Re: [Mimedefang] OT - Using rDNS sendmail hack - your experiences

2005-04-28 Thread Les Mikesell 
On Thu, 2005-04-28 at 10:47, Jason Gurtz wrote:
> On 4/27/2005 16:36, James Ebright wrote:
> 
> > Honestly, in your case I would use CNAMES liberally and make your MX server
> > the same as the PTR reverses but have customers still use the CNAME for 
> > their
> > MUA configurations. This will not appear any different to the end user but
> > will bring you into full compliance without using a CNAME for the MX record
> > (which is a rfc MUST NOT).
> 
> Hmm, I guess that's not too a bad idea.  It'll be a weird name but
> definitely more correct.  Now the only question is why didn't I consider
> that before!?

CNAMEs are a little weird in that *all* related info follows them.  In
particular if the target of the CNAME has an MX record, the CNAME
will have that MX record associated as well.  In your case that's
probably what you want but it can be confusing if you don't expect
that.

-- 
  Les Mikesell
   [EMAIL PROTECTED]


___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] How do I unquarantine a message?

2005-04-28 Thread Kenneth Porter 
--On Thursday, April 28, 2005 4:34 PM +1000 Mathew Thomas 
<[EMAIL PROTECTED]> wrote:

How can I unquarantine  a message with attachments which is captured by
action_quarentine?

(I just appended my script to the end.)
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] How do I unquarantine a message?

2005-04-28 Thread Matthew.van.Eerde 
[EMAIL PROTECTED] wrote:
> Hi All,
> 
> How can I unquarantine  a message with attachments which is captured
> by action_quarentine? 

Here's how I do it.  And I have to do it a lot.

In mimedefang-filter:

At top of filter:

my $hostname_for_security = `hostname`;
chomp($hostname_for_security);

in filter():

if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
#   return action_drop_with_warning("An attachment named $fname was removed
from this document as it\nconstituted a security hazard.  If you require this do
cument, please contact\nthe sender and arrange an alternate means of receiving i
t.\n");
# HBI change to
my $security_message =
$global_security_message . "\n" .
"This attachment was named \"" . $fname . "\"\n\n" .
"Quarantine info:\n" .
"unquarantine " . $hostname_for_security . " " .
get_quarantine_dir() . " " .
"PART." . (($QuarantineCount || 0) + 1) . ".BODY " .
"\"" . $fname . "\"\n";
return action_quarantine($entity, $security_message);
 }

This adds an "unquarantine" command tailored for the particular deliverable.

On my workstation, install PuTTY in C:\putty
create unquarantine.bat:
@echo off

setlocal

set unquarserver=%1
set unquardirectory=%2
set unquarbodypart=%3
set unquarfilename=%4
rem whole command should be copy/pasted from warning message
set /p unquaruser=Enter your username for %unquarserver%: 

echo Deleting and recreating working directory...
rmdir /s /q "C:\unquarantine_email"
mkdir C:\unquarantine_email

echo Retrieving %unquarfilename% from %unquarserver%...
echo Your password is specific to unquarantining
echo If you forget your password log in to %1 as root, then
echo use "passwd matthew-van-eerde" to reset it
call "C:\Program Files\putty\pscp.exe" [EMAIL 
PROTECTED]:%unquardirectory%/%unquarbodypart% 
C:\unquarantine_email\%unquarbodypart%

echo Copying C:\unquarantine_email\%unquarbodypart% as %unquarfilename%...
C:
cd \unquarantine_email
copy %unquarbodypart% %unquarfilename%

echo Make ABSOLUTELY SURE it's not a virus before sending it on!
echo Pressing a key will open the C:\unquarantine_email folder...
pause
explorer C:\unquarantine_email

endlocal

Now if a user's attachment is quarantined, they forward me the warning.txt
I copy/paste the command from warning.txt to a command prompt
A window pops up with the unquarantined file, and it even has its original 
filename!

Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg," 

___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] OT - Using rDNS sendmail hack - your experiences

2005-04-28 Thread Jason Gurtz 
On 4/27/2005 16:36, James Ebright wrote:

> Honestly, in your case I would use CNAMES liberally and make your MX server
> the same as the PTR reverses but have customers still use the CNAME for their
> MUA configurations. This will not appear any different to the end user but
> will bring you into full compliance without using a CNAME for the MX record
> (which is a rfc MUST NOT).

Hmm, I guess that's not too a bad idea.  It'll be a weird name but
definitely more correct.  Now the only question is why didn't I consider
that before!?

Cheers,

~Jason

-- 
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] How do I unquarantine a message?

2005-04-28 Thread Renaud PASCAL 
Le Jeudi 28 Avril 2005 15:28, David F. Skoll a écrit :
> Kevin A. McGrail wrote:
> 
> > (echo "From `cat SENDER | tr -d '<>'` `date`"; cat ENTIRE_MESSAGE) >
> > message.mbox && mutt -f message.mbox
> 
> That works nicely if you've had the foresight to use
> action_quarantine_entire_message().  If you've only used 
action_quarantine()
> to quarantine individual parts, the task is much harder.  In general,
> you can't reconstruct the original message just from the quarantined 
parts.

Thats' true.

Here a simple form to cope with simple cases, it may
be a start for the OP :-)
I use it from time to time, never turned it on to a real
script because each case may need some arrangements.
(Besides it'll never re-create parts that were stripped off)

Now, my buoyteefool kode :
cd /whereverthemailhasbeenquarantined

cat  << "___E_O_F___" |sendmail  -oi -Am -v -t -f postmaster
$(cat HEADERS)


--$(grep 'boundary=' HEADERS |cut -d= -f2-|tr -d '\"')
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline



--$(grep 'boundary=' HEADERS |cut -d= -f2-|tr -d '\"')
$(cat PART.1.HEADERS)

$(mimencode -b PART.1.BODY)

--$(grep 'boundary=' HEADERS |cut -d= -f2-|tr -d '\"')
___E_O_F___
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] How do I unquarantine a message?

2005-04-28 Thread David F. Skoll 
Kevin A. McGrail wrote:

> (echo "From `cat SENDER | tr -d '<>'` `date`"; cat ENTIRE_MESSAGE) >
> message.mbox && mutt -f message.mbox

That works nicely if you've had the foresight to use
action_quarantine_entire_message().  If you've only used action_quarantine()
to quarantine individual parts, the task is much harder.  In general,
you can't reconstruct the original message just from the quarantined parts.

Regards,

David.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] How do I unquarantine a message?

2005-04-28 Thread Kevin A. McGrail 
Mathew:
Because we have rarely had to do it, I do it 100% manually.
First, I go into the MD-Quarantine dir and I look for the email.  Then, 
thanks to DFS for the From line fix, I run this command to read the email 
with mutt.

(echo "From `cat SENDER | tr -d '<>'` `date`"; cat ENTIRE_MESSAGE) > 
message.mbox && mutt -f message.mbox

Then, if you have to redirect it, use the b (bounce) command.  Or use v to 
view the attachments, etc.

Regards,
KAM
How can I unquarantine  a message with attachments which is captured by 
action_quarentine?
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] using a RAM disk for mimedefang temp directory?

2005-04-28 Thread Kevin A. McGrail 
Sorry, read that as:

I got tired of the disk I/O grind from DB3 & bayes/AWL so I switched to
mySQL which seems much better on using reources efficiently.

KAM

On Wed, Apr 27, 2005 at 09:10:50PM -0400, David F. Skoll wrote:
> Kevin A. McGrail wrote:
> 
> > [keeping Bayes DB in RAM is] Probably a good move.  I got a little
> > tired of the disk I/O grind with DB and Bayes/AWL and I'm using
> > mySQL.  It seems much better on using the resources of the server
> > most efficiently.
> 
> That's strange.  We use our own Bayes implementation in CanIt, and
> it's stored in a PostgreSQL database.  We haven't had performance
> issues with that setup.
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] How do I unquarantine a message?

2005-04-28 Thread Mathew Thomas 
Hi All,

How can I unquarantine  a message with attachments which is captured by 
action_quarentine?

Thanks
Mathew



___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang