Re: [Mimedefang] A rose by any other name... Renaming MIMEDefang. What's your idea for a name?
Am 09.12.19 um 18:12 schrieb Richard Laager: > PerlMilter would clarify exactly what it does, but might be too generic. I would have suggested perlmilter, too. Other ideas: flexmilter magic milter milterrific Frank (using mimedefang for decades and with a sqlite DB for rating source IPs and detecting identity theft and more) ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] base64 to quoted-printable
Am 11.10.17 um 23:54 schrieb Michael Fox: > Unfortunately, it's an amateur radio BBS written in the 80s that only > understands plain text. It was pretty advanced in its time in that it > uses SMTP internally. But no MIME, no UTF-8, etc. It's still extremely > useful and widely used, especially in emergency comms, delivering mail > over VHF radio where other connectivity isn't available. I'd suggest http://search.cpan.org/~sburke/Text-Unidecode-1.30/lib/Text/Unidecode.pm and doing it in the receiver's procmailrc if there is any. Best regards Frank ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] best practices for handling filename extensions
Am 04.10.17 um 21:41 schrieb Michael Fox: > The example provided in /usr/share/doc/mimedefang shows a very long list > of extensions to be rejected. I am mainly not blocking by filename extensions, but by content. I am blocking: - Files with contents beginning with "MZ" (DOS EXE); - the same inside ZIP files; - the same inside ZIP files inside ZIP files :-) - short or broken ZIP files; - encrypted ZIP files with $name=~/\.(?:com|exe|bat|pif|scr|vbs|hta|cpl|js)$/i as member; - zip files with *.js as member; - several well-known spam or virus file names like Rechnung.rar etc. Also I have built in a sqlite DB where several other conditions (HELO string, unknown recipient rate per IP,...) are tracked for delaying or refusing certain connections. Thanks for that great and highly customizable software, which reduces the spam and malware amount for years now! best regards, Frank ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Poll: Who uses the "filter_tick" and "map" functionality of MIMEDefang? (-X and -N options to mimedefang-multiplexor)
Am 27.04.16 um 13:23 schrieb Dianne Skoll: > 1) Does anyone use the "-X n" feature that calls a function called > filter_tick every "n" seconds? If not... I'd like to nuke. I do heavy RCPT-caching and IP-rating with a SQLite DB and use filter_tick to expire old entries from the tables. Regards, Frank ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] detect failed auth
Hi, is there a way to detect a failed smtp auth in Milter? I know how to detect succeeded auth, but how to differentiate a failed auth from no auth at all? I want to block brute force attacks. Best regards, Frank. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] detect failed auth
Am 10.09.14 um 09:13 schrieb David F. Skoll: On Wed, 10 Sep 2014 11:40:42 +0200 Frank Doepper f...@taz.de wrote: is there a way to detect a failed smtp auth in Milter? No, not as far as I know. Ok. Too bad. If you want to block brute-force attacks, your best bet is something like fail2ban. http://www.fail2ban.org/ Unfortunately saslauthd does not log the IP address. Best regards, Frank. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] change sendmail priority from within filter_begin()
Am 15.01.10 um 09:21 schrieb Kevin A. McGrail:
Expect some flames for not reading the manual so here's two hints:
1 - man mimedefang-filter
2 - action_change_header
action_change_header($hdr, $val, $index)
Changes an existing header in the message. This can be used in
filter_begin or filter_end. The $hdr parameter is the header name without
the colon, and $val is the header value. If the header does
not exist, then a header with the given name and value is added.
The $index parameter is optional; it defaults to 1. If you
supply it, then the $index'th occurrence of the header is changed, if there
is more than one header with the same name. (This is common
with the Received: header, for example.)
Nice joke. I was asking for ...
how can I change the sendmail priority from within mimedefang?
action_add_header('Precedence','bulk') insite filter_begin() adds the
header but seems not to change the priority (probably because sendmail
already has set it).
... changing the Priority (grep ^P /etc/mail/sendmail.cf). I know how to
fiddle with headers. I have really inhaled the manual.
thanks
Frank
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] change sendmail priority from within filter_begin()
Hi,
how can I change the sendmail priority from within mimedefang?
action_add_header('Precedence','bulk') insite filter_begin() adds the
header but seems not to change the priority (probably because sendmail
already has set it).
TIA,
Frank.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] roaringpenguin.com is listed in rfc-ignorant
Am 29.09.04 um 09:45 schrieb [EMAIL PROTECTED]: Now that I think of it, I can't imagine a situation when a legitimate MAIL FROM: would have multiple RCPT TO's. There is one: [EMAIL PROTECTED] is an alias to [EMAIL PROTECTED] + [EMAIL PROTECTED], so that mail to [EMAIL PROTECTED] gets distributed to both addresses. When [EMAIL PROTECTED] sends an email which is undeliverable, he gets a bounce, which gets expanded and forwarded by a.example.com and finally arrives at b.example.com as follows: MAIL FROM: RCPT TO:[EMAIL PROTECTED] RCPT TO:[EMAIL PROTECTED] Of course, this is a silly configuration, but it is real-life experience. just my 2ยข Frank. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang error
Am 13.09.04 um 11:02 schrieb Vivek Kumar: Sep 13 10:58:21 advanceserver mimedefang-multiplexor: Slave 3 stderr: Cannot open bayes_path /var/spool/MIMEDefang/bayes R/W: File exists Do you have autolearn enabled? Are there stale bayes database learn lock files left over, after the crash, in /var/spool/MIMEDefang/ ? We have these messages here too, I think they appear when two or more processes attempt to feed the bayes db at the same time. The messages disappear after a short time and I cannot see any harm. (Is this right?) F. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Re: Dealing with encrypted zip viruses
Am 04.05.04 um 15:42 schrieb Kelson Vibber:
At 01:43 PM 5/4/2004, David F. Skoll wrote:
We permit encrypted zip files if there is no .exe, .pif, etc. in them.
The Archive::Zip perl module can look inside zip files, and even list
the filenames in encrypted zips.
That sounds like it ought to work. I'll check the list archives and see if
there's anything I can use as a starting point.
We do it like that:
if ($fname =~ /\.zip/i) {
use Archive::Zip;
if (my $zip = Archive::Zip-new($entity-bodyhandle-path)) {
# only look at ZIPs with exact 1 member
if ($zip-numberOfMembers==1) {
my ($name)=$zip-memberNames;
my $member=$zip-memberNamed($name);
if ($member-isEncrypted ($name=~/\.(?:com|exe|bat|pif|scr)$/)) {
# exact 1 enctypted member with bad name found.
md_graphdefang_log(CRYPTZIPEXE,$fname:$name,$RelayAddr);
action_bounce(DOS EXEcutable in ZIP attachment found.
. Mail rejected.);
} else {
$member-rewindData;
my ( $outRef, $status ) = $member-readChunk(2);
if ($status == 0 $$outRef eq MZ) {
# EXE signature (MZ) in member found
md_graphdefang_log(ZIPEXE,$fname:$name,$RelayAddr);
action_bounce(DOS EXEcutable in ZIP attachment found.
. Mail rejected.);
}
}
$member-endRead;
}
}
# log other ZIPs for debugging
unless (message_rejected) {
my $size = (stat($entity-bodyhandle-path))[7];
md_graphdefang_log(ZIP,$fname,$size);
}
}
best wishes -
FD
___
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
