[Mimedefang] Don not be nasty with 421 [false positives]
Milter can drop/break *TCP* connections with 421 reply. Be warned that unwisely used it can be a nasty trap in case of false positives making (misclassified) ham sender repeat sending the message for (5) days. [Triggered by problem report about sending to wp.pl in news:pl.comp.mail ] http://www.sendmail.org/releases/8.13.0 quote LIBMILTER: If a milter sets the reply code to 421, the SMTP server will terminate the SMTP session with that error. /quote -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The greatest love is a mother's, then a dog's, then a sweetheart's. -- Polish proverb ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Access to Access db Information in MD?
Kevin A. McGrail kmcgr...@pccc.com wrote: On 7/20/2010 5:52 PM, Kevin A. McGrail wrote: I want to allow a machine at my house on a dynamic IP to relay off my sendmail server. So far from my testing, it appears to be working as I wanted which is that sendmail will allow the relay because the forward record matches the IP of the machine trying to relay. Belay that statement, you are correct. I was hitting a POP Before SMTP relay auth test. I found a solution. In the end, I switched to using SMTP AUTH over TLS which allowed me to check the macro auth_type. Have you tried to use FEATURE(`delay_checks') in your sendmail.mc? Among other things it allows relaying after successful SMTP AUTH without additional hacks. URL(s): http://www.sendmail.org/m4/anti_spam.html#delay_check -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu You shall judge of a man by his foes as well as by his friends. -- Joseph Conrad ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Access to Access db Information in MD?
Kevin A. McGrail kmcgr...@pccc.com wrote: Anyone happen to know if there is a macro/env variable set by sendmail that can be accessed inside MD if there was a match in the access file? Specifically, I have a dyndns host, kam.is-a-geek.com and I want to see if sendmail allowed the relay because of an entry in the access file, e.g.: kam.is-a-geek.comRELAY The above access entry for dyndns *WILL NOT* work - it requires closed PTR-A loop to be effective. [ I have checked there is no such closed loop ] What do you want to achieve? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu If you are afraid of loneliness, don't marry. -- Anton Chekhov ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Reputation in practice
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: Could you suggest another free email account/service for sending to mailing lists? Can't you run your own SMTP server? Not for personal purposes. Or try Hotmail/Yahoo/pobox.com? Based on my spam intake Hotmail and Yahoo are ruled out. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser people so full of doubts. -- Bertrand Russell ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Reputation Reporting Protocol submitted to IETF as an I-D
David F. Skoll d...@roaringpenguin.com wrote: I've submitted the Reputation Reporting Protocol (for collecting information about IP addresses) as an Internet Draft; please see http://datatracker.ietf.org/doc/draft-dskoll-reputation-reporting/ Comments are solicited; if you're interested, please join the mailing list at http://lists.roaringpenguin.com/cgi-bin/mailman/listinfo/reputation-reporting The home page for the project is http://www.mimedefang.org/reputation IMHO you should generalize support for different signature types e.g. 1 extra byte for signature length and 1 extra byte for signature type -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The Almighty in His infinite wisdom did not see fit to create Frenchmen in the image of Englishmen. -- Winston Churchill, 1942 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Reputation Reporting Protocol submitted to IETF as an I-D
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: IMHO you should generalize support for different signature types e.g. 1 extra byte for signature length and 1 extra byte for signature type I'm not sure what you mean by signature types. Could you explain? Are you referring to the truncated HMAC? [...] Yes. IMHO you should create protocol capable to support other sender signature types even if for long time only one type is going to be supported. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Luck, that's when preparation and opportunity meet. -- P. E. Trudeau ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Reputation in practice
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: [...] By the way, your outbound SMTP server 213.180.147.167 has a rather poor reputation. We've been running the Reputation Reporting Protocol with several hundred sensors for a few months now and we keep a window of 45 days' worth of events (about 1.6 x 10^9 events in total; ~400/second). Here's the score for 213.180.147.167: $ canit-reputation-check 213.180.147.167 213.180.147.167: smtpout7.poczta.onet.pl gl=142 ug=33 hs=21 hh=2 as=15177 ah=87 vr=17209 ir=13022 activity=6.1 That means 142 greylisting events, 33 ungreylisting events, 21 messages hand-voted as spam, 2 hand-voted as non-spam, 15177 auto-detected as spam, 87 auto-detected as non-spam, 17209 valid RCPT commands and 13022 invalid RCPT commands. activity=6.1 is a log-scale measure of how much activity our sensors have picked up; 213.180.147.167 is a fairly active SMTP client. You need to get your ISP to clean up its act. :-) I use onet.(eu|pl) as a dual purpose free email accounts used also as spamtraps. The addresses have been advertised for *many* years, I do not want to waste the accumulated effort ;-) IMHO onet is too close to philosophy no money, no (true) responsibility. I could switch to gmail at any time but gmail dev-nulls my own mails sent by mail list servers, it keeps *only* copy of message sent to mailing list. It is behavior I double +dislike so I use gmail to receive messages from mailing lists and another account to send to mailing lists. Could you suggest another free email account/service for sending to mailing lists? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Certainly there are things in life that money can't buy, But it's very funny -- did you ever try buying them without money? -- Ogden Nash ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] IP reputation data collection
David F. Skoll d...@roaringpenguin.com wrote: For the last couple of months, we've been running an experimental system in conjunction with a large CanIt customer to collect and aggregate IP address reputation data. We're looking for MIMEDefang users who want to help us collect data; what you'd get in return would be access to the aggregated results in RBLDNSD zone file format. We have a standalone Perl module for reporting events back to us. To use it, you'd instrument your MIMEDefang filter with calls to various types of event reporting, such as host x.y.z.w sent something we marked as spam or host x.y.z.w attempted to send to an invalid recipient. The reports go out in UDP and are fairly low-bandwidth; the overhead is about 5 bytes for each IPv4 report and 17 for each IPv6 report. Anyway... if you're interested in contributing, please contact me off-list. For my curiosity: It is intended to be more white-list or black-list? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The Lord prefers common-looking people. That is the reason that He makes so many of them. -- Abraham Lincoln ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Spam ethics question
David F. Skoll d...@roaringpenguin.com wrote: wbr...@e1b.org wrote: Why shouldn't I find some honey-pot addresses and submit submit them to subscribe? Because, IMO, that subverts the purpose of honeypots. A honeypot is designed as a passive spammer attractor; actively subscribing someone is a no-no. But actively un-subscribing not subscribed email addresses is OK = as far as I have heard the effect is almost identical :-) -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The road to hell is paved with NAND gates. -- J. Gooding ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Spam ethics question
wbr...@e1b.org wrote: Kelson wrote on 01/14/2010 02:43:35 PM: It's not the effect that's at issue, it's the process. The whole point of a honeypot is that you have a guarantee that no one has ever requested that mail go to that address, so any mail sent there is unsolicited by definition. If you subscribe an address to a list, then *you* have solicited mail for that address. As a result, your data is no longer reliable, because at least some of that mail coming into that address is mail that you requested. This is the best argument against what I asked about. Thanks OTOH, if you actively *unsubscribe* an address, then you have specifically requested that mail *not* go there. If they turn around and use that information to put the address on one of their lists, then you've caught them violating your request. It's still unsolicited, so it's valid data. Other option is to raise hell with the mail outsourcing company but does that really work? Have you tried to report every such spam via spamcop.net (and knujon)? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Recent research has tended to show that the Abominable No-Man is being replaced by the Prohibitive Procrastinator. -- C. N. Parkinson ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sendmail::Milter
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: Unfortunately, many aggressive anti-spam techniques that are perfectly usable for BOFHs on personal servers don't scale up to real systems with real users. :-( You have assumed no secondary MX, have not you? No. Such *very* aggressive blocking connections only from strangers (in firewall/iptables) may have some sense on primary MX if postmaster wants to limit most DDoS attacks to secondary MX and protect mails from well known friends from being affected. But I think that secondary MXes are slightly out of fashion :-) -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu When in doubt, have a man come through the door with a gun in his hand. -- Raymond Chandler ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Recipient verification on gateway/secondary-MX
David F. Skoll d...@roaringpenguin.com wrote: Kevin A. McGrail wrote: I do something similar - daily LDAP extraction to a database table, which my filter queries from filter_recipient. I want to be able to log failed messages from within my filter, so Sendmail's rejection via the Access database is too crude for me. All of my mail servers query the same database, and also use the database to share blacklist/greylist/whitelist data, etc. Sure, that will technically will work fine but I think DFS will agree with the statement Holy Overhead Batman! Ehhmm.. :-) Our commercial product offers a huge variety of mechanisms for validating recipients: 1) You can use LDAP lookups. 2) You can do an SMTP callout against a back-end SMTP server. 3) You can do a database lookup (PostgreSQL). 4) You can supply an arbitrary script that validates the recipient. We need the flexibility because of the wide array of mail systems and topologies. On our hosted solution, we cache lookups using memcached for efficiency (valid recipients are cached for 24h; invalid ones for 1h.) Yeah, way more overhead than /etc/mail/access, but in this case it is worth it. Have you ever hit performance problems caused by access table being to big to be cached in memory? [sendmail can do 30+ access lookups per one single SMTP session message] -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu There is only one way to be happy by means of the heart -- to have none. -- Paul Bourget ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sendmail::Milter
David F. Skoll d...@roaringpenguin.com wrote: Matt Garretson wrote: Anyway I guess we're getting away from what the OP was asking (rate-limiting with a milter) but I don't have any ideas about that. Rate-limiting with a milter is not a good idea; it's very heavy-weight even if the milter is written in finely-honed C. You're much better off using the built-in Sendmail 8.14 rate-limiting facilities or even OS-level packet-filtering facilities. You may be right in case of typical medium+ load production server. [ I would not disagree strongly without practical tests first ] In my case I do not expect the spamtrap server to achieve peak minute throughput higher than one message per second (after iptables protections) unless DDoS occurs :-) More precise description in my case would be avoiding accumulating excessive evidence :-) [ I use trapped spam to send abuse reports via spamcop.net ] -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Your manuscript is both good and original, but the part that is good is not original and the part that is original is not good. -- Samuel Johnson ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sendmail::Milter
Tilman Schmidt t.schm...@phoenixsoftware.de wrote: Am 2009-11-23 21:38 schrieb -: I too limit connections to one, and one per 5 minutes. Should remotes violate that, they get two warnings (ICMP admin-prohibited), and if they're too eager, they fall into my TCP TARPIT. I wonder. Do you have any data on how typical mail server software reacts to that sort of policy? What does, for example, a Sendmail or Exchange server in default configuration do if it tries to deliver two mails to a destination server, the first one succeeds, and the second one fails with administratively prohibited? AFAIK sendmail does not distinguish between reasons why establishing TCP connection have failed. Have I missed something? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu A commune is where people join together to share their lack of wealth. -- R. Stallman ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Socket map performance
David F. Skoll d...@roaringpenguin.com wrote: Michiel Brandenburg wrote: What might be a nice tradeoff is using the socket map feature of sendmail to hook sendmail into mimedefang that way. Dunno how that would impact performance but it might be a nice tradeoff. Performance impact is severe. We used the sockemap - MIMEDefang path in an older version of our commercial software, but we had to remove it and use a different technique because of the horrible performance. Have you used it for standard maps? (e.g. access or virtusertable) YES = Have you tried to reduce (horrible) number of lookups issued by any map sendmail.cf design? As I recall the socket map protocol is pretty lightweight but might still be too slow, in my case it works fine even with about 1/2 mails per sec. We tend to concentrate our optimizations on medium-sized installations, by which I mean about 25 msgs/second (= about 2 million/day) or higher. The low-end ones aren't worth worrying about just because the load is easily managed. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu My sense of purpose is gone! I have no idea who I AM! Oh, my God... You've.. You've turned him into a DEMOCRAT! -- Doonesbury ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sendmail plugins [map,mbdb]
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: Have you used it for standard maps? (e.g. access or virtusertable) Yes. YES = Have you tried to reduce (horrible) number of lookups issued by any map sendmail.cf design? No. But a socketmap lookup passed through MIMEDefang down into the Perl code is something like 10x to 1000x slower than a Berkeley DB lookup. (Side note: I'd love to see Sendmail support Dan Bernstein's CDB databases; our tests indicate they are much faster than Berkeley DB. Maybe that's a project for the future...) Do not be afraid for more general goal: sendmail plugins [dynamic libraries] There are two obvious well fit (well defined) functionalists: a) map interface b) mailbox databases interface Taking a look at some exotic maps sendmail.org refused to include in the code (e.g. mysql) it should be more cost effective way on long run to push support for plugins first (IMHO). P.S. Do *you* need plugins support on more than *one* platform? ;-) -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Look! There! Evil!.. pure and simple, total evil from the Eighth Dimension! -- Buckaroo Banzai ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] received headers ofuscation
David F. Skoll d...@roaringpenguin.com wrote: ulver wrote: [some things] Why are you trying to mess with Received: lines? That's a VERY bad idea. RFC 2821 discourages this kind of thing most strongly: 3.8.2 Received Lines in Gatewaying When forwarding a message into or out of the Internet environment, a gateway MUST prepend a Received: line, but it MUST NOT alter in any way a Received: line that is already in the header. It breaks the letter but *IMHO* rewriting (bu not deleting) Received headers generated by internal hosts under the same netmaster control does not break the spirit of the RFC. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu British education is probably the best in the world, if you can survive it. If you can't there is nothing left for you but the diplomatic corps. -- Peter Ustinov ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sendmail::Milter
David F. Skoll d...@roaringpenguin.com wrote: Les Mikesell wrote: If you don't care if or when mail is delivered, why run the server at all? I agree. Restricting each IP address to one TCP connection in 5 minutes is doable only if you're the BOFH on a personal server. Unfortunately, many aggressive anti-spam techniques that are perfectly usable for BOFHs on personal servers don't scale up to real systems with real users. :-( You have assumed no secondary MX, have not you? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu If you think nobody cares if you're alive, try missing a couple of car payments. -- Earl Wilson ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sendmail::Milter
Matt Garretson ma...@assembly.state.ny.us wrote: Andrzej Adam Filip wrote: I want custom rate limiter on my spamtrap, Another idea, if you run linux with iptables, is using the netfilter recent module to block over-enthusiastic hosts at the network layer. The exact name of the module varies with the iptables version, but searching the iptables man page for recent should give you the details. I use iptables to limit number of tcp connections. [ something in like 2 connections per 5 minutes ] BTW I think 1 connection per 15s from strangers may be good idea on not big production servers. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu God gave man two ears and one tongue so that we listen twice as much as we speak. -- Arab proverb ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Sendmail::Milter
Do you have some experience with Sendmail::Milter? I need very simple milter with *SMALL* memory footprint. I would like too ask if I should expect some surprises. P.S. I want custom rate limiter on my spamtrap, MIMEDefang works OK *BUT* * MIMEDefang memory footprint is slightly to high for very low on resources (CPU/memory) host serving second life as spamtrap. * Mimedefang filters out too much *as for spamtrap* :-) -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Our business in life is not to succeed but to continue to fail in high spirits. -- Robert Louis Stevenson ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email in Korean language becomes clutterd and unreadable when received.
Aniruddha Barua zm...@yahoo.com wrote: Sorry, the headers are unavailable. The Korean buyer left a few days ago. Before leaving, he had switched to his domain's SMTP server for further correspondences. His Operating System (Win XP) was entirely set in Korean language. However, I have some lines from Spamassasin report: 3.2 CHARSET_FARAWAY_HEADER A foreign language charset used in headers 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% [score: 0.7083] 0.0 HTML_MESSAGE BODY: HTML included in message 1.8 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 2.5 MIME_CHARSET_FARAWAY MIME character set indicates foreign language Someday other Korean or Chinese or Japanese people will visit our customers and send mails using our SMTP. So, need to be prepared. Where/how do I set charset in mimedefang configuration? If my guesses are right then the problems are (usually) caused by email client configuration - lack of using MIME to explicitly declaring charset used in message. AFAIR default configuration of Outlook Express *fails* to declare charset used in message header. Quite a few mail server fills missing charset for non ascii messages = You may consider providing links (to microsoft web pages) for properly *fixing* it -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu He is not only dull himself, he is the cause of dullness in others. -- Samuel Johnson ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email in Korean language becomes clutterd and unreadable when received.
Aniruddha Barua zm...@yahoo.com wrote: One Korean buyer was visiting a Garments factory in Chittagong, BANGLADESH. He sent an email in Korean Language to his office in Seoul using our SMTP server running MIMEDefang 2.67 + sendmail + clamav. The email successfully reaches the destination mailbox but when the recipient opens the message, he/she finds the entire message to be cluttered and unreadable. When the sender sends Korean messages using the same server running without the MIMEDefang, the message is readable. Need help to configure MIMEDefang for Korean and foreign language support or to solve the problem otherwise. Could you post headers of both messages? Suspect number one: Lack of declaration of charset used by sending client. The recipients most likely can guess right *missing* declaration but if any smtp sender between fills missing charset the guessing fails. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The only problem with seeing too much is that it makes you insane. -- Phaedrus ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang+postfix on debian lenny
David F. Skoll d...@roaringpenguin.com wrote: ADNET Ghislain wrote: strange, resintalling postfix does not remove sendmail completly.. anyway it seems to work that way Please file a bug with the Debian mimedefang maintainer. Installing MIMEDefang should never force the removal of Postfix. According to Debian site mimedefang package for stable (lenny) sendmail at recommends list: http://packages.debian.org/lenny/mimedefang -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu They spell it da Vinci and pronounce it da Vinchy. Foreigners always spell better than they pronounce. -- Mark Twain ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang+postfix on debian lenny
ADNET Ghislain gad...@aqueos.com wrote: David F. Skoll a écrit : ADNET Ghislain wrote: strange, resintalling postfix does not remove sendmail completly.. anyway it seems to work that way Please file a bug with the Debian mimedefang maintainer. Installing MIMEDefang should never force the removal of Postfix. i will try to contact him. I run also in another issue. Postfix runs as the user posfix and i do not found any way to configure mimedefang to have a socket that let the postfix user to communicate with it. Is there any parameters i missed for this ? adding some sleep 10; chmod 770 and chgrp postfix to the socket seems...weird to me :) Add postfix user to defang group. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu It is better to never have tried anything than to have tried something and failed. -- motto of jerks, weenies and losers everywhere ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang and sendmail queueing
David F. Skoll d...@roaringpenguin.com wrote: Austin wrote: An idea (no testing, or real assurance that it would work) would be to use MD to write a Socketmap (look in the manpage for mimedefang-filter in the section SOCKET MAPS), then write some m4 for sendmail.cf that will do the appropriate lookups and piriority/delivery queue/mailer assignment. Hmm, perhaps you could define a different mailer DSMTP (Deferred SMTP) that did what you wanted, then use that for the affected mail. That'd probably work, but be aware that socket maps can be pretty slow. We used to use socket maps to control mail routing on our commercial appliances, but quickly went back to Berkeley DB files for performance. Have you considered pushing socket map over UDP (over unix socket) into sendmail sources? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Perhaps the remembrance of these things will prove a source of future pleasure. -- Virgil ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang and sendmail queueing
Stefan Schoeman ste...@internext.co.za wrote: I've been using MIMEDefang for some years now and it is just the most fabulous tool. It's really the tool that allows me to take control of mail, and not just anti-virus and anti-spam. Thanks again David for writing this - this is really cool. I was wondering if someone could perhaps advise me on a new aspect that I'd like to implement, and whether MIMEDefang can help me with this. Basically, I run a number of relay servers that do a couple of things with mail (Anti Virus, Anti-Spam, Mail splits, funny redirects and so on). What I am finding is that there are times where I would like to alter the queuing strategy of the mail. As an example, I may get in some really big emails for a given client that I know will take too long to deliver to them. What I would like to do with such mails, is defer their delivery so that they will rather deliver overnight than say right now. It's almost as if I'd like to place such mails into a different mail queue, that have differently timed queue runners to process them. What I do right now is move the files from my /var/spool/mqueue to some other directory (say /var/spool/queue1) and then manually start a queue runner as follows: sendmail -q -oQ/var/spool/queue1. Or just have a queue runner that processes the queue at different intervals than my main mail queue. This works, but I'd like to do this a lot better. What I would really appreciate is if someone could teach me how to define multiple queues for sendmail, and then if someone could advise me on whether it is possible in MIMEDefang to indicate to sendmail which mail queue to place and email in when the filter is done. It's almost like as if I need a MIMEDefang function action_accept(queuename or directory) that would indicate to sendmail into which queue to place the message. What would be even nicer is if I could access the status of a given queue from MIMEDefang, so that I could make decisions on queues based on the status of that queue (for example how many messages it contains etc). Can the experts on this list please give me their appreciated insights on this? Sendmail can select mailer based (also) on message size. It can be used to select dsmtp mailer for big messages. dsmtp deliveries may be triggered via ETRN or sendmail -...@example.com. To do reliably size based routing at once deliveries for such destination should be turned off. Are you ready to accept a few minutes delivery delay? Sendmail may be configured to ask MIMEDefang (via socket map protocol) to select mailer based on destination domain, message size and number of delivery attempts. For more detailed recipes ask at news:comp.mail.sendmail P.S. A few years+ ago I have used similar scheme to deliver some (small) messages via instant SMTP and other (*BIG*) messages via UUCP over TCP. The remote site used dialup modem speed connection. UUCP uses *single* TCP connection so it did not suck all bandwidth of the remote side during multi hours deliveries of messages queued in UUCP queue. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu There is no statute of limitations on stupidity. -- Randomly produced by a computer program called Markov3. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Blocking Dictionary Attacks
Les Mikesell l...@futuresource.com wrote:
afo cliff wrote:
Les,
That's a great idea! I tried it but no matter what I do, sendmail is
letting everything through. Virtusertable is configured correctly in
sendmail.mc, also did the appropriate makemap. I think something has
changed in sendmail (I have 8.13.8). I've searched the world over 10
times and tried many different combinations in virtusertable
mailertable and no matter what it relays everything. I know it is
looking at the virtusertable because sendmail lets me know if I put an
error in the file. The closest I can come is to use the access table
in a similar fashion. That does work but I can't find a way NOT to
send a reject message. That's one thing I don't want to do is to tie
up my server sending 10,000 rejects to a zombie somewhere. If I use
the DISCARD command, then it tosses the whole email and nobody gets
it, even valid users.
Is there some trick to making your suggestion work?
In my case the MX server relaying in from the internet is not itself
the delivery host. It has the domains it receives for listed in
local-host-names and the actual delivery destination is mapped in
mailertable like:
domain.com esmtp:[host.domain.com]
(the []'s let you go to a name with an A record or an IP instead of
the default MX lookup)
mailertable is *NOT* consulted for domains listed in list of local email
domains ($=w, local-host-names).
Maybe you don't have the domain listed in local-host-names so sendmail
thinks it must relay. Virtual users and aliases are only checked for
the domains it process as local - but you can still relay for
delivery.
virtusertable is consulted for local email domains ($=w) and
(non local) domains listed in $={VirtHost}.
Read carefully about side effects before using macros porviced by
sendmail.org for filling $={VirtHost}.
You can fill $={VirtHost} directly:
LOCAL_CONFIG
C{VirtHost}example.net
P.S.
The topic has been discussed a few times plus in news:comp.mail.sendmail
Search for the threads with _VIRTUSER_STOP_ONE_LEVEL_RECURSION_
[it marks one recipe but you will find references to other by the way]
--
[plen: Andrew] Andrzej Adam Filip : a...@onet.eu
Sic transit discus mundi
-- From the System Administrator's Guide, by Lars Wirzenius
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP encyption of outging email
Steffen Kaiser skmimedef...@smail.inf.fh-bonn-rhein-sieg.de wrote: On Wed, 6 May 2009, pete wrote: Is there a method for encrypting outgoing email using PGP (or other methods). I am thinking of doing this on a per recipient basis. I.e encrypt email to people I regularly email and leave plain the rest. If you search CPAN, you find tons of PGP / GnuPG modules unfortunatly. I made a quick search for PGP MIME (so you don't fiddle with the MIME structure yourself) and there are a few as well, e.g. Mail::GnuPG. The most problem I see is that you have to open your secret key to MIMEDefang. As I understand your mail so, that you are using a single-person system, this drops down to how secure your server is and if you trust the system to hold your key without passphrase or in pgp-agent. To encrypt outgoing email only public key (of the recipient) is required. Secret/private key (of sender) is required for *signing*. [...] -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The time spent on any item of the agenda [of a finance committee] will be in inverse proportion to the sum involved. -- C. N. Parkinson ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] $Features not showing Net::DNS
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: 2) As I understand relay_is_blacklisted_multi uses Net::DNS bgsend guilty of horrible wasting of sockets. One socket per domain that you check against... not a big deal. On a busy server, the multiplexor will have hundreds of open file descriptors. If you prefer performance perspective: It means needless system calls. Most likely it is not the most important performance obstacle but it should not be ignored in long run (IMHO). -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Just the facts, Ma'am -- Joe Friday ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] $Features not showing Net::DNS
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: If you prefer performance perspective: It means needless system calls. That's a micro-optimization. Have you ever measured SpamAssassin's performance? Trying to avoid opening 3 or 4 sockets is completely pointless if you're using any kind of content-filtering at all. (We've done many performance tests and have a pretty good idea where the bottlenecks are.) Anyway SpamAssassin avoids one socket per one DNS query it its DNS lookups perl package but the package has not been written for outside SA use. If somebody uses SpamAssassin filtering anyway then using its parallel DNS queries mechanism may be a good (but not simple) idea. -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Of all the tyrannies that affect mankind, tyranny in religion is the worst. -- Thomas Paine ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] $Features not showing Net::DNS
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: Anyway SpamAssassin avoids one socket per one DNS query it its DNS lookups perl package This is true. On the other hand, it replaces a 75-line function with 1473 lines of perl. I wonder which has more overhead? You are right about one thing: If you are using SA anyway, then you might as well try to reuse its DNS code. But holding up SA code as an example of performance-optimized perl is pretty ridiculous. :-) SA is a huge, bloated, infected-with-not-invented-here-syndrome pig. It's worst sin (for me) is it's coding methodology almost like no part of this code will be usable anywhere else :-) BTW Are you aware about any efforts to locally join DNSBL/DNSWL lists available in full version via rsync? [to get single lookup required result] -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu A LISP programmer knows the value of everything, but the cost of nothing. -- Alan Perlis ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Storing per SMTP session data (?)
David F. Skoll d...@roaringpenguin.com wrote: Andrzej Adam Filip wrote: What is the recommended way of storing per SMTP session data in MIMEdefang filtering script? e.g. to make one RCPT TO: check pass data to next RCPT TO: check a) in the same transaction (per message) b) in the same SMTP session (per SMTP session) The only way to store this is in the file system (well, or some other external mechanism like memcached or somesuch.) A convenient place is to dump the data in the current directory, because each message has its own (persistent) directory, typically on a ramdisk. All of the files created by MIMEDefang start with an upper-case letter, so if you name your persistence file starting with a lower-case letter, you won't clash with any MIMEDefang files. See MAINTAINING STATE in the mimedefang-filter(5) man page. 1) Which directory would you suggest for keeping per connecting ip information in filter_relay and later? [ preferably on the same partition as per message directories ] 2) Do you think MIMEDefang should create such directory and keep its path in $CWD like variable? -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu The public demands certainties; it must be told definitely and a bit raucously that this is true and that is false. But there are no certainties. -- H. L. Mencken, Prejudice ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Storing per SMTP session data (?)
What is the recommended way of storing per SMTP session data in MIMEdefang filtering script? e.g. to make one RCPT TO: check pass data to next RCPT TO: check a) in the same transaction (per message) b) in the same SMTP session (per SMTP session) -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu Although golf was originally restricted to wealthy, overweight Protestants, today it's open to anybody who owns hideous clothing. -- Dave Barry ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
