Re: [Mimedefang] Globals

2004-07-09 Thread Steffen Kaiser 
On Thu, 8 Jul 2004, Rich West wrote:
Hmm, I'd populate a global variable when the slave starts or in 
filter_initialize. I do so, anyway.

sub is_list
{
 $listname = (split("\@", $listname))[0];
 $listname = (split("\<", $listname))[1];
 Angle brackets are not mandatory.
  foreach $list (@lists)
 {
chop($list);
return 1 if ($list =~ /^$listname/i);
^ here you check only, if the recipient 
begins with a name of a list.

 }
 return 0;
}
BTW: How about preparing the name cache a bit more in order to avoid the 
foreach loop each time you lookup a name, e.g.

1) use a hash:
%mailists = ( 'list1' => 1
, 'list2' => 1, ... );
Then you can do simply  return $mailists{lc($listname)}
2) or use a large string: $mailists = '@[EMAIL PROTECTED]@[EMAIL PROTECTED]@';
then do: return index($mailists, '@' . lc($listname) . '@') >= 0;
(Because '@' is never part of listname, it's save.)
Bye,
--
Steffen Kaiser
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Validating sender domain opinion

2004-07-09 Thread David F. Skoll 
On Thu, 8 Jul 2004, Steffen Kaiser wrote:

> What about a DNS configuration with an invalid private MX as first one?

It's bad and I would reject mail from that domain.

> mox.de. 252 IN  MX  10 192.168.100.251.

Two problems:

1) The value of an MX record must be a domain name, not an IP
address.

2) Publishing a private IP address as an MX record is very bad, because
someone might happen to be using that address, and that would cause
all kinds of problems.

The owner of mox.de should be told these things, and mail from mox.de
should be rejected.

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Validating sender domain opinion

2004-07-09 Thread WBrown 
[EMAIL PROTECTED] wrote on 07/08/2004 09:37:16 
AM:

> What about a DNS configuration with an invalid private MX as first one?

They are probably lazy and do not have split DNS servers, or seperate ones 
for internal vs external resolution.  The external ones are filters, and 
the one with the private network address is the actual mail server.
 
> ;; ANSWER SECTION:
> mox.de. 252 IN  MX  30 mail.portunity.de.
> mox.de. 252 IN  MX  10 192.168.100.251.
> mox.de. 252 IN  MX  20 mail.mox.de.
> 
> These are not spammers, BTW.
> 
> I would consider such setup invalid and my code had rejected the mail, 
if 
> it were enable. -- I mean, why does they try to deliver mail to one of 
my 
> hosts, private addresses are "my hosts", aren't they?
> I ignore the fact here intentionally, that they do point to a numerical 
> address rather than a symbolic host.

Actually, it is invalid.  MX records should not have numeric values for 
the host, rather a "domain-name which specifies a host willing to act as a 
mail exchange for the owner name."  (per DNS and BIND, P. Albitz & C. Liu, 
page 533)

If you want to block it, you could, but would your users like that?  Do 
you feel like teaching the mail admin at mox.de how to fix their mail 
and/or DNS system?

> What do you think?

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Still outbound messages are getting blocked by spamassassin

2004-07-09 Thread Vivek Kumar 
Hi there, 

This is happening for quite some time and I don't know why its
happening. Last time I got email saying that put your IP or domain in
whitelist etc. etc. but somehow either I did it wrong or it didn't work.
Also I have following lines added to mimedefang-filter.

#**
# %PROCEDURE: filter_relay
# %ARGUMENTS: hostip,hostname,helo
# %RETURNS: #  CONTINUE, TEMPFAIL, REJECT, DISCARD,
ACCEPT_AND_NO_MORE_FILTERING
# %DESCRIPTION:
# Don't filter for internal machines sending out email.
#**
sub filter_relay($$$){
  my ($hostip,$hostname,$helo) = @_;
  my $internal_net1 = "191.0.0";
  my $internal_net2 = "191.0.1";
  $hostip=~  /^(\d+\.\d+\.\d+)./ ;
  my $mailip = $1;
  if($mailip eq $internal_net1 || $mailip eq $internal_net2) {
return("ACCEPT_AND_NO_MORE_FILTERING","It's from us it
gotta
be good");
}
  return("CONTINUE","");  
} 
Kindly let me know if there is something I am missing. Also is it
possible to make a log for few email-ids and put all the spam coming to
them in that log. So that if I want to know how much and what spam were
sent to johnw account, I can go and check it and if I found any
legitimate mail I can forward it to him.

Thanks

Vivek


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Still outbound messages are getting blocked by s pamassassin

2004-07-09 Thread Matthew . van . Eerde 
> From: Vivek Kumar [mailto:[EMAIL PROTECTED]
>   my $internal_net1 = "191.0.0";
>   my $internal_net2 = "191.0.1";
>   $hostip=~  /^(\d+\.\d+\.\d+)./ ;
>   my $mailip = $1;
>   if($mailip eq $internal_net1 || $mailip eq $internal_net2) {

This won't do what you want.  || binds more tightly than eq so you're
effectively saying
$mailip eq ($internal_net1 || $mailip) eq $internal_net2
which in turn is the same as
$mailip eq $internal_net1 eq $internal_net2
which is the same as either
1 eq $internal_net2
or
0 eq $internal_net2
which is always
0

so your "if" condition will never be true.

Try
$mailip eq $internal_net1 or $mailip eq $internal_net2
or
($mailip eq $internal_net1) || ($mailip eq $internal_net2)

[EMAIL PROTECTED]  805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] More filter_recipient Qs...

2004-07-09 Thread Matthew . van . Eerde 
> From: Ashley M. Kirchner [mailto:[EMAIL PROTECTED]
> David F. Skoll wrote:
> 
> >What gives you that impression?  filter_recipient is called before any
> >of the body filtering functions.
> >  
> >
> Because I don't bounce all e-mails that have been tagged as spam - I 
> send them to the quarantine folder.  And I'm seeing a lot of them in 
> there that were destined for invalid recipients.

Are you basing this on To/CC headers alone?  Frequently these have nothing
to do with the RCPT recipients (think BCC)

[EMAIL PROTECTED]  805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] OT: SCO

2004-07-09 Thread Ben Kamen 


they did release one code snippet which was quickly digested by the
industry's experts who resolved it was not infringing... at that point,
the suit became much more of a joke as most people said, ~ "if that's the
bext they've got..."... and so forth...

 -Ben


On Thu, 8 Jul 2004, Kevin A. McGrail wrote:

> SCO has not, to my knowledge, openly released the basis for their claims
> that Linux (specifically the 2.4 kernel and above) contains code that is
> owned by the SCO Group.  The general information is that it involves some
> SMP code that IBM allegedly leaked after they had access to the SCO Source
> Code but again nothing has been put forth by SCO to A) verify the claim and
> B) remove the offending source code from future kernels.
>
> KAM
>
> > You know its funny, I have tried to not get involved in anything relating
> > to SCO and their lawsuits because the whole things just aggrevates me. But
> > for fun, I listened to SCO's CEO do a radio interview (availble from
> > SCO.com), and the first words out of his mouth were "many computers today
> > run UNIX, which happens to be owned by the SCO Group". I think I almost
> > threwup!!!
> >
> > He claims that some intellectual property has made its way into Linux.
> > Does anybody know specifically what he is talking about? Or is it all just
> > BS, and the real issue is that Linux "resembles" SysV UNIX, and therefore
> > it is theft of intectual property. Thats like suing a band who sing songs
> > that "sound" like Metallica songs!
>

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

ADMINISTRIVIA: Off-topic thread (was Re: [Mimedefang] OT: SCO)

2004-07-09 Thread David F. Skoll 
Hi, All.

Let's take the SCO thread offline, please.

Thanks,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: ADMINISTRIVIA: Off-topic thread (was Re: [Mimedefang] OT: SCO)

2004-07-09 Thread Kenneth Porter 
--On Friday, July 09, 2004 11:28 AM -0400 "David F. Skoll" 
<[EMAIL PROTECTED]> wrote:

Let's take the SCO thread offline, please.
To assist in that, I figured I'd look for a suitable mailing list:

And this one turned up:

Everyone meet over there! Or in .
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] file descriptor scope and embedded perl

2004-07-09 Thread Chris Masters 
Solved by performing a dummy call to force data source
handle declaration/initialisation/connection at slave
startup:

sub filter_initialize() 
{ 
#Declare Connection handles 
undef $My_dbh; 
undef $My_Ldap; 

#dummy call to make initial connection
get_db_connection(); 
get_ldap_connection(); 
} 

--- "David F. Skoll" <[EMAIL PROTECTED]> wrote:
> On Tue, 6 Jul 2004, Chris Masters wrote:
> 
> > I still have the problem of bad file descriptors:
> 
> What's the actual log message?  Does the database
> server log anything
> funny?
> 
> Regards,
> 
> David.
> ___
> Visit http://www.mimedefang.org and
> http://www.canit.ca
> MIMEDefang mailing list
> [EMAIL PROTECTED]
>
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> 




__
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Still outbound messages are getting blocked by s pamassassin

2004-07-09 Thread Vivek Kumar 
Hi Matthew,

I tried both the following syntax you suggested but I got compliation
error.

$mailip eq $internal_net1 or $mailip eq $internal_net2
or
($mailip eq $internal_net1) || ($mailip eq $internal_net2)

Thanks

Vivek


On Fri, 2004-07-09 at 11:21, [EMAIL PROTECTED] wrote:
> > From: Vivek Kumar [mailto:[EMAIL PROTECTED]
> >   my $internal_net1 = "191.0.0";
> >   my $internal_net2 = "191.0.1";
> >   $hostip=~  /^(\d+\.\d+\.\d+)./ ;
> >   my $mailip = $1;
> >   if($mailip eq $internal_net1 || $mailip eq $internal_net2) {
> 
> This won't do what you want.  || binds more tightly than eq so you're
> effectively saying
> $mailip eq ($internal_net1 || $mailip) eq $internal_net2
> which in turn is the same as
> $mailip eq $internal_net1 eq $internal_net2
> which is the same as either
> 1 eq $internal_net2
> or
> 0 eq $internal_net2
> which is always
> 0
> 
> so your "if" condition will never be true.
> 
> Try
> $mailip eq $internal_net1 or $mailip eq $internal_net2
> or
> ($mailip eq $internal_net1) || ($mailip eq $internal_net2)
> 
> [EMAIL PROTECTED]  805.964.4554 x902
> Hispanic Business Inc./HireDiversity.com Software Engineer
> perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
> ___
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> [EMAIL PROTECTED]
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Still outbound messages are getting blocked by spamassassin

2004-07-09 Thread Jeff Rife 
On 9 Jul 2004 at 10:41, Vivek Kumar wrote:

> sub filter_relay($$$){
>   my ($hostip,$hostname,$helo) = @_;
>   my $internal_net1 = "191.0.0";
>   my $internal_net2 = "191.0.1";
>   $hostip=~  /^(\d+\.\d+\.\d+)./ ;
>   my $mailip = $1;
>   if($mailip eq $internal_net1 || $mailip eq $internal_net2) {
> return("ACCEPT_AND_NO_MORE_FILTERING","It's from us it
> gotta
> be good");
> }
>   return("CONTINUE","");  
> } 

I'm not a Perl guru, so I'm probably wrong, but wouldn't the following be 
a lot cleaner:

sub filter_relay($$$)
{
my ($hostip, $hostname, $helo) = @_;

if ($hostip =~ /^191\.0\.[01]\./)
  {
  return('ACCEPT_AND_NO_MORE_FILTERING', "It's from us");
  }

return('CONTINUE', "");
}


--
Jeff Rife| "When I first heard that Marge was joining the 
SPAM bait:   |  police academy, I thought it would be fun and 
[EMAIL PROTECTED] |  zany, like that movie: Spaceballs.  But instead 
[EMAIL PROTECTED]  |  it was dark and disturbing, like that movie: 
 |  Police Academy." 
 | -- Homer Simpson 


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Still outbound messages are getting blocked by s pamassassin

2004-07-09 Thread Jim McCullars 


On Fri, 9 Jul 2004, Vivek Kumar wrote:

> Hi Matthew,
>
> I tried both the following syntax you suggested but I got compliation
> error.

   How about just:

   if ($hostip =~ /^191\.0\.(?:0|1)/) {
return("ACCEPT_AND_NO_MORE_FILTERING","OK")
   }

   HTH...

Jim McCullars
University of Alabama in Huntsville


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Testing and dictionary attack..

2004-07-09 Thread Kelson Vibber 
At 09:14 AM 7/7/2004, Net Guy wrote:
What has been decided:  Do I just drop eMail from whomever that has the 
wrong reciepent, or do I bounce it ( nouser: No user here by that name 
)?  In my limited view of things I see that either could have benefits:

Bounce -> the folks that are real and not spammers know that they screwed 
up the address.
Drop -> the spammers think that the address works, so the spam lists grow 
with invalid names.
I suggest bounce (in the action_bounce, reject at SMTP time sense).  The 
potentially large consequence of losing a legitimate message outweighs the 
likely small benefit of polluting the spammers' lists.

I say it's a small benefit because:
- If you're dropping the message, you still need to waste the bandwidth to 
make them think you've accepted it.
- Unless you're tarpitting it, it won't slow them down much.
- Many spammers don't clean up their lists anyway.  Heck, many legit 
mailing lists don't either.  We get lots of mail sent to long-dead 
accounts, some of which I ended up reactivating, watching for (and 
unsubscribing from) legit newsletters, and turning into spamtraps.

Kelson Vibber
SpeedGate Communications  

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Testing and dictionary attack..

2004-07-09 Thread David F. Skoll 
On Fri, 9 Jul 2004, Kelson Vibber wrote:

> - Many spammers don't clean up their lists anyway.

I was recently at an anti-spam conference.  I met an e-mail admin
who ran a domain that had been inactive for two years.  That is, for
two whole years, the domain "xxx.ca" had NO published MX records, and any
e-mail to [EMAIL PROTECTED] would fail.  (xxx.ca is not really the domain;
I obscured it for privacy reasons.)

Out of curiosity, the admin published an MX record for that domain.
He was *immediately* flooded with 100,000 spams/day.

I believe this settles the discussion as to whether spammers clean
their lists.

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Still outbound messages are getting blocked by s pamassassin

2004-07-09 Thread Matthew . van . Eerde 
> From: Jim McCullars [mailto:[EMAIL PROTECTED]
> On Fri, 9 Jul 2004, Vivek Kumar wrote:
> 
> > Hi Matthew,
> >
> > I tried both the following syntax you suggested but I got 
> compliation
> > error.
> 
>How about just:
> 
>if ($hostip =~ /^191\.0\.(?:0|1)/) {
> return("ACCEPT_AND_NO_MORE_FILTERING","OK")
>}

That would aslo match 191.0.12.38, for example.

This might work though:
if ($hostip =~ /^(?:191\.0\.(?:0|1)|127\.0\.0)\./) {
 return("ACCEPT_AND_NO_MORE_FILTERING","OK")
}

[EMAIL PROTECTED]  805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Testing and dictionary attack..

2004-07-09 Thread WBrown 
[EMAIL PROTECTED] wrote on 07/09/2004 02:44:10 
PM:

> I was recently at an anti-spam conference.  I met an e-mail admin
> who ran a domain that had been inactive for two years.  That is, for
> two whole years, the domain "xxx.ca" had NO published MX records, and 
any
> e-mail to [EMAIL PROTECTED] would fail.  (xxx.ca is not really the domain;
> I obscured it for privacy reasons.)
> 
> Out of curiosity, the admin published an MX record for that domain.
> He was *immediately* flooded with 100,000 spams/day.
> 
> I believe this settles the discussion as to whether spammers clean
> their lists.

I'll second that!  I had a subdomain that went dead.  Early this year, I 
resurected it to test Mimedefang and then later CanIT four years after it 
went dead.  Boy did the spam start rolling in!  At least it gave me 
something to test against. 
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Testing and dictionary attack..

2004-07-09 Thread john 
Very true... However, spammers are definitly aggressive when it comes to 
finding new addresses on your server. 

When I first started doing spam filtering on front-end machines, I would 
just relay everything to the backend. So if spammers were sending email to 
randomly generated accounts ([EMAIL PROTECTED]) I was not returning a 
550 even though that address did not exist. As result, Mr. Bob Smith has 
become popular and now I can't get spammers to believe that he is gone! 

Now, I always explicitly relay per address to prevent this type of 
harvesting. 

-john



>From : David F. Skoll <[EMAIL PROTECTED]>
To : [EMAIL PROTECTED]
Subject : Re: [Mimedefang] Testing and dictionary attack..
Date : Fri, 9 Jul 2004 14:44:10 -0400 (EDT)
> On Fri, 9 Jul 2004, Kelson Vibber wrote:
> 
> > - Many spammers don't clean up their lists anyway.
> 
> I was recently at an anti-spam conference.  I met an e-mail admin
> who ran a domain that had been inactive for two years.  That is, for
> two whole years, the domain "xxx.ca" had NO published MX records, and 
any 
> e-mail to [EMAIL PROTECTED] would fail.  (xxx.ca is not really the domain;
> I obscured it for privacy reasons.)
> 
> Out of curiosity, the admin published an MX record for that domain.
> He was *immediately* flooded with 100,000 spams/day.
> 
> I believe this settles the discussion as to whether spammers clean
> their lists.
> 
> Regards,
> 
> David.
> ___
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> [EMAIL PROTECTED]
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Failing filter snippet (was More filter_recipient Qs...)

2004-07-09 Thread Ashley M. Kirchner 
   Can anyone tell me why this snippet fails?
sub filter_recipient {
   my($recipient, $sender, $rest) = @_;
   if ($recipient =~ /[EMAIL PROTECTED]>?/i) {
   my($answer, $explanation) =
   md_check_against_smtp_server($sender, $recipient,
"serpico.pcraft.com", "ivanhoe.pcraft.com");
   } else {
   my($answer, $explanation) =
   md_check_against_smtp_server($sender, $recipient,
"serpico.pcraft.com", "fargo.pcraft.com");
   }
   # Convert TEMPFAIL to CONTINUE
   $answer = 'CONTINUE' if ($answer eq 'TEMPFAIL');
   return ($answer, $explanation);
}
   I get this error in my log files:
Jul  9 13:19:22 int-ivanhoe.pcraft.com sm-mta[15361]: i69JJLWd015361:
   from=<[EMAIL PROTECTED]>, size=0,
   class=0, nrcpts=1, proto=SMTP, daemon=MTA,
   relay=serpico.pcraft.com [204.144.132.162]
Jul  9 13:19:22 int-serpico.pcraft.com mimedefang.pl[32453]:
   filter_recipient rejected recipient <[EMAIL PROTECTED]>
Jul  9 13:19:22 int-serpico.pcraft.com mimedefang-multiplexor[32452]:
   Slave 0 stderr: Use of uninitialized value in pattern
   match (m//) at /usr/local/bin/mimedefang.pl line 5710.
   Use of uninitialized value in string eq at
   /usr/local/bin/mimedefang.pl line 5716.
   Use of uninitialized value in string eq at
   /usr/local/bin/mimedefang.pl line 5716.
   Use of uninitialized value in string eq at
   /usr/local/bin/mimedefang.pl line 5716.
   Use of uninitialized value in string eq at
   /usr/local/bin/mimedefang.pl line 5716. 

Jul  9 13:19:22 int-serpico.pcraft.com sm-mta[32480]: i69JJLpt032480:
   Milter: to=<[EMAIL PROTECTED]>, reject=554 5.7.1 ?
Jul  9 13:19:22 int-serpico.pcraft.com sm-mta[32480]: i69JJLpt032480:
   from=<[EMAIL PROTECTED]>, size=3460,
   class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
   relay=smtp-out6.xs4all.nl [194.109.24.7]
--
W | I haven't lost my mind; it's backed up on tape somewhere.
 +
 Ashley M. Kirchner    .   303.442.6410 x130
 IT Director / SysAdmin / WebSmith . 800.441.3873 x130
 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6
 http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A.

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Failing filter snippet (was More filter_recipient Qs...)

2004-07-09 Thread David F. Skoll 
On Fri, 9 Jul 2004, Ashley M. Kirchner wrote:

> sub filter_recipient {
> my($recipient, $sender, $rest) = @_;
> if ($recipient =~ /[EMAIL PROTECTED]>?/i) {
> my($answer, $explanation) =
> md_check_against_smtp_server($sender, $recipient,
>  "serpico.pcraft.com", "ivanhoe.pcraft.com");
> } else {

Your $answer and $explanation variables go out of scope after the
close bracket, so later on...

> # Convert TEMPFAIL to CONTINUE
> $answer = 'CONTINUE' if ($answer eq 'TEMPFAIL');
> return ($answer, $explanation);

$answer and $explanation are undefined.

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Failing filter snippet (was More filter_recipie nt Qs...)

2004-07-09 Thread Matthew . van . Eerde 
> From: David F. Skoll [mailto:[EMAIL PROTECTED]
> 
> On Fri, 9 Jul 2004, Ashley M. Kirchner wrote:
> 
> > sub filter_recipient {
> > my($recipient, $sender, $rest) = @_;
> > if ($recipient =~ /[EMAIL PROTECTED]>?/i) {
> > my($answer, $explanation) =
> > md_check_against_smtp_server($sender, $recipient,
> >  "serpico.pcraft.com", "ivanhoe.pcraft.com");
> > } else {
> 
> Your $answer and $explanation variables go out of scope after the
> close bracket, so later on...
> 
> > # Convert TEMPFAIL to CONTINUE
> > $answer = 'CONTINUE' if ($answer eq 'TEMPFAIL');
> > return ($answer, $explanation);
> 
> $answer and $explanation are undefined.
> 
sub filter_recipient {
my($recipient, $sender, $rest) = @_;
+++ my ($answer, $explanation); 
   if ($recipient =~ /[EMAIL PROTECTED]>?/i) {
---my($answer, $explanation) =
+++ ($answer, $explanation) =
md_check_against_smtp_server($sender, $recipient,
 "serpico.pcraft.com", "ivanhoe.pcraft.com");
} else {
---my($answer, $explanation) =
+++($answer, $explanation)
md_check_against_smtp_server($sender, $recipient,
 "serpico.pcraft.com", "fargo.pcraft.com");
}
# Convert TEMPFAIL to CONTINUE
$answer = 'CONTINUE' if ($answer eq 'TEMPFAIL');
return ($answer, $explanation);
}

[EMAIL PROTECTED]  805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Re: Failing filter snippet...

2004-07-09 Thread Ashley M. Kirchner 
David F. Skoll wrote:
Your $answer and $explanation variables go out of scope after the
close bracket, so later on...
$answer and $explanation are undefined.
   D'oph.  I shoulda seen that coming.  Anyway, that having been fixed, 
now I'm faced with another problem:

 Incoming mail on the MX:
 Jul  9 14:51:14 int-serpico.pcraft.com mimedefang-multiplexor[2374]:
Starting slave 2 (pid 2499) (3 running): About to execute command
'recipok <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
216.92.131.4'

   Log on the spool:
 Jul  9 14:51:18 int-ivanhoe.pcraft.com sm-mta[16897]:
i69KmmSV016897: serpico.pcraft.com [204.144.132.162] did not
issue MAIL/EXPN/VRFY/ETRN during connection to MTA

 ...and it sits there.  When I look at the running processes no the MX, 
I get a lot of these:

 sendmail: ./i69KoV0i002485 int-ivanhoe.pcraft.com.: client greeting
 sendmail: ./i69KpEDu002497 int-ivanhoe.pcraft.com.: client greeting
 sendmail: ./i69KpU5I002501 int-ivanhoe.pcraft.com.: client greeting
 sendmail: ./i69KsZ91002577 int-ivanhoe.pcraft.com.: client greeting
   Mail now takes much longer to go from the MX to the spool - my guess 
is it's waiting for the client greeting to time out.

--
W | I haven't lost my mind; it's backed up on tape somewhere.
 +
 Ashley M. Kirchner    .   303.442.6410 x130
 IT Director / SysAdmin / WebSmith . 800.441.3873 x130
 Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6
 http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A.

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Still outbound messages are getting blocked, by spamassassin

2004-07-09 Thread Atanas 
if($mailip eq $internal_net1 || $mailip eq $internal_net2) {

This won't do what you want.  || binds more tightly than eq
so you're effectively saying
$mailip eq ($internal_net1 || $mailip) eq $internal_net2
> ...
Wrong. '||' and 'or' *both* have lower precedence than 'eq', '==', etc.
Please read the man pages before posting.
Regards,
Atanas
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] Still outbound messages are getting blocked, by spamassassin

2004-07-09 Thread -ray 
On Fri, 9 Jul 2004, Atanas wrote:

> >> if($mailip eq $internal_net1 || $mailip eq $internal_net2) {
> 
> Wrong. '||' and 'or' *both* have lower precedence than 'eq', '==', etc.
> Please read the man pages before posting.

Why not use parentheses for precedence?  It's safer and much easier to 
read, IMO: 

if (($mailip eq $internal_net1) || ($mailip eq $internal_net2)) {

ray


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Still outbound messages are getting blocked by s pamassassin

2004-07-09 Thread alan premselaar 

[EMAIL PROTECTED] wrote:
From: Jim McCullars [mailto:[EMAIL PROTECTED]
On Fri, 9 Jul 2004, Vivek Kumar wrote:

Hi Matthew,
I tried both the following syntax you suggested but I got 
compliation
error.
  How about just:
  if ($hostip =~ /^191\.0\.(?:0|1)/) {
   return("ACCEPT_AND_NO_MORE_FILTERING","OK")
  }

That would aslo match 191.0.12.38, for example.
This might work though:
if ($hostip =~ /^(?:191\.0\.(?:0|1)|127\.0\.0)\./) {
 return("ACCEPT_AND_NO_MORE_FILTERING","OK")
}
I use a subroutine that allows me to be creative and/or easily expand my 
list of machines/networks that can send email unfiltered. The code had 
been posted to the list awhile back so i'm not going to take credit for 
writing it. I obviously modified it for my own use.

I personally don't use ACCEPT_AND_NO_MORE_FILTERING because I still 
force virus scans of outgoing mail, but i use these tests to bypass the 
SpamAssassin tests as necessary.

hope this helps,
alan
code follows:
-
use Socket;
sub valid_local_network {
my  ($hostip) = @_;
my  $addr   ='';
my  $network_string = '';
my  $mask_string = '';
my  %exempt_subnets = (
'127.0.0.0','255.0.0.0',
'192.168.0.0','255.255.255.0', 

'192.168.1.0','255.255.255.0',
);
$addr = inet_aton $hostip;
while ( ($network_string,$mask_string) = each %exempt_subnets) {
my $network = inet_aton $network_string;
my $mask = inet_aton $mask_string;
if ( ($addr & $mask) eq $network) { 

return 1; 

} 

} 



return 0; 

}
then in filter_relay you could have:
sub filter_relay ($$$) {
my ($hostip, $hostname, $helo) = @_;
if (valid_local_network($hostip)) {
return('ACCEPT_AND_NO_MORE_FILTERING', "It's from us.");
}
# ... other relay tests here
return('CONTINUE',"");
}
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang