[Mimedefang] stream_by_recipient - mail dissapears
Im trying to learn about mimedefang, using a testsetup. My setup has dual sendmail, and the mimedefang is on my second sendmail instance. When i use stream_by_recipient the mail simply dissapears. The last i find in my logs in the following Jan 24 10:59:32 quarantine4 sm-mta-rx[16696]: k0O9xK9j016695: to=<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>, delay=00:00:12, xdelay=00:00:11, mailer=esmtp, pri=151238, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent After that the mail is gone. both sendmail queue's are empty. I simply cant figure out whats happening here. Im guessing since there's 2 recipient in the logline above, that it's not from the "re-sent" mails, but from the original mail with multiple recipients. Any help would be appriciated. Thanks in advance, Best Regards ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang 2.55 is released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.55 is at http://www.mimedefang.org/node.php?id=1. There are no changes since MIMEDefang 2.55-BETA-4. Complete changelog relative to 2.54 follows. Regards, David. 2006-01-24 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55 RELEASED 2006-01-20 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-4 RELEASED * mimedefang.c: The new '-R' option lets you reserve a specified number of slaves for connections from localhost. The idea is to try to allow clientmqueue runs to succeed even on heavily-loaded systems. * Patched to look for more modern "vascan" virus-scanner rather than older "vexira" scanner. Support for the older Vexira scanner has been dropped; please see README.VEXIRA. Changes courtesy of Matt Selsky and Ken Cormack. 2006-01-18 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-3 RELEASED 2006-01-17 David F. Skoll <[EMAIL PROTECTED]> * Added support for "filter_helo" function, based on a patch from Philip Prindeville. * examples/init-script.in: Fixed typo. * mimedefang.c: Use symbolic constants (MD_TEMPFAIL, MD_CONTINUE, etc.) instead of hard-coded integers, based on suggestion from Philip Prindeville. 2006-01-11 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-2 RELEASED * mimedefang.pl.in: The filter_begin function is now passed a single argument ($entity) representing the parsed message. *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT, NOT ZERO. IF YOUR FILTER HAS A PROTOTYPE FOR filter_begin, YOU SHOULD FIX OR REMOVE THE PROTOTYPE * mimedefang.c, mimedefang.pl.in: Added new action_insert_header to prepend headers (rather than appending them). Only works properly with Sendmail 8.13; on older versions of Sendmail, falls back to action_add_header. Based on patch from Matthew van Eerde. * mimedefang.pl.in: Added new function md_get_bogus_mx_hosts. Allows to test for sender domains with bogus MX hosts (such as hosts that resolve to the loopback or private IP addresses.) * mimedefang.pl.in: Invoke the "fsav" virus scanner with the --mime option. Fix courtesy of Mack Wharton. * mimedefang.pl.in: Correctly interpret kavscanner return code 9 (password-protected ZIP.) Fix courtesy of Mack Wharton. 2005-11-17 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip "bare CR" characters from e-mails by default. The new "-c" command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1jy9wYQuKhJvQuARAmpYAKCGyT6WIn9KdEiCSzJ7fZkXYKZ7CwCcDofn bzNKe2JtNCMJ7bOBxlVe/8k= =hL84 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.55 is released
Disregard my last. I was looking at my existing files, rather than the new ones (::duh::) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll Sent: Tuesday, January 24, 2006 9:42 AM To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] MIMEDefang 2.55 is released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.55 is at http://www.mimedefang.org/node.php?id=1. There are no changes since MIMEDefang 2.55-BETA-4. Complete changelog relative to 2.54 follows. Regards, David. 2006-01-24 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55 RELEASED 2006-01-20 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-4 RELEASED * mimedefang.c: The new '-R' option lets you reserve a specified number of slaves for connections from localhost. The idea is to try to allow clientmqueue runs to succeed even on heavily-loaded systems. * Patched to look for more modern "vascan" virus-scanner rather than older "vexira" scanner. Support for the older Vexira scanner has been dropped; please see README.VEXIRA. Changes courtesy of Matt Selsky and Ken Cormack. 2006-01-18 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-3 RELEASED 2006-01-17 David F. Skoll <[EMAIL PROTECTED]> * Added support for "filter_helo" function, based on a patch from Philip Prindeville. * examples/init-script.in: Fixed typo. * mimedefang.c: Use symbolic constants (MD_TEMPFAIL, MD_CONTINUE, etc.) instead of hard-coded integers, based on suggestion from Philip Prindeville. 2006-01-11 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-2 RELEASED * mimedefang.pl.in: The filter_begin function is now passed a single argument ($entity) representing the parsed message. *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT, NOT ZERO. IF YOUR FILTER HAS A PROTOTYPE FOR filter_begin, YOU SHOULD FIX OR REMOVE THE PROTOTYPE * mimedefang.c, mimedefang.pl.in: Added new action_insert_header to prepend headers (rather than appending them). Only works properly with Sendmail 8.13; on older versions of Sendmail, falls back to action_add_header. Based on patch from Matthew van Eerde. * mimedefang.pl.in: Added new function md_get_bogus_mx_hosts. Allows to test for sender domains with bogus MX hosts (such as hosts that resolve to the loopback or private IP addresses.) * mimedefang.pl.in: Invoke the "fsav" virus scanner with the --mime option. Fix courtesy of Mack Wharton. * mimedefang.pl.in: Correctly interpret kavscanner return code 9 (password-protected ZIP.) Fix courtesy of Mack Wharton. 2005-11-17 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip "bare CR" characters from e-mails by default. The new "-c" command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1jy9wYQuKhJvQuARAmpYAKCGyT6WIn9KdEiCSzJ7fZkXYKZ7CwCcDofn bzNKe2JtNCMJ7bOBxlVe/8k= =hL84 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roar
RE: [Mimedefang] MIMEDefang 2.55 is released
David, Looking through the sample redhat-related files (specifically, the mimedefang-init and mimedefang-sysconfig scripts, do you have any plans to incorporate support for the new -H flag, for filter_helo? Or should I just add something in there in my own existing files? (Got any preference for variable names?) Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David F. Skoll Sent: Tuesday, January 24, 2006 9:42 AM To: mimedefang@lists.roaringpenguin.com Subject: [Mimedefang] MIMEDefang 2.55 is released -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.55 is at http://www.mimedefang.org/node.php?id=1. There are no changes since MIMEDefang 2.55-BETA-4. Complete changelog relative to 2.54 follows. Regards, David. 2006-01-24 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55 RELEASED 2006-01-20 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-4 RELEASED * mimedefang.c: The new '-R' option lets you reserve a specified number of slaves for connections from localhost. The idea is to try to allow clientmqueue runs to succeed even on heavily-loaded systems. * Patched to look for more modern "vascan" virus-scanner rather than older "vexira" scanner. Support for the older Vexira scanner has been dropped; please see README.VEXIRA. Changes courtesy of Matt Selsky and Ken Cormack. 2006-01-18 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-3 RELEASED 2006-01-17 David F. Skoll <[EMAIL PROTECTED]> * Added support for "filter_helo" function, based on a patch from Philip Prindeville. * examples/init-script.in: Fixed typo. * mimedefang.c: Use symbolic constants (MD_TEMPFAIL, MD_CONTINUE, etc.) instead of hard-coded integers, based on suggestion from Philip Prindeville. 2006-01-11 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-2 RELEASED * mimedefang.pl.in: The filter_begin function is now passed a single argument ($entity) representing the parsed message. *** NOTE INCOMPATIBILITY *** filter_begin NOW TAKES ONE ARGUMENT, NOT ZERO. IF YOUR FILTER HAS A PROTOTYPE FOR filter_begin, YOU SHOULD FIX OR REMOVE THE PROTOTYPE * mimedefang.c, mimedefang.pl.in: Added new action_insert_header to prepend headers (rather than appending them). Only works properly with Sendmail 8.13; on older versions of Sendmail, falls back to action_add_header. Based on patch from Matthew van Eerde. * mimedefang.pl.in: Added new function md_get_bogus_mx_hosts. Allows to test for sender domains with bogus MX hosts (such as hosts that resolve to the loopback or private IP addresses.) * mimedefang.pl.in: Invoke the "fsav" virus scanner with the --mime option. Fix courtesy of Mack Wharton. * mimedefang.pl.in: Correctly interpret kavscanner return code 9 (password-protected ZIP.) Fix courtesy of Mack Wharton. 2005-11-17 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.55-BETA-1 RELEASED * examples/init-script.in: Fix typo that resulted in the shell complaining of a syntax error (pointed out by Jason Englander). * Clean up man pages by removing some obsolete material. * mimedefang.c: Do NOT strip "bare CR" characters from e-mails by default. The new "-c" command-line option enables the older behavior. *** NOTE INCOMPATIBILITY *** WE NO LONGER STRIP BARE CR's FROM MESSAGES BY DEFAULT. TEST YOUR FILTERS CAREFULLY TO MAKE SURE THEY CAN COPE WITH THIS, OR USE THE -c FLAG. * mimedefang.c(rcptto): If you returned ACCEPT_AND_NO_MORE_FILTERING from filter_recipient, the spool files wouldn't get cleaned up, eventually clogging the spool directory. This has been fixed. * mimedefang.pl.in(interpret_hbedv_code): Fix interpretation of H+BEDV return codes (pointed out by Henning Schmiedehausen). 2005-11-04 David F. Skoll <[EMAIL PROTECTED]> * VERSION 2.54 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD1jy9wYQuKhJvQuARAmpYAKCGyT6WIn9KdEiCSzJ7fZkXYKZ7CwCcDofn bzNKe2JtNCMJ7bOBxlVe/8k= =hL84 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mime
Re: [Mimedefang] MIMEDefang 2.55 is released
Cormack, Ken wrote: > Looking through the sample redhat-related files (specifically, the > mimedefang-init and mimedefang-sysconfig scripts, do you have any plans to > incorporate support for the new -H flag, for filter_helo? Doh! I forgot. I added it to the generic startup script, but not the Red Hat ones. Thanks to all the beta testers who caught that! :-> To be honest, I don't think filter_helo is useful. It has the same effect as filtering on HELO during MAIL (because of the way Sendmail works), so I really think it's a waste of time. However, for consistency, I suppose we should add MX_HELO_CHECK support to the Red Hat init files. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Problem fixed?
Hi, It's me again -- that person whom you are all probably tired of hearing from :-) I may have fixed my problem of Mimedefang driving up my systems load averages to the point of the system becoming almost unusable. Here's what I did: I deleted my Bayes database (based on a suggestion from someone that it might be a corrupt bayes database). I also increased some mimedefang timeouts: In /etc/init.d/mimedefang I changed MX_BUSY from 600 seconds to 1200 seconds In sendmail.cf I changed this line: INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, T=S:5m;R:5m') to end in S:30m;R:30m (I know I need to make that change in sendmail.mc and I will later). So far I've had mimedefang running again for close to an hour with load averages staying well below 1.0 This still doesn't explain why, when Sendmail/Mimedefang has been running on this box without problems for a long time, this problem of load averages suddenly occured and I'ld still like to figure that out but for now mimedefang is running again and I hope customer complaints about spam will start to stop. So far so good... Lisa Casey ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Problem fixed?
Lisa Casey wrote: > I deleted my Bayes database (based on a suggestion from someone that > it might be a corrupt bayes database). Bingo! > So far I've had mimedefang running again for close to an hour with > load averages staying well below 1.0 Good... > This still doesn't explain why, when Sendmail/Mimedefang has been > running on this box without problems for a long time, this problem of > load averages suddenly occured and I'ld still like to figure that out > but for now mimedefang is running again and I hope customer > complaints about spam will start to stop. I'm guessing that the Bayes databases have been getting larger and larger over time, and they just recently got large enough to be a problem. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Problem fixed?
Lisa, > I deleted my Bayes database (based on a suggestion from > someone that it might be a corrupt bayes database). Its worth a try, and I'd be interested to see whether that makes a difference. However, some questions, and apologies if you've already been over some of these: 1. How big was the Bayes database? Each SpamAssassin thread ties to the database, and while the memory use won't be as much as the raw database size unless your DBM implementation is seriously flawed, it does need space for the tied hash. Big database + multiple threads = excessive memory use. 2. Did you run regular expires on the database using "sa-learn --force-expire [--showdots -D]"? The database loses relevance over time, so it is important to expire it regularly (daily/weekly) to ensure that it is kept under control. 3. Are you using Bayes journalling? This writes updates to a journal file rather than locking the database, and you then have to merge the journal with the DB at a suitable quiet time using "sa-learn --sync", although this is done on a forced expiry run anyway. 4. Did you keep a copy of the database? If so, can you successfully dump the contents using "sa-learn --backup > Bayes.bak"? If this works, the database is at least a clean DBM file, although the contents could in theory have been poisoned by malicious messages. Poisoning shouldn't impact on performance at random intervals though. You may want to clear out the database using "sa-learn --clear" and then re-import from your backup file using "sa-learn --restore" to verify that the DBM file is good. All of this can be done off-line using the "--dbpath" option to sa-learn to point to copies of the files. 5. Do you have "lock_method flock" in your sa-mimedefang.conf file? If not, and you do not share the Bayes database over NFS, then you should have it. The NFS-safe locking mechanism used by SA has always been very dubious, and I've seen it get into a terrible mess before. However, this basically only means that it cannot lock the file, so Bayes updates fail. Learning to the journal helps with this. 6. How has the memory footprint of slaves changed now that the Bayes database has been cleared? Are the processes now significantly lower in memory use? Best Wishes, Paul. -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.14.22/238 - Release Date: 23/01/2006 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang 2.55 is released
David F. Skoll wrote: Doh! I forgot. I added it to the generic startup script, but not the Red Hat ones. Thanks to all the beta testers who caught that! :-> Actually, that should have been in the original set of diffs that I submitted. They must have gotten dropped somewhere along the way. :-( To be honest, I don't think filter_helo is useful. It has the same effect as filtering on HELO during MAIL (because of the way Sendmail works), so I really think it's a waste of time. I've been talking to Claus about this. I've attached a copy of part of my email to him. -Philip However, for consistency, I suppose we should add MX_HELO_CHECK support to the Red Hat init files. Regards, David. I went ahead and contributed Milter support for filter_helo to Mimedefang (it should be in 2.55-FINAL). During testing, however, we noticed that even if the rule that fired in the HELO stage resulted in a REJECT, then the answer would still be a 250, and that the failure would be deferred to the MAIL FROM: % telnet mail.redfish-solutions.com 25 Trying 71.36.29.88... Connected to mail.redfish-solutions.com. Escape character is '^]'. 220 mail.redfish-solutions.com ESMTP Sendmail 8.13.1/8.13.1; Fri, 20 Jan 2006 14:19:59 -0700 helo localhost 250 mail.redfish-solutions.com Hello willers.employees.org [192.83.249.36], pleased to meet you mail from:<[EMAIL PROTECTED]> 554 5.7.1 Nothing local about you quit 221 2.0.0 mail.redfish-solutions.com closing connection Connection closed by foreign host. % (and on the server side:) Jan 20 14:19:59 mail sendmail[8179]: NOQUEUE: connect from willers.employees.org [192.83.249.36] Jan 20 14:19:59 mail sendmail[8179]: AUTH: available mech=DIGEST-MD5 ANONYMOUS CRAM-MD5, allowed mech=EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN Jan 20 14:19:59 mail sendmail[8179]: k0KLJxHx008179: Milter (mimdefang): init success to negotiate Jan 20 14:19:59 mail sendmail[8179]: k0KLJxHx008179: Milter: connect to filters Jan 20 14:19:59 mail mimedefang.pl[7506]: relay: 192.83.249.36, willers.employees.org Jan 20 14:19:59 mail mimedefang.pl[7506]: relay: matches 0.0.0.0/0 (CONTINUE: OK) Jan 20 14:20:03 mail mimedefang.pl[7506]: helo: willers.employees.org (192.83.249.36) said "helo localhost" Jan 20 14:20:03 mail mimedefang.pl[7506]: localhost: 192.83.249.36 (willers.employees.org) Jan 20 14:20:03 mail mimedefang.pl[7506]: filter_helo rejected helo localhost Jan 20 14:20:03 mail sendmail[8179]: k0KLJxHx008179: milter=mimdefang, action=helo, reject=554 5.7.1 Nothing local about you Jan 20 14:20:03 mail sendmail[8179]: k0KLJxHx008179: Milter: helo=localhost, reject=554 5.7.1 Nothing local about you Jan 20 14:20:45 mail master[4573]: process 8173 exited, status 0 I understand why this is done: strict compliance to the RFC. However, should the code be modified to allow the user to elect to be strictly complaint (make a mental note that this connection is suspect, and fail it out when we hit the filter_sender() stage)... or else to refuse the connection immediately? Here's why. Suppose that a virus or worm or other DOS attack was being propagated via email which Sendmail or something downstream was susceptible to... Further suppose that this agent has some fingerprint that makes it identifiable during the HELO stage, before the state machine enters a state where Sendmail becomes exploitable. In that case, I think I'd put self-preservation about strict RFC compliance (since a crashed or subverted machine isn't compliant in any case). How about adding a switch or knob that allows the HELO rejection in the Milter to be effective immediately, or even making that the default action? ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Question for the HOWTO page
I was wondering if we could update the HOWTO pages to describe installing Mimedefang and Spamassassin both on a system, so that the former is run, then the latter, or incoming email. I'd like to be able to reject mail that fails certain tests, like containing Hebrew, Cyrillic, and Han character sets (for instance)... rather than accepting it and marking it as spam. Why? Well, if the ratware sees enough rejections, I'm hoping they will eventually decide that it's not worth the resources to try to send me mail and will eventually delete me from their mailing list. I'm running FC3, and modified spamassassin and sendmail, the latter as: INPUT_MAIL_FILTER(`mimdefang', `S=local:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m') INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamassassin/sock, F=, T=C:15m;S:4m;R:4m;E:10m') (I noted at the time that Spamassassin defaults to a TCP socket and not a UNIX domain socket, at least under FC3, so /etc/sysconfig/spamassassin had to be modified to add --socketpath=... to it.) -Philip ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Question for the HOWTO page
> From: Philip Prindeville > Sent: Tuesday, January 24, 2006 5:09 PM > > I was wondering if we could update the HOWTO pages to describe > installing Mimedefang and Spamassassin both on a system, so that > the former is run, then the latter, or incoming email. > > I'd like to be able to reject mail that fails certain tests, like > containing > Hebrew, Cyrillic, and Han character sets (for instance)... rather than > accepting it and marking it as spam. Since you can coax SA to tag e-mails that have unacceptable languages and locales ... why not just run SA from MdF directly, and then look at the result (the tags) returned by SA? I don't know if the SA protocol will give you those tags directly, but it wouldn't be difficult pulling them from the headers. For example, X-Spam-Score: 11.565 (***) CHARSET_FARAWAY_HEADER,FORGED_HOTMAIL_RCVD,FORGED_RCVD_HELO,SPF_HELO_SOFTF AIL, SPF_SOFTFAIL,UNWANTED_LANGUAGE_BODY,URIBL_JP_SURBL ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Ratware and failures (was Re: [Mimedefang] Question for the HOWTO page)
Philip Prindeville wrote: > Why? Well, if the ratware sees enough rejections, I'm hoping they > will eventually decide that it's not worth the resources to try to send > me mail and will eventually delete me from their mailing list. Very unlikely. In my experience, spammers don't bother cleaning their lists. Heck, greylisting is still effective after three years, so that should tell you something about how ratware deals with failures. > I'm running FC3, and modified spamassassin and sendmail, the latter > as: > INPUT_MAIL_FILTER(`mimdefang', > `S=local:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m') > INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamassassin/sock, > F=, T=C:15m;S:4m;R:4m;E:10m') Is there a reason you don't call SpamAssassin from within MIMEDefang? Just curious; it seems to me it's easier to code business logic in Perl than as a sequence of milters. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Skipping scan on Forwarded mail - "Forward as Attachment"
Hi, mail gateways running Solaris 9 with Sendmail 8-13.1 +Mimedefang 2.44 + SpamAssassin 2.64 with Uvscan & ClamAv Some of our staff received W32/[EMAIL PROTECTED] virus which were sent to them as forwarded mail as Attachment. If the virus is not part of the forwarded mail attachment, the system is picking up the viruses. Will mimedefang scan forwarded mail which is sent as attachment? How deep it will scan? Thanks Mathew ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Skipping scan on Forwarded mail - "Forward as Attachment"
On Wed, 25 Jan 2006, Mathew Thomas wrote: Some of our staff received W32/[EMAIL PROTECTED] virus which were sent to them as forwarded mail as Attachment. If the virus is not part of the forwarded mail attachment, the system is picking up the viruses. Will mimedefang scan forwarded mail which is sent as attachment? How deep it will scan? That's up to you (or better your mimedefang-filter); you can setup MD to scan the message awhole, each part individually (or both), you can unpack archives and scan its content manually (unless your virus scanner does not do it itself or your filter knows more archive formats). There is no "depth" limit in MD, however, you can limit the number of MIME parts, the message may contain. BTW: If the attachments are sent via an archive, or Exchange-style MS-TNEF (which are archives, too), MD will see them as one single MIME part you have to unpack and scan yourself. Bye, -- Steffen Kaiser ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
