[Mimedefang] Graphdefang graph order
I've setup my graphdefang-config file with the graphs in the order I want them to be. Problem is, when I run the graphdefang.pl, I get the results, but they aren't in the correct order. Anyone know what determines what order the graphs are displayed on the page? Know a good place to start I've looked in the graphdefang-config and index.php files and do not know enough PERL to determine where it is making the determination of what order they are placed on the page. Bill ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Graphdefang graph order
I have the same graphdefang-config and index.pl files on 2 different machines. One puts it in the order that they are in the graphdefang-config and the other doesn't. HELP James - Original Message - From: "Bill Maidment" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 01, 2004 6:38 AM Subject: Re: [Mimedefang] Graphdefang graph order > James Curtis wrote: > > I've setup my graphdefang-config file with the graphs in the > > order I want them to be. Problem is, when I run the graphdefang.pl, I get > > the results, but they aren't in the > > correct order. Anyone know what determines what order the > > graphs are displayed on the page? Know a good place to start > > I've looked in the graphdefang-config and index.php files and > > do not know enough PERL to determine where it is making > > the determination of what order they are placed on the page. > > > > Bill > > > > Yeah. This one has had me puzzled for quite a while. It appears to be in > alphabetic order of title, but I may be wrong. > > > -- > _/_/_/_/ _/ _/ > _/_/ _/ _/ _/ > _/_/_/_/ _/ >_/_/ _/ _/ _/ > _/_/_/_/ _/ _/ _/ > > Bill Maidment > Maidment Enterprises Pty Ltd > > Unless you are named "Alfred E. Newman", you may read only the "odd > numbered words" (every other word beginning with the first) of the > message above. If you have violated that, then you hereby owe the sender > AU$10 for each even numbered word you have read. > Adapted from "Stupid Email Disclaimers" (see > http://www.goldmark.org/jeff/stupid-disclaimers/) > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Moving bayes database?
I put in a newer server to replace my main sa/mimedefang server. I am getting less tagged because it has a clean bayes database, and would like to move my old bayes database Is it just as simple as stopping mimedefang, replacing the file, and starting it back up? James ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Moving bayes database?
Is it the default to use a journal? How would I be able to tell? James - Original Message - From: "Jeff Rife" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 21, 2004 9:35 PM Subject: Re: [Mimedefang] Moving bayes database? > On 20 Oct 2004 at 21:23, James Curtis wrote: > > > I put in a newer server to replace my main sa/mimedefang server. > > I am getting less tagged because it has a clean bayes database, and would > > like to move my old bayes database > > Is it just as simple as stopping mimedefang, replacing the file, and > > starting it back up? > > It should be. > > If you use a journal, remember to flush the journal using sa-learn. > Any option that rebuilds the database will do the job. > > > -- > Jeff Rife| "I'm worse than Hitler?!?" > SPAM bait: | > [EMAIL PROTECTED] | "Not worse...just less warm and cuddly." > [EMAIL PROTECTED] | > | -- Jay Sherman and Duke Phillips, "The > Critic" > > > ___ > Visit http://www.mimedefang.org and http://www.canit.ca > MIMEDefang mailing list > [EMAIL PROTECTED] > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Do not use Clam AV < version 8.0
If anyone is using Clam A/V version less than version 8.0, you need to read this http://sourceforge.net/forum/forum.php?thread_id=1174326&forum_id=420492 They are going to start blacklisting anyone from updating their A/V database if they are using older versions of the software. They are also requiring a freshclam.conf modification that is disabled by default. Thought the community should know, I just happened to check their site tonight. James William (Bill) Curtis ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Do not use Clam AV < version 8.0 --Wrong!
Entry from my freshclam.log ClamAV update process started at Sat Nov 6 21:00:00 2004 main.cvd is up to date (version: 27, sigs: 23982, f-level: 2, builder: tomek) daily.cvd is up to date (version: 575, sigs: 2302, f-level: 3, builder: ccordes) WARNING: Your ClamAV installation is OUTDATED - please update immediately ! WARNING: Current functionality level = 2, required = 3 This was the WARNING, even though I only checked once an hour, and I was on version 7.0. Didn't know what was required for functionality level 3, but I was sure that I wanted it. > I was an abuser in their eyes, I would check it 4-5 times a > day. Have modified it to check every 53 minutes... Sorry guys! Will work on > upgrading when I get my head above water. > And James, although your email seemed to be a bushism (Scare tactic), I do > appreciate you bringing this to our attention!! as for the bushism comment, I really did mis-understand what was being stated, and during my upgrade I was still confused as to whether the old version had the DNSQuery option available to them. I guess I could have flip-floped and said "Yeah I know I'm out of date, but I will upgrade when I get my head above water". But I decided to make a decision that I thought was right (upgrade to new version), let it be known (post to mimedefang list), and follow through (actually perform the upgradeI had decided to do). All politics aside, I very rarely check any lists except the MIME Defang list, and hadn't heard anything about the update to clamav like I did when 6.5 came out so I really thought I was providing a service. James William (Bill) Curtis Child of God, not politicians ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] md_check_against_smtp_server and md_graphdefang_log
I'm trying to piece together a filter that logs and blocks traffic that is unnecessary. I can't get md_graphdefang_log to put in an entry for items that are refused because of 'User unknown' responses. As you can tell from my code snip below, I am not a programmer. I am adding a few lines above, and a few lines below where I put my code for reference. Blocking and logging is working for the DNSBL. Blocking and logging are not working for the check against smtp server, but it is sending a bounce back and not trying to deliver to internal server. Mimedefang version is 2.70.1 Any help would be greatly appreciated. -Bill Curtis # IMPORTANT NOTE: YOU MUST CALL send_quarantine_notifications() AFTER # ANY PARTS HAVE BEEN QUARANTINED. SO IF YOU MODIFY THIS FILTER TO # QUARANTINE SPAM, REWORK THE LOGIC TO CALL send_quarantine_notifications() # AT THE END!!! my($result); # yea, I know that the DNSBL is more effecient in sendmail, but I want to know how many blocked for what user by blacklist. if ($result = (relay_is_blacklisted($RelayAddr, "zen.spamhaus.org"))) { md_graphdefang_log('spamhaus', $hits, $RelayAddr); return action_bounce("reject: mail from ($RelayHostname || $RelayAddr) rejected due to http://www.spamhaus.org/zen";); # the reject works, but graphdefang log shows the Subject instead of Relay address action_discard(); } elsif ($result = (relay_is_blacklisted($RelayAddr, "bl.spamcop.net"))) { md_graphdefang_log('spamcop', $hits, $RelayAddr); return action_bounce("reject: mail from ($RelayHostname || $RelayAddr) rejected due to http://bl.spamcop.net/";); # the reject works, but graphdefang log shows the Subject instead of Relay address action_discard(); } sub filter_recipient { my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; md_check_against_smtp_server($sender, $recip, "", ""); md_graphdefang_log('notuser', $recip, $sender); # graphdefang log doesn't log entry as 'notuser', eventually logs it as spam, or mail_in depending on score because of code that follows. return action_discard(); } # Drop anything with a score over 6 (*works) if ($hits > 6) { md_graphdefang_log('spamdrop', $hits, $RelayAddr); action_discard(); } # No sense doing any extra work return if message_rejected(); # Spam checks if SpamAssassin is installed if ($Features{"SpamAssassin"}) { if (-s "./INPUTMSG" < 100*1024) { ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
> Date: Fri, 22 Mar 2013 18:56:44 -0700 > > --- On Fri, 3/22/13, James Curtis wrote: > > I'm trying to piece together a filter > > that logs and blocks traffic that is unnecessary. I > > can't get md_graphdefang_log to put in an entry for items > > that are refused because of 'User unknown' responses. > > The problem is that when Sendmail has already determined an error has > occurred based on its rulesets, the corresponding milter >function is NOT > called - thus there will be no such log entry for the above error unless your > MD filter code determines that the user >is unknown, not sendmail. I don't have any sendmail configuration that checks for bad users. If I take out the "md_check_against_smtp_server($sender, $recip, "mail.hml.com", "192.168.1.10");" it doesn't block any unknown users. -Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
> Date: Fri, 22 Mar 2013 21:49:31 -0700 > From: kd6lvw > --- On Fri, 3/22/13, James Curtis wrote: > > I don't have any sendmail configuration that checks for bad users. > > If you're using the default provided rulesets, you do have a configuration > that checks for bad users. I guess I should have mentioned, my mimedefang server is just a filter. It filters, then forwards to an internal server. Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
Am 23.03.2013 01:43, schrieb James Curtis: >> # yea, I know that the DNSBL is more effecient in sendmail, but I want to >> know how many blocked for what user by blacklist. >> if ($result = (relay_is_blacklisted($RelayAddr, "zen.spamhaus.org"))) { >> md_graphdefang_log('spamhaus', $hits, $RelayAddr); >> return action_bounce("reject: mail from ($RelayHostname || $RelayAddr) >> rejected due to http://www.spamhaus.org/zen";); >> # the reject works, but graphdefang log shows the Subject instead of Relay >> address >That's strange. Please show an example log entry. Sample log entry Mar 24 09:39:05 monitor mimedefang.pl[15805]: MDLOG,r2ODcuhx026963,spamcop,,217.29.152.157,,,Huge 79%25 discount for luvme_mwah13 Mar 24 09:44:06 monitor mimedefang.pl[15805]: MDLOG,r2ODhv3a027039,spamhaus,,31.16.181.217,,,Huge 83%25 discount for sandseatravel Mar 22 18:46:23 monitor mimedefang.pl[29141]: MDLOG,r2MMkKhj002512,mail_in,2.344,88.43.32.209,,,hope Mar 22 20:11:52 monitor mimedefang.pl[29141]: MDLOG,r2N0Bolt004255,mail_in,0.939,23.19.31.184,,,Relieve Your Tax Debt Today Mar 22 18:46:23 monitor mimedefang.pl[29141]: MDLOG,r2MMkKhj002512,mail_in,2.344,88.43.32.209,,,hope Mar 24 02:01:01 monitor mimedefang.pl[15805]: MDLOG,r2O610nv008049,spam,17.521,118.179.250.162,,,Huge 70%25 discount for ack_serpents >> sub filter_recipient >> { >> my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, >> $rcpt_addr) = @_; >> md_check_against_smtp_server($sender, $recip, "> name>", ""); >> md_graphdefang_log('notuser', $recip, $sender); >> # graphdefang log doesn't log entry as 'notuser', eventually logs it as >> spam, or mail_in depending on score because of code that >follows. >> return action_discard(); >> } >This cannot work. You call md_check_against_smtp_server but never >check the result. md_graphdefang_log and action_discard are called >unconditionally. If this code was what your MIMEdefang actually >runs, all messages would be logged with 'notuser' and discarded. >So there must be something else wrong. >Perhaps your MIMEdefang is not using the filter script you think >it does. Perhaps filter_recipient is redefined later. Perhaps it's >a simple copy/paste error or your sanitizing. I guess I need a mimedefang-filter and Perl for dummies book. Is there a place I can find such a document? It seems to be working, but not when I would like. I have gotten by with code snips from other configs, but adding functionality for features that aren't as documented as other features. How do I know what outputs a command will produce when called so I can base an if rule against it? I just now realized that the unknown user reports are because I had to enable the recipient filter on the internal server, so that explains why the bounces are going out. But I really want it to check before sending so it doesn't accept, instead of bounce. Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
> > I guess I need a mimedefang-filter and Perl for dummies book. > > There are plenty of pretty good "Intro to Perl" books; check the O'Reilly > site. As for intro to MIMEDefang, you could have a look at slides from a > talk I gave (a long time ago): > > http://www.mimedefang.org/static/mimedefang-lisa04.pdf I read through that before going to the list. Page 86 seems to be the relevant page, but without sample code in context I'm still lost. I did read through the mimedefang.pl file enough to find: #*** # %PROCEDURE: md_check_against_smtp_server # %ARGUMENTS: # sender -- sender e-mail address # recip -- recipient e-mail address # helo -- string to put in "HELO" command # server -- SMTP server to try. # port -- optional: Port to connect on (defaults to 25) # %RETURNS: # ('CONTINUE', "OK") if recipient is OK # ('TEMPFAIL', "err") if temporary failure # ('REJECT', "err") if recipient is not OK. # %DESCRIPTION: # Verifies a recipient against another SMTP server by issuing a # HELO / MAIL FROM: / RCPT TO: / QUIT sequence #*** AND this ($retval, $code, $dsn, $text) = get_smtp_return_code($sock, $recip, $server); if ($retval ne 'CONTINUE') { $sock->print("QUIT\r\n"); $sock->flush(); # Swallow return value get_smtp_return_code($sock, $recip, $server); $sock->close(); return ($retval, $text, $code, $dsn); } My rookie brain seems to think that it is returning the value to $retval But I can't figure out why this doesn't put an entry into the mdlog, either notauser, or unsure, even if the other variables are incorrect. sub filter_recipient { my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; md_check_against_smtp_server($sender, $recip, "localhost", "192.168.1.10"); if ($retval eq "REJECT") { md_graphdefang_log('notauser', $recip, $sender); # return action_discard(); }else{ md_graphdefang_log('unsure', $retval, $code); } } I verified that I was running mimedefang.pl with the -t option (listed as requirement for filter_recipient) [root@monitor ~]# ps ax |grep mimedefang 27993 ? S 0:00 /usr/bin/mimedefang-multiplexor -t -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -m 2 -x 10 -y 0 -U defang -b 600 -l -s /var/spool/MIMEDefang/mimedefang-multiplexor.sock Any additional help? -Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
Date: Mon, 25 Mar 2013 13:05:16 +0100 (From: t.schm...@phoenixsoftware.de) >So if you relay *all* mails to , >your filter_recipient could in fact be as simple as: >sub filter_recipient >{ >my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, >$rcpt_host, $rcpt_addr) = @_; >return md_check_against_smtp_server($sender, $recip, >"", ""); >} OK, so I tried this simple strip of code, just to get it to reject unknown users without logging. It still doesn't seem to be working. Should it be in a separate section of the code, it's own section of code. I have tried adding it to filter_begin, filter_end, and as it's own section of code directly after the } after all of the filter_begin. Could location be part of the equation that I'm missing? -Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
*Date: Mon, 25 Mar 2013 23:43:15 +0100 From: t.schmidt >>> your filter_recipient could in fact be as simple as: >>> sub filter_recipient >>> { >>> my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, >>> $rcpt_host, $rcpt_addr) = @_; >>> return md_check_against_smtp_server($sender, $recip, >>> "", ""); >>> } >> >> OK, so I tried this simple strip of code, just to get it to reject unknown >> users without logging. It still doesn't seem to be>>working. >That doesn't match what I am observing. With my very similar >setup I get log entries for all rejections. So whatever it is >that rejects unknown users in your setup, I'm pretty sure it >isn't that filter_recipient function. >What exactly do you mean by "reject unknown users without >logging", anyway? What happens when a server attempts to >deliver a mail message for an unknown user? What response >does the sending server get? What does your server log? >Nothing at all? That would be very odd. In my experience, >Sendmail always logs at least the connection attempt. >Please show an actual log excerpt. I get the normal sendmail logs, but since my filter is a relay, it doesn't know what users exist, so it accepts the email, and then has to send a bounce message. when I said reject without logging, I meant md_graphdefang_log > >One other thing I forgot: MIMEdefang must actually be told >that you want it to run a filter_recipient function, by >starting it with the -t option. If you don't give that option >it'll just ignore any filter_recipient function you might >have in your filter script. Bit me more than once, that one. > I modified the mimedefang init script as follows is this correct for what you meant? (previously the -t wasn't there): daemon $PROGDIR/$prog-multiplexor -t -p /var/spool/MIMEDefang/$prog-multiplexor.pid\ ps ax |grep mimedefang reports this: 32559 ?S 0:00 /usr/bin/mimedefang-multiplexor -t -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -m 2 -x 10 -y 0 -U defang -b 600 -l -s /var/spool/MIMEDefang/mimedefang-multiplexor.sock 32560 ?S 0:12 /usr/bin/perl /usr/bin/mimedefang.pl -server 32575 ?Sl 0:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -R -1 -U defang -q -p /var/spool/MIMEDefang/mimedefang.sock 32588 ?S 0:00 /usr/bin/perl /usr/bin/mimedefang.pl -server >> Could location be part of the equation that I'm missing? >Well, of course where you place code makes all the difference. >In programming, where you place a piece of code determines >when it is run. >If you are unsure how all of this hangs together, perhaps it >would be best to post your mimedefang-filter script in its >entirety so knowledgeable people can have a look at it. Is this forum a good place to post in entirety, or somewhere else? It really is simple mods to the stock mimedefang-filter. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
> Date: Mon, 25 Mar 2013 20:35:53 -0700 > From: kd6...@yahoo.com > I was responding directly to what was posted to the list, which has the > defect. > The original post was a cut/paste from my /usr/bin/mimedefang.pl file (version 2.70-1) > > > 2) md_check_against_smtp_server is intended to be used against servers > > you control. If you want to blacklist your own MIMEDefang relay... > > That may have been your intent for adding the function, but it can easily be > abused to perform callbacks to random servers, especially when used to test > the sender's address for validity as a return address. If it were to be > limited to servers under one's control and enforced as such, the routine > would have to obtain the recipient's MX-RRset internally and test all higher > priority MTAs; thus it would not need the remote host address parameter. It > would determine which host in the MX-RRset it is running on based on the > macro variables passed in via the milter interface. > ___ >From what I have read of the documentation (man mimedefang-filter, Rejecting >Unknown Users Early section), the md_check_against_smtp_server is meant to >verify that the email address someone is sending to actually exists on the >server they are trying to send to (through the filter server that is running >mimedefang). To the best of my knowledge it doesn't check the sender to make >sure that the sender exists on the domain that the sending email address. > FILTERING BY RECIPIENT You can define a function called filter_recipient in your filter. This lets you reject messages to certain recipients, rather than waiting until the whole message has been sent. Note that for this check to take place, you must use the -t flag with mimedefang. > Can someone verify that modifying the /etc/rc.d/init.d/mimedefang script daemon $PROGDIR/$prog-multiplexor -p /var/spool/MIMEDefang/$prog-multiplexor.pid -t \ OR daemon $PROGDIR/$prog-multiplexor -t -p /var/spool/MIMEDefang/$prog-multiplexor.pid \ OR am I misunderstanding what it means to run it with the -t option. I think this may be why my md_check_against_smtp_server doesn't appear to be working. -Bill Curtis ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
Date: Tue, 26 Mar 2013 10:21:42 From: t.schmidt >In my case (CentOS) the configuration file is >/etc/sysconfig/mimedefang, containing, among others, these lines: > ># If "yes", turn on the multiplexor recipient checking function >MX_RECIPIENT_CHECK=yes I do use CentOS and I have modified the line as suggested. Now my MIMEDefang server is blocking unknown recipients. Thanks everyone for getting me to this point. Now just one more thing. I want to md_graphdefang_log if it is an unknown user. Here is what I have put together based on the other entries in this post. I'm sure I'm missing something because it doesn't work. Please advise for this last piece of the puzzle. Obviously I wouldn't log all valid, its for testing purposes, what am I missing? --code sub filter_recipient { my ($retval, $code, $dsn, $text) = md_check_against_smtp_server($sender, $recip, "localhost", "192.168.1.10"); # my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; # return md_check_against_smtp_server($sender, $recip, "mail.hml.com", "192.168.1.10"); if ($retval eq "Reject") { md_graphdefang_log('notauser', $recip, $sender); }else{ md_graphdefang_log('valid', $retval, $code); } } --code--- Thanks everyone for the help so far -Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
> From: jameswcurtis Date: Tue, 26 Mar 2013 06:23:30 -0400 > >In my case (CentOS) the configuration file is > >/etc/sysconfig/mimedefang, containing, among others, these lines: > > > ># If "yes", turn on the multiplexor recipient checking function > >MX_RECIPIENT_CHECK=yes > I do use CentOS and I have modified the line as suggested. Now my MIMEDefang > server is blocking unknown recipients. > Thanks everyone for getting me to this point. > Now just one more thing. I want to md_graphdefang_log if it is an unknown > user. Here is what I have put together > based on the other entries in this post. I'm sure I'm missing something > because it doesn't work. Please advise for this > last piece of the puzzle. Obviously I wouldn't log all valid, its for testing > purposes, what am I missing? > --code > sub filter_recipient > { > my ($retval, $code, $dsn, $text) = md_check_against_smtp_server($sender, > $recip, "localhost", "192.168.1.10"); > # my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, > $rcpt_addr) = @_; > # return md_check_against_smtp_server($sender, $recip, "mail.hml.com", > "192.168.1.10"); > if ($retval eq "Reject") { > md_graphdefang_log('notauser', $recip, $sender); > }else{ > md_graphdefang_log('valid', $retval, $code); > } > } > --code--- Actually the code above blocks all email with a 5.7.1 ? response, but I think you can see what I want to accomplish. -Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
So I'm still trying to get md_check_against_smtp_server working with md_graphdefang_log. = I made the modification to /etc/sysconfig/mimedefang (still not sure why this is referred to as 'running with the -t option') MX_RECIPIENT_CHECK=yes = I made the following additions to /etc/mail/mimedefang-filter (after filter_begin subrouting completes, before filter) -Code sub filter_recipient { my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_; return md_check_against_smtp_server($sender, $recip, "localhost", "192.168.1.10"); } Code- I now get the following response before the data phase that rejects the user! 550 5.1.1 t...@testdomain.com... User unknown - Yea! It's working I am trying to get a log entry for all emails that are getting rejected because managers like metrics. I tried changing the code as suggested below: --Code- sub filter_recipient { my ($retval, $code, $dsn, $text) = md_check_against_smtp_server($sender, $recip, "localhost", "192.168.1.10"); # if ($retval eq "Reject") { # md_graphdefang_log('notauser', $recip, $sender); # return action_discard #} #else{ # md_graphdefang_log('valid', $retval, $code); # } } -Code-- Having tried with the remarked statement and having it fail, I remarked it back to just ther ecommended line and it still fails all email address', whether valid or not valid with this response: 501 5.5.4 Invalid Address Thaks for all the info, the pros and cons. Most of them I knew, I'll probably be looking for info on how to get MIMEDefang to work with SPF later. -Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
>Date: Wed, 27 Mar 2013 12:19:30 schm...@phoenixsoftware.de >I told you not to remove the first line >my($recip, $sender, ...) = @_; >Without that line, the $sender and $recip variables will not be set, >so your md_check_against_smtp_server call will try to check an empty >address. >I also told you to compare $retval to "REJECT" in all capitals in >your if statement because that's what md_check_against_smtp_server >will return. As it stands, the comparison will never be true so >the else branch will always be run. >And finally I told you to insert a return statement before the >closing brace. The code above will return an empty result, which >the caller doesn't expect. >Btw, "return action_discard" is not appropriate in filter_recipient >either. It should be something like "return('REJECT', 'You lose!');". >> Having tried with the remarked statement and having it fail, I remarked it >> back to just ther >ecommended line and it still fails all email address', >> whether valid or not valid with this response: >> 501 5.5.4 Invalid Address >And quite rightly so. The empty address is indeed invalid as a >recipient. :-) >In sum, try something like this: (Sorry for the line wraps.) >-Code >sub filter_recipient >{ (redacted for brevity) ... >} >} >Code- Thanks for the thorough explanation. I had spent some time looking at the mimedefang.pl script (specifically the interaction between md_check_against_smtp_server and watching how it calls get_smtp_return_code) and I was getting close. . I put in the code as you provided, but it still doesn't log anything (either valid or notauser) into the md_graphdefang_log. However I did find this in my /var/log/maillog Mar 27 09:59:40 monitor mimedefang.pl[23405]: md_graphdefang_log called outside of message context -Bill ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
27 Mar 2013 10:59:45 -0400 -mattg > Note that md_graphdefang_log should not be used in filter_relay, > filter_sender or filter_recipient. The global variables it relies > on are not valid in that context. > [...] This has been a very long thread to say, "You can't get there from here" :-) > > I work around this in my filters by making a my_graphdefang_log() that > doesn't access the variables that aren't yet defined in the above contexts. > I am glad that I have been able to get the md_check_against_smtp_server added to remove the backscatter. I am really glad that I've learned some context for Perl (some concepts from BASIC apply, but that's about it). Can't imagine the amount of errors I'll incur when creating a new sub-routine for my_graphdefang_log(), but it will be a fun time. I'm assuming that I start with the code from md_graphdefang_log and remove the variables. Cheers, (can you hear the sound of my O'Reily Perl for Beginners book opening?) Thanks for all the help and consideration during this process from all involved. -Bill Curtis ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
27 Mar 2013 14:11:08 -0500 > > Although I checked the manpage several times in the course of this > > thread I never noticed that paragraph. Well, you live and learn. > Hindsight is 20/20, I found this thread from 2008, indicating the same issue, and possible resolution. http://lists.roaringpenguin.com/pipermail/mimedefang/2008-September/034277.html Thanks again for all the help. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] What about DKIM
> DKIM doesn't validate the spaminess of the content. Why do you think it does? > > All it does is to authenticate the source of the message. This way, you know > the spammer is who he claimed to be (or not). When properly set up, it will > identify forged and tampered messages to you; that's all. > ___ I see lots of email that is on blacklisted (spamhaus,spamcop, etc) servers still passing DKIM tests. My perspective on blacklists is the following. First off, I explicitly trust blacklists that I have tested over time. I initially test them by adding spamassassin rules to tag items that are on the blacklists with a low score. Then I can grep my maillog for items matching that rule. From there I can evaluate the subject lines by greping my mdlog for the queue ID. If the blacklist rules hit emails with low collateral damage, I put the blacklist in a filter_begin that blocks mail before receiving. I have been testing UCEPROTECT (1&2) on my servers today. For the past 5 hours I have detected 70 emails matching UCEPROT, and 24 of them have passed DKIM. [root@filter1 ~]# cat /var/log/maillog |grep -c UCEPROT 69 [root@filter1 ~]# cat /var/log/maillog |grep UCEPROT |grep -c DKIM_VALID 24 Here are my current stats for anyone interrested Virus (message had a virus) .01% 11 Spamhaus (Spamhaus blacklist) 30.80% 38967 Spamcop (Spamcop blacklist) 1.37% 1733 SEM-Black (spameatingmonkey blacklist) .22% 282 Spamdrop (scored over 8.0 so it was dropped) 19.87% 25144 Tagged Spam (scored over 3.0 so it was tagged) 38.96% 19750 Mail_in (not tagged) 32.05% 40549 -Regards Bill Curtis ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang