[Mimedefang] MIMEDefang 2.58 is Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, everyone, MIMEDefang 2.58 is available at http://www.mimedefang.org/node.php?id=1 Changes since 2.57 are given below. Regards, David. 2006-11-07 David F. Skoll [EMAIL PROTECTED] * VERSION 2.58 RELEASED * Memory leak in mimedefang found and fixed. If a client issues more than one MAIL command in a single SMTP session, then the milter used to leak approximately 16 bytes for each subsequent MAIL command. * Running ./configure --enable-debugging includes much more debugging output, especially to diagnose memory allocation and deallocation. DO NOT USE ON A PRODUCTION SERVER. * If we have Sys::Syslog 0.16 or higher, do not call setlogsock (which is deprecated). Patch based on suggestion from Matt Selsky. * Sample init script sets HOME=/var/spool/MIMEDefang. * Sample filter for Windows clients tweaked slightly: We don't complain about non-multipart .eml attachments (was causing false positives.) * Fixed typo in Red Hat sample init script. 2006-10-19 David F. Skoll [EMAIL PROTECTED] * VERSION 2.58-BETA-1 RELEASED * mimedefang.pl.in: If SpamAssassin version = 3.1.5, do not supply LOCAL_RULES_DIR or LOCAL_STATE_DIR in constructor. Use defaults from Perl modules. * examples/init-script.in: Add ALLOW_NEW_CONNECTIONS_TO_QUEUE config variable. * mimedefang-multiplexor.c: Fix useless call to sigprocmask. (Used SIG_BLOCK; should have been SIG_SETMASK) * mimedefang.c: Make sure that we're given the -p option. * embperl.c: Remove warning about Something in your filter has opened a file descriptor... because there are way too many systems that trigger this warning, and they don't seem to have problems. 2006-07-20 David F. Skoll [EMAIL PROTECTED] * Remove all support for the File::Scan module. 2006-06-19 David F. Skoll [EMAIL PROTECTED] * VERSION 2.57 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUKNlwYQuKhJvQuARApP+AKCgGooAZ8p/uQPXvVtqLB2HBIXfUgCcDWh5 PtAkZfnjo6KYw+o4VAhr8OM= =gZto -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Mimedefang/Filter_Sender PTR Exemptions
Hello All, Has anyone had success with creating a PTR exemption list using mimedefang 'filter_sender' or any other technology? After looking around the net, it appears that Mimedefang's 'filter_sender' might be able to do this. I have a Sendmail/Mimedefang setup, and Sendmail interprets a sender with multiple (more than ~10) PTR records as having no PTR record at all. I have attempted to try this Sendmail Hack (http://www.cs.niu.edu/~rickert/cf/hack/require_rdns.m4), but one of it's rules conflicts with something else I have in place (rDNS) check now rejects valid PTRs. Since Mimedefang is a milter call from Sendmail, I need to see if I can make Sendmail think these senders who have non-compliant PTR records are valid and are exempted from being rejected as having no PTR. Or more examples/documentation on 'filter_sender' would be nice. -- Red King Dharma Initiative - Hydra Station Email: [EMAIL PROTECTED] ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Woes following an OS upgrade
We were running FC3 on an x86_64 platform (good bang for the buck) and decided to finally upgrade to FC5... except that the FC3 to FC4 upgrade path doesn't really work, so we had to backup our disks, zap the system, install FC5 over it, and then copy back the content we wanted to keep. Hopefully, we did it right... And it was a lesson to us to make /var and /home be their own filesystems... Anyway, I botched the backup, as it happened. Got a 300GB USB drive, and did a cpio -p to it... No, not a cpio -pam, just cpio -p... grrr... and zapped the modified times on the destination files, and reset the access times on the source files... Since we were running cyrus-imapd, that meant that when we copied the files back... nothing happened... So we had to run reconstruct for all of the user.names to rebuild the .db of the mailbox names then I noticed two things. (1) all the messages were marked new (2) and deleted messages (that hadn't been purged, just marked deleted) were appearing as duplicates... Also noticed that all of the certificates broke... and then when we built new ones, they didn't work... because the serial numbers had been reset... also noticed that they had moved around from FC3 to FC5... but that it wasn't documented... Grr. Anyway, sorted all of that out. Only took about 10 hours. (Ok, so I'm slow to put things together... ;-) Lastly, I noticed that (you were probably wondering when this was going to actually be relevant to MdF, weren't you?) all of the mimedefang-filter logging was absent in the maillog files... even though the script was copied over and seemed to be working. No idea why this is. Anyone else seen this? Ideas where to start looking? And does anyone have a script that will traverse a user's IMAP mailbox space and delete duplicate messages? In some cases, we have some messages duplicated 3 or 4 times... no idea why. I could hack up a script to fix that using IMAP::Simple, except that we use IMAPS instead. Anyone have any good resources for a feckless part-time postmaster? Oh... and in digging around, I saw: sub md_syslog ($$) { my($facility, $msg) = @_; if (!$MDOpenLogCalled) { md_openlog(mimedefang.pl, $SyslogFacility); } if ($Features{Unix::Syslog}) { my $num_fac = convert_log_facility_to_number($facility); syslog($num_fac, %s, $msg); } else { syslog($facility, %s, $msg); } } Hmm... Klunky. What about: sub md_syslog ($$;@) { my($facility, $fmt, @args) = @_; if (!$MDOpenLogCalled) { md_openlog(mimedefang.pl, $SyslogFacility); } if ($Features{Unix::Syslog}) { my $num_fac = convert_log_facility_to_number($facility); syslog($num_fac, $fmt, @args); } else { syslog($facility, $fmt, @args); } } Instead? Thanks, -Philip ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
md_syslog (was Re: [Mimedefang] Woes following an OS upgrade)
Philip Prindeville wrote: Oh... and in digging around, I saw: sub md_syslog ($$) { my($facility, $msg) = @_; [...] Hmm... Klunky. What about: sub md_syslog ($$;@) { my($facility, $fmt, @args) = @_; Except that now all callers of md_syslog have to change. That's no good. Every single caller of md_syslog would have to ensure that its first argument didn't contain any printf-sequences, and most calls would devolve to: md_syslog($facility, %s, $msg); which is why I did it the first way originally. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: md_syslog (was Re: [Mimedefang] Woes following an OS upgrade)
David F. Skoll wrote: Philip Prindeville wrote: Oh... and in digging around, I saw: sub md_syslog ($$) { my($facility, $msg) = @_; [...] Hmm... Klunky. What about: sub md_syslog ($$;@) { my($facility, $fmt, @args) = @_; Except that now all callers of md_syslog have to change. That's no good. Every single caller of md_syslog would have to ensure that its first argument didn't contain any printf-sequences, and most calls would devolve to: md_syslog($facility, %s, $msg); which is why I did it the first way originally. Regards, David. Hmm. syslog() already has printf-style formatting... should the wrapper occlude that functionality? And what about callers that have to call sprintf directly if they want to handle multiple arguments? How likely is it that there are callers that pass % in the message string? I just did a quick inspection, and only places like: md_syslog($GraphDefangSyslogFacility|info,MDLOG,$id, . $event,$value1,$value2,$lcsender, . $lcrecipient,$subj); or: md_syslog('debug', $msg); or: md_syslog('err', $MsgID: $errmsg); or: md_syslog('warning', Message contains more than one Subject: header: $Subject -- $arg); seem to be issues, and they are easily enough rewritten. -Philip ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Woes following an OS upgrade
-Original Message- From: Philip Prindeville We were running FC3 on an x86_64 platform (good bang for the buck) and decided to finally upgrade to FC5... Lastly, I noticed that (you were probably wondering when this was going to actually be relevant to MdF, weren't you?) all of the mimedefang-filter logging was absent in the maillog files... even though the script was copied over and seemed to be working. No idea why this is. Anyone else seen this? Ideas where to start looking? Yes. http://lists.roaringpenguin.com/pipermail/mimedefang/2006-September/030880.html The problem seems to be a combination of how MD initializes Sys::Syslog and Fedora's syslogd sub md_openlog ($$) { my($tag, $facility) = @_; $MDOpenLogCalled = 1; if ($Features{Unix::Syslog}) { my $num_fac = convert_log_facility_to_number($facility); openlog($tag, LOG_PID | LOG_NDELAY, $num_fac); } else { if (no eq yes) { unless (defined(setlogsock('unix'))) { setlogsock('inet'); } } else { setlogsock('inet'); } openlog($tag, pid,ndelay, $facility); } } Now I don't claim to be a wizard at perl, but to my eyes (no eq yes) will never evaluate to true, so Sys::Syslog will always open with 'inet' which forces Sys::Syslog to communicate with syslogd via port 514 on an IP address. By default Fedora does not have a listener on an IP address, but only accepts messages via a socket. man syslogd -r This option will enable the facility to receive message from the network using an internet domain socket with the syslog service (see ser- vices(5)). The default is to not receive any messages from the network. This option is introduced in version 1.3 of the sysklogd package. Please note that the default behavior is the opposite of how older versions behave, so you might have to turn this on. You can change /etc/sysconfig/syslog, and add -r to SYSLOGD_OPTIONS (forcing it to listen on port 514) or modify mimedefang.pl to use setlogsock('unix') or comment out the setlogsock entirely, which will allow Sys::Syslog to figure it out. from man Sys::Syslog A value of unix will connect to the UNIX domain socket (in some systems a character special device) returned by the _PATH_LOG macro (if your system defines it), or /dev/log or /dev/conslog, whatever is writable. A value of âstreamâ will connect to the stream indicated by the pathname provided as the optional second parameter. (For example Solaris and IRIX require stream instead of unix.) A value of inet will connect to an INET socket (either tcp or udp, tried in that order) returned by getservby- name(). tcp and udp can also be given as values. The value console will send messages directly to the console, as for the cons option in the logopts in openlog(). ... The default is to try tcp, udp, unix, stream, console. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: md_syslog (was Re: [Mimedefang] Woes following an OS upgrade)
Philip Prindeville wrote: Hmm. syslog() already has printf-style formatting... should the wrapper occlude that functionality? Yes, because it's superfluous in Perl. Just use variable interpolation directly. And what about callers that have to call sprintf directly if they want to handle multiple arguments? See above. There's never any need in Perl to use printf-style formatters. (Well, *hardly* any. In the unlikely case that you want something like %.10s, you can use sprintf.) How likely is it that there are callers that pass % in the message string? Any caller that has a variable as part of the second argument would have to sanitize it. Having the wrapper explicitly provide a %s template makes it much safer and less error-prone. -- David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] eMail Allowed Sender mechs
Ok, so I just emailed someone at earthlink and got one of those annoying auto-messages that say I have to go through their verification process to get my email to the subscriber... Besides the fact I dislike these mechs, the only reason I can think of that they are bad is that if I ALSO had such a mech, the emails would bounce back and forth neither ever seeing the need to validate against an ISP server. Any other reasons you folks can think of? -Ben ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang 2.58 is Released
On Nov 7, 2006, at 10:16 AM, David F. Skoll wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, everyone, MIMEDefang 2.58 is available at http://www.mimedefang.org/node.php? id=1 Changes since 2.57 are given below. Regards, David. 2006-11-07 David F. Skoll [EMAIL PROTECTED] * VERSION 2.58 RELEASED [...] * If we have Sys::Syslog 0.16 or higher, do not call setlogsock (which is deprecated). Patch based on suggestion from Matt Selsky. Sys::Syslog 'native' log type support was added in Sys::Syslog 0.15, but configure enforces 0.16. It shouldn't bother to enforce any version or the tests in mimedefang.pl (for 0.16 and 'native' supported) will never succeed. -- Matt configure.in.patch Description: Binary data ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Woes following an OS upgrade
Damrose, Mark wrote: [snip] Yes. http://lists.roaringpenguin.com/pipermail/mimedefang/2006-September/030880.html The problem seems to be a combination of how MD initializes Sys::Syslog and Fedora's syslogd sub md_openlog ($$) { my($tag, $facility) = @_; $MDOpenLogCalled = 1; if ($Features{Unix::Syslog}) { my $num_fac = convert_log_facility_to_number($facility); openlog($tag, LOG_PID | LOG_NDELAY, $num_fac); } else { if (no eq yes) { unless (defined(setlogsock('unix'))) { setlogsock('inet'); } } else { setlogsock('inet'); } openlog($tag, pid,ndelay, $facility); } } Now I don't claim to be a wizard at perl, but to my eyes (no eq yes) will never evaluate to true, so Sys::Syslog will always open with 'inet' which forces Sys::Syslog to communicate with syslogd via port 514 on an IP address. Ok, I changed the no to yes. That should fix it. The previous version of mimedefang.pl did indeed have it set to yes, not sure why... Perhaps that's how it was released in 2.57 (or whatever I had been running...) ... err... no. Because FC5 was released with 2.57 as well. Well, in that case, I don't know. BTW: It makes sense to not have the inet listener for syslog (Solaris as you pointed out, does this... but so does HP-UX) that's one less portal for vulnerability exploits or DoS attacks. -Philip ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] SPF
Hi David and all, Just one more comment on SPF. I don't have stats to back this up, but I see pleny of e-mails with SPF fails in spamassassin. It helps to increase the score, I also score a fail quite a little high as I seem to get quite a bit of bogus mail claiming to be people in my organization. I am smart enough to realize this, but not all my employees are! I also find it very easy to whitelist people that publish SPF. For folks on the road, there are plenty of workable solutions. We use OpenVPN, which works well if both ends are running Linux. Because of deficiencies in Windoze's TUN implementation, it's a bit more painful to get it working on that platform, but we managed it. We use cyrus-SASL with sendmail. Very easy to setup in freeBSD and our user can send and pop mail via our server from where ever they are. If we have any freeBSD users interested, I am happy to share my notes on remote SMTP authentication. Ken ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: md_syslog (was Re: [Mimedefang] Woes following an OS upgrade)
David F. Skoll wrote: Philip Prindeville wrote: Hmm. syslog() already has printf-style formatting... should the wrapper occlude that functionality? Yes, because it's superfluous in Perl. Just use variable interpolation directly. Doesn't work with hex, or floats, etc. obviously. Just strings and integers. And what about callers that have to call sprintf directly if they want to handle multiple arguments? See above. There's never any need in Perl to use printf-style formatters. (Well, *hardly* any. In the unlikely case that you want something like %.10s, you can use sprintf.) Except for hex, floats, packs, return values from function calls like inet_ntoa(), etc. How likely is it that there are callers that pass % in the message string? Any caller that has a variable as part of the second argument would have to sanitize it. Having the wrapper explicitly provide a %s template makes it much safer and less error-prone. -- David. Sure. But less functional, too. I understand that there's a danger going down that path... Ok, what if we added md_syslog_ and had md_syslog() call into it with %s as the format specifier? That way you could have the functionality, without having existing clients risk damage. -Philip ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: md_syslog (was Re: [Mimedefang] Woes following an OS upgrade)
Philip Prindeville wrote: Yes, because it's superfluous in Perl. Just use variable interpolation directly. Doesn't work with hex, or floats, etc. obviously. Just strings and integers. It works perfectly fine with floats. And hex, if you like: md_syslog($facility, foo . hex($number) . bar); When you write Perl, write Perl, not C. Except for hex, floats, packs, return values from function calls like inet_ntoa(), etc. Oh for crying out loud! I give up. :-) You'd rather open up MIMEDefang to attacks based on format string vulnerabilities than make a simpler interface that works almost all the time, and is simple to make work absolutely all of the time? I don't mean to sound harsh, but I'm not surprised you want to use XML for your filter. :-) [...] Sure. But less functional, too. How is it ANY less functional? Name one thing it can't do that a format-string-enabled syslog can do? Ok, what if we added md_syslog_ and had md_syslog() call into it with %s as the format specifier? Go ahead, but it won't be placed in the official MIMEDefang. -- David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang