications Engineer - CRISNet Regional MLS Government's view of the economy could be summed up in a few short phrases: If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it." -Ronald Wilson Reagan ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] cannot write to /var/spool/MIMEDefang_journal
I happened to need to restart our mail server today, and when I tailed the maillog (paranoia runs deep), I noticed this message: May 3 15:11:17 meow mimedefang-multiplexor: Slave 0 stderr: cannot write to /var/spool/MIMEDefang_journal, Bayes db update ignored Here is the /var/spool/MIMEDefang directory: [EMAIL PROTECTED] MIMEDefang]# ls -lad drwx--3 defang root 4096 May 3 15:04 . [EMAIL PROTECTED] MIMEDefang]# ls -lad * drwxr-x---2 defang defang 4096 May 3 14:53 mdefang-i43LrTxh012732 -rw-rw-rw-1 defang defang 71028 Apr 17 23:07 MIMEDefang_journal -rw-r-1 defang defang 6 May 3 14:59 mimedefang-multiplexor.pid srw---1 defang defang 0 May 3 14:59 mimedefang-multiplexor.sock -rw-r-1 defang defang 6 May 3 14:59 mimedefang.pid -rw-rw-rw-1 defang defang2613248 Apr 17 23:08 MIMEDefang_seen srwxr-x---1 defang defang 0 May 3 14:59 mimedefang.sock -rw-rw-rw-1 defang defang5083136 Apr 17 23:08 MIMEDefang_toks I changed MIMEDefang_journal to -rwxrwxrwx to see if that would make a difference. It didn't. Here are my bayes-related entries in /etc/mail/spamassassin/sa-mimedefang.cf: auto_learn 1 bayes_auto_expire 1 bayes_path /var/spool/MIMEDefang bayes_auto_learn_threshold_nonspam 0.5 bayes_auto_learn_threshold_spam 5.5 bayes_expiry_max_db_size10 bayes_file_mode 0644 bayes_ignore_header X-Spam-Status: bayes_ignore_header X-Spam-Score: bayes_journal_min_size 10240 bayes_journal_max_size 512 bayes_learn_to_journal 1 bayes_min_ham_num 100 bayes_min_spam_num 100 Here is my system's config: Fedora Core 1 [EMAIL PROTECTED] root]# uname -a Linux meow.srar.com 2.4.22-1.2149.nptlsmp SMP i686 athlon i386 GNU/Linux [EMAIL PROTECTED] root]# perl -v This is perl, v5.8.1 built for i386-linux-thread-multi Can anyone clue me into what I need to do to fix it? TIA, -Loren -- -Loren K Louthan | tel: 818 786 2110 | AIM: LorenSRAR -Data Communications Engineer - CRISNet Regional MLS Government's view of the economy could be summed up in a few short phrases: If it moves, tax it. If it keeps moving, regulate it. And if it stops moving, subsidize it." -Ronald Wilson Reagan ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Unsafe extensions
Mark wrote: A quick question: where in the MIMEDefang source, or elsewhere, can I find the list with unsafe file extensions? I'd like to add a few. Thanks, It is in the mimedefang-filter file. Just search for exe. -- Daniel Taylor VP OperationsVocal Laboratories, Inc. [EMAIL PROTECTED] http://www.vocalabs.com/(952)941-6580x203 ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Problem running virus scanner
Hello, I'm using mimedefang version 2.42 compiled without antivirus because I only want to filter extensions but it doesn't work. This is the error: mimedefang.pl[31452]: Problem running virus scanner: code=126, category=swerr, action=tempfail mimedefang.pl[31452]: filter: i4398rmU008368: tempfail=1 mimedefang[8370]: i4398rmU008368: Tempfailing because filter instructed us to sendmail[8368]: i4398rmU008368: Milter: data, reject=451 4.3.0 Problem running virus-scanner Any suggestion? Sorry for my english, and thanks in advance. Alberto Ugarte. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Managing Quarantined Messages
On Mon, 3 May 2004, Tim Pushor wrote: > har har ;-) > So the short answer is that action_qurantine_entire_message quarantines > the original message then? Yes. > I am really really really trying to leave mimedefang.pl alone.. You can write your own function (my_action_quarantine_entire_message) inside your filter, and leave mimedefang.pl untouched. That's the beauty (?) of using Perl as a configuration file language. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Managing Quarantined Messages
David F. Skoll wrote: One question though (assuming that I am correct above): Am I able to do any modifications to the message before quarantining? For example, say I strip EXE files from all messages but quarantine if there are encrypted zips. Can I strip the EXE before quarantining so if I decide to remail it to the end user it won't include the EXE? You can do whatever you like if you code it. :-) So the non-facetious answer is that if you want to strip the EXE before quarantining it, you need to examine the MIMEDefang source and modify the action_quarantine_entire_message function. har har ;-) So the short answer is that action_qurantine_entire_message quarantines the original message then? I suppose I could always filter the message *after* de-quarantining it, with the quarantine check the only thing skipped if the relay is localhost.. I am really really really trying to leave mimedefang.pl alone.. Thanks, Tim ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Unsafe extensions
A quick question: where in the MIMEDefang source, or elsewhere, can I find the list with unsafe file extensions? I'd like to add a few. Thanks, - Mark ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MD SpamAssassin behavior change
From: Dirk Mueller [mailto:[EMAIL PROTECTED] > On Thursday 29 April 2004 23:51, Damrose, Mark wrote: > >> Is there a way to turn >> this back off? > > You really don't want them to be turned off, because then > many spamassassin > checks don't work properly and the scores are generally way too low. I do all my dnsbl checks at the sendmail level before MD is invoked. Is there anything else that SA uses those headers for? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Managing Quarantined Messages
On Mon, 3 May 2004, Tim Pushor wrote: > Compile mimedefang with --with-ip-header, and if I determine that I need > to stream_by_* ensure that I add_ip_validation_header(). The addition of the IP validation header is automatic if you stream and the header file is present. > Then later, if > RelayAddr really *is* 127.0.0.1 that means that this is one of my > remailed quarantined messages (or any other message submitted to > localhost unforunately), and that it shoudn't be rescanned. Right. > One question though (assuming that I am correct above): Am I able to do > any modifications to the message before quarantining? For example, say I > strip EXE files from all messages but quarantine if there are encrypted > zips. Can I strip the EXE before quarantining so if I decide to remail > it to the end user it won't include the EXE? You can do whatever you like if you code it. :-) So the non-facetious answer is that if you want to strip the EXE before quarantining it, you need to examine the MIMEDefang source and modify the action_quarantine_entire_message function. Regards, David. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Unsafe extensions
A quick question: where in the MIMEDefang source, or elsewhere, can I find the list with unsafe file extensions? I'd like to add a few. Thanks, - Mark ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
re:[Mimedefang] problem clamav failed with testvirus.org ? solved
I'm sorry for the previous messages. I use the laster mimdefang.example from mimdefang2.42 and now hexadecimal test were stopped by mimedefang. Maybe "md_copy_orig_msg_to_work_dir_as_mbox_file();" change something ? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Re: $entity question
On Fri, Apr 30, 2004 at 08:26:13AM -0400, David F. Skoll wrote: > On Fri, 30 Apr 2004, Kevin A. McGrail wrote: > > > if (-s "$entity->bodyhandle->path" <= $sizelimit) { > > $entity should always be defined, but $entity->bodyhandle or > $entity->bodyhandle->path might not be -- you need to check both. Oh, and the perl syntax is incorrect. Leave out the "" quotes around the $entity->bodyhandle->path. -- #!perl -wpl # mmfppfmpmmpp mmpffm <[EMAIL PROTECTED]> $p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+ $_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9, 3,1)]),5,1)='`'lt$&;$f.eig;# Jan-Pieter Cornet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Managing Quarantined Messages
David F. Skoll wrote: Yeah thats fine, but two things initially popped up, one the not filtering 127.0.0.1 - I don't know if this would affect anything else - how about if I use stream_by_recipient or domain - wouldn't these messages be coming through with localhost being the relay? I would still want to filter these.. See PRESERVING RELAY INFORMATION in the mimedefang-filter man page to get around that. David, Sorry for taking to long to reply. So if I understand you correctly, you are suggesting: Compile mimedefang with --with-ip-header, and if I determine that I need to stream_by_* ensure that I add_ip_validation_header(). Then later, if RelayAddr really *is* 127.0.0.1 that means that this is one of my remailed quarantined messages (or any other message submitted to localhost unforunately), and that it shoudn't be rescanned. One question though (assuming that I am correct above): Am I able to do any modifications to the message before quarantining? For example, say I strip EXE files from all messages but quarantine if there are encrypted zips. Can I strip the EXE before quarantining so if I decide to remail it to the end user it won't include the EXE? Thanks! Tim ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang