Re: [Mimedefang] Is this list still alive?
On Thu, 1 Apr 2021 09:43:21 -0500 wrote: > My question also was what is going to happen to the data feeds we are > getting. I'm not sure what data feeds you're referring to. If you are referring to the Roaring Penguin IP blocklists and/or the CanIt Bayes data feeds, those are controlled by AppRiver and if AppRiver decides to shut them down... there's not much anyone can do because they are fed by CanIt installations. > I don't see a good option for small ISPs that don't have a budget > for spam filtering at scale. It is a problem indeed. :( Many ISPs are in the same boat. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Is this list still alive?
On Thu, 01 Apr 2021 11:13:48 -0400 "Bill Cole" wrote: > There was an issue opened a month ago at > https://github.com/The-McGrail-Foundation/MIMEDefang/issues/25 > stating that the list was down. The list is still being run by AppRiver (Zix, now, I guess.) > I attempted to post a test on March 3 which never showed up on the > list. Huh, weird. It's unfortunately out of my hands now. :( Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Is this list still alive?
I haven't seen traffic since December 2020... just pinging the list... Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Tue, 1 Dec 2020 13:10:43 -0500
Joseph Brennan wrote:
> We used this to create an array of header information:
> if (open(IN, '<', './HEADERS')) {
> while() {
> chomp;
> if (/^(\S+):\s*(.*)/) {
> my $label = $1;
> my $data = $2;
> $label = lc($label);
> $Header{$label} = $data;
> if ($label eq 'received') {
> push(@Received,$data);
> }
> }
> close(IN);
> }
Hmm. Received: isn't the only header that can permit multiple instances.
You may lose some information here.
Why would you not just use the MIME::Head object that you can
get from $entity->head? It has all the headers pre-parsed and has
decent accessors.
(I assume this is all academic (heh...) as Columbia looks to be
using Proofpoint now.)
Regards,
Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Thu, 26 Nov 2020 12:47:56 -0500 "Bill Cole" wrote: [snip] > That Received header is added by Sendmail *AFTER* all milters have > done their end-of-data work. It is not present when MD sees the > message. So as per Bill Cole's analysis, it seems there were indeed no Received: headers on the mail as seen by MIMEDefang. As for why SpamAssassin is not running, Bill's guess (size limit) is a pretty good one, but we can't know for sure without seeing your filter code. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Wed, 25 Nov 2020 11:45:11 +0100
Andrea Venturoli wrote:
> > if (open(HF, "<./HEADERS")) {
> > my $head = Mail::Header->new([]);
> > close HF;
> > md_syslog('warning',"head = %$head");
You shouldn't really print "head = %$head" because you don't know the
implementation details of Mail::Header. Treat it as an opaque object.
> The purpose is to extract Received fields, so to reconstruct the path
> a message underwent from server to server.
> It has worked 99.99% of the times for years; lately, however it fails
> on some very frequent spam messages and I have a hard time
> understanding why.
I suggest calling action_quarantine_entire_message() if you get no
received headers so you can preserve a copy of the original message for
analysis.
> I tried adding:
> > foreach $key (keys %$head)
> > {
> > md_syslog('warning',"$key is $head{$key}");
> > }
It should be $head->{$key} and is unlikely to be useful; you're
printing instance variables on the Mail::Header object, which most
likely do not correspond to actual headers.
If you want to log @recheads, I would do it like this:
md_syslog('warning', 'recheads = ' . join(', ', @recheads));
Anyway... you need to capture the message (or at least the headers)
so we can analyze what's going on.
Regards,
Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Future development
On Mon, 23 Nov 2020 12:41:00 -0500 Anne Bennett wrote: > > The Perl code is atrocious. > Give yourself a break. ;-) Well, OK. :) The code itself is not terrible. I like to write clear code that any newbie can understand (for "newbie", read "myself in 6 months time...") What I mean is the *design* is atrocious, given that MIMEDefang is the result of acretion rather than design. (OTOH, I have worked on systems with beautiful designs but very tricky and "clever" code where most of my time is spent reverse-engineering. We don't want that either.) > - Initially (years ago), it was a bit hard to keep track of the bits > and pieces, because mimedefang.pl calls my filter file, and my > filter file calls various utilities provided by mimedefang.pl. > Any code re-org that would make it easier to untangle this would > help, even something as simple as putting the user-filter-called > facilities into their own Perl module. Right. Tracking the flow of control when callbacks are involved is tricky. > - I like to run with Perl taint checks on, but mimedefang.pl > doesn't cooperate well with that. Oh, hmm. :) That would be a lot of work. > - Picking up needed information (i.e., from the envelope and > message, and QID) seems to be different in each filter_* > subroutine. I don't know how this would affect performance, > but if there were a hash containing all available header, > envelope, message status so far (e.g., did we mark as to > be rejected?), and QID information, and maybe even headers > in concatenated and decoded form, that would make writing > filter_* subroutines easier. Yes, some sort of context object that held all of this would be good. > > I would start by writing a MD::Filter base class > > and storing state in the MD::Filter object. Callbacks could be > > implemented as methods and users could subclass MD::Filter to > > implement their behaviour. > As another poster mentioned, that would indeed require more > advanced Perl chops from the end user (postmaster), though > well-chosen examples might go a long way toward alleviating > that requirement. In my ideal world, you would be able to take an existing mimedefang-filter script, and add two lines to the top: package MyFilter; use base 'MD::Filter::Compat'; and then have it Just Work. I don't know if this is realistic or a pipe-dream. > Well, there's still potentially a fair amount of homegrown code that > people can add. I'm assuming that this would somehow fit into "users > could subclass MD::Filter to implement their behaviour". Yes, exactly. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Future development
On Sun, 22 Nov 2020 15:21:04 -0500 "Bill Cole" wrote: [snipsnip...] > Obviously OOPifying MD would be a v3 project, as it would break all > existing mimedefang-filter.pl scripts. That is an issue. Perhaps making an MD::Filter::Compat class that lets old filter scripts keep working with minimal changes could be a solution? (It is a fair bit of work, of course...) > A nearer-term step to clean up the code a bit would be to break out > existing code to distinct modules that may (or may not) be the basis > for future object structures. This could result in supporting > existing configurations with a code base that is easier to maintain > and understand. Yes, incremental cleanups could help too, but they would still likely break existing filter scripts. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Future development
On Sun, 22 Nov 2020 13:24:24 -0500 Dianne Skoll wrote: > Anyway... I'd really like to see MIMEDefang development activity pick > up again. I'm hoping The McGrail Foundation will attract more > interest in the project. Specifically... these are things I would do differently if I were starting MIMEDefang now instead of 20 years ago. :) The C code is mostly fine; the milter and the multiplexor work pretty well. The Perl code is atrocious. mimedefang.pl is over 7500 lines of Perl in one ugly file with a ton of global variables. It needs a major overhaul. I would start by writing a MD::Filter base class and storing state in the MD::Filter object. Callbacks could be implemented as methods and users could subclass MD::Filter to implement their behaviour. Functions like md_check_against_smtp_server, etc. should be broken out into helper modules. The actual filter file would be a very simple thing that simply instantiates a (subclass of) MD::Filter and calls $filter->run() to run the main mimedefang.pl loop. Comments/thoughts/etc? Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Test
On Sun, 22 Nov 2020 19:20:00 +0100 Benny Pedersen via MIMEDefang wrote: > hope not to be enforced to use mimedefang, my simplest setup have > being clamav-milter, spampd, and not more That is a rather odd comment to post on the MIMEDefang mailing list, no? Anyway... I'd really like to see MIMEDefang development activity pick up again. I'm hoping The McGrail Foundation will attract more interest in the project. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Test
On Thu, 19 Nov 2020 19:46:14 +0100 Benny Pedersen via MIMEDefang wrote: > if mimedefang was writed in python i would have used it :=) The multiplexor <-> filter protocol is simple and documented, so have a go... :) > hope for spamassassin writed in python is a long term dream, just > like unifi wifi ax No chance of that happening, I'd say. There's only downside involved in such a rewrite. > beg for owner on maillist why is srs failing ? Not sure, but it seems to be fixed now. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Test
Hi, > Maybe it's just you and me, Dianne, and I don't know why I'm still > here after management moved us to Proofpoint. I helped figure out the issue. All the mail was quarantined and should come flooding into the list. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Test
Hey, Bill! Long time no hear! On Thu, 19 Nov 2020 12:11:00 + "Brown, William" wrote: > Apparently! Hope you and yours are staying safe and healthy. We're all good. Hope you and yours are too. Anyway, the list seems a bit messed up... looks like only my posts are making it through. :( I've reached out to the new stewards of the list to help sort this out. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Submit your Patches for MIMEDefang (Re: AppRiver donates MIMEDefang to The McGrail Foundation)
Hi, all, I'm posting this on behalf of Kevin A. McGrail, whose posts seem to be disappearing... Regards, Dianne. === Afternoon everyone! Sorry for the radio silence. Many moons ago in the prepandemic times, MIMEDefang was donated to The McGrail Foundation. As the new stewards, we are accepting bug reports and especially patches. You can run the latest version from the repo and here is the Changelog: https://github.com/The-McGrail-Foundation/MIMEDefang/blob/master/Changelog where we have been moving forward! More info below and at http://www.mcgrail.com Also getting ready to announce KAM.cf's update channel too. We currently have it running in production and drafting the instructions and announcement now. Regards, KAM AppRiver donates MIMEDefang to The McGrail Foundation Mar 05, 2020 Today, we are proud to announce that the MIMEDefang project has been donated to The McGrail Foundation. This includes source code, website, and domains. However, due to the COVID-19 Pandemic, the integration of this project is going to take some time! Please keep an eye out on the MIMEDefang mailing list https://lists.roaringpenguin.com/mailman/listinfo/mimedefang and our GitHub https://github.com/The-McGrail-Foundation for more updates. Thank you to everyone at AppRiver and Zix as well as Roaring Penguin founder Dianne F. Skoll for their help in making this wonderful donation a reality. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Test
Is this list still alive? Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang and Postfix (was Re: Hi, and an update)
On 2020-07-27 16:34, Joseph Brennan wrote: > Hi Dianne I hope you're well. I'm saving your message just in case! Heh. :) > Only 20 years? Even so how well we know the satisfaction of spending > a whole work day putting letters, numbers, and punctuation marks in > just the right place in a line or two of sendmail.mc Oh, for sure, Sendmail's an amazing piece of software and can be munged to do all kinds of weird and wonderful things. During the time I ran Roaring Penguin, we ran into quite a few situations where Sendmail's flexibility saved the day. But still... it's showing its age, and Postfix is a really nice tool also. Not quite as flexible as Sendmail, but close, and much more straightforward. > The very last one I did was to use access.db to limit which valid users can do > smtp auth. I need to migrate that to postfix pretty soon. I wouldn't have a clue how to do that. :) I'm still a Postfix newbie. Regards, Dianne. PS: There is an official MIMEDefang git repo on github now: https://github.com/The-McGrail-Foundation/MIMEDefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang and Postfix (was Re: Hi, and an update)
> I've recently taken a position at Best Practical Solutions (the folks > who make RT / Request Tracker.) I actually have to integrate MIMEDefang > with Postfix, which is not something I've done before, so I'm interested > in hearing tips or pointers from people who have done this. Well, it turned out to be super-easy. The only minor wrinkle was that I made the mimedefang socket an inet socket (127.0.0.1:8443) because Postfix runs in a chroot environment, so it was just easier that way. Then I just added this to /etc/postfix/master.cf: smtpd_milters = inet:127.0.0.1:8443 and everything just worked! Despite having used Sendmail for a long time (20 years?), I have to say I'm a fan of Postfix. Very easy to set up and quite well designed. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Hi, and an update
Hi, everyone, I've recently taken a position at Best Practical Solutions (the folks who make RT / Request Tracker.) I actually have to integrate MIMEDefang with Postfix, which is not something I've done before, so I'm interested in hearing tips or pointers from people who have done this. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
