from:"Mark Coetser"

Re: [Mimedefang] utf-8 issue?

2017-12-13 Thread Mark Coetser



On 12/12/2017 20:03, Dianne Skoll wrote:

On Tue, 12 Dec 2017 15:43:14 +0200
Mark Coetser <m...@tux-edo.co.za> wrote:


Error from multiplexor: ERR No response from slave
Reap: slave 1 (pid 15022) exited normally with status 22 (SLAVE DIED
UNEXPECTEDLY)


I've never seen this before.  I'm also not convinced it's related
to the UTF-8 issue.  Could you post the exact filter you are using?

I'm also running on Stretch, btw.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang



filter attached, I am doing some other stuff in there but as I said this 
filter has been in place for many years and only recently have those 
errors been occurring...



Thank you,

Mark Adrian Coetser
# -*- Perl -*-
#***
#
# mimedefang-filter
#
# Suggested minimum-protection filter for Microsoft Windows clients, plus
# SpamAssassin checks if SpamAssassin is installed.
#
# Copyright (C) 2002 Roaring Penguin Software Inc.
#
# This program may be distributed under the terms of the GNU General
# Public License, Version 2, or (at your option) any later version.
#
# $Id: mimedefang-filter,v 1.7 2009/10/12 09:49:13 root Exp $
#***

$SALocalTestsOnly = 0;

#***
# Set administrator's e-mail address here.  The administrator receives
# quarantine messages and is listed as the contact for site-wide
# MIMEDefang policy.  A good example would be 'defang-ad...@mydomain.com'
#***
$AdminAddress = 'postmas...@domain.co.za';
$AdminName = "PKF mail firewall";

#***
# Set the e-mail address from which MIMEDefang quarantine warnings and
# user notifications appear to come.  A good example would be
# 'mimedef...@mydomain.com'.  Make sure to have an alias for this
# address if you want replies to it to work.
#***
$DaemonAddress = 'mimedef...@domain.co.za';
$LocalHostName = 'mailhub01';

#***
# If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard
# to add warnings directly in the message body (text or html) rather
# than adding a separate "WARNING.TXT" MIME part.  If the message
# has no text or html part, then a separate MIME part is still used.
#***
$AddWarningsInline = 0;

#***
# To enable syslogging of virus and spam activity, add the following
# to the filter:
# md_graphdefang_log_enable();
# You may optionally provide a syslogging facility by passing an
# argument such as:  md_graphdefang_log_enable('local4');  If you do this, be
# sure to setup the new syslog facility (probably in /etc/syslog.conf).
# An optional second argument causes a line of output to be produced
# for each recipient (if it is 1), or only a single summary line
# for all recipients (if it is 0.)  The default is 1.
# Comment this line out to disable logging.
#***
md_graphdefang_log_enable('mail', 1);

#***
# Uncomment this to block messages with more than 50 parts.  This will
# *NOT* work unless you're using Roaring Penguin's patched version
# of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later.
#
# WARNING: DO NOT SET THIS VARIABLE unless you're using at least
# MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail.
#***
# $MaxMIMEParts = 50;

#***
# Set various stupid things your mail client does below.
#***

# Set the next one if your mail client cannot handle multiple "inline"
# parts.
$Stupidity{"NoMultipleInlines"} = 0;

# Detect and load Perl modules
detect_and_load_perl_modules();

# This procedure returns true for entities with bad filenames.
sub filter_bad_filename  {
my($entity) = @_;
my($bad_exts, $re);

# Bad extensions
$bad_exts = 
'(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|

[Mimedefang] utf-8 issue?

2017-12-12 Thread Mark Coetser


Hi

I have 4 different mail hubs, all running latest debian

ii  perl   5.24.1-3+deb9u2i386 
  Larry Wall's Practical Extraction and Report Language
ii  mimedefang 2.79-2 i386 
  e-mail filter program for sendmail


Recently I am seeing alot of the following errors

Error from multiplexor: ERR No response from slave
Reap: slave 1 (pid 15022) exited normally with status 22 (SLAVE DIED 
UNEXPECTEDLY)


The above are logged in mail.err and are related to the following in 
mail.log which rejects the email with a "try again later" message until 
the email eveentually bounces after 5 days.


stderr: open body: Invalid argument at /usr/share/perl5/MIME/Entity.pm 
line 1878.


A google search shows this topic


https://lists.roaringpenguin.com/pipermail/mimedefang/2013-February/036880.html


But I am not doing anything with MIME::Entity; and the filter is pretty 
much the stock microsoft mimedefang-filter and this does seem to be 
related from the upgrade from Debian Jessie to Stretch, does anyone have 
any pointers?


--
Thank you,

Mark Adrian Coetser
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] best practices for handling filename extensions

2017-10-05 Thread Mark Coetser



On 05/10/2017 06:41, Michael Fox wrote:

I'm looking to understand best practices with regard to rejecting filename
extensions.

  


The example provided in /usr/share/doc/mimedefang shows a very long list of
extensions to be rejected.  I know some hosted mail providers don't allow
.exe.  It annoys me but I just change the extension and it goes through.
And I know that some providers don't allow .zip.  So folks using those
providers just change it to .piz and it goes through.

  


I presume this is, indeed, a little safer, since the recipient has to take
an extra step to change the extension.  And, presumably, they would only do
that if they knew what they were getting.  But I wonder if that's just the
appearance of additional security or if it's a true improvement.

  


So, what do the folks here with much more experience than I do, and why?

  


Thanks much,

Michael


Pretty sure the filetype matching is done by checking the actual mime 
type of the file not just what the file extension is, so just renaming 
the file will still not allow the file through.



Thank you,

Mark Adrian Coetser
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] adding promotional banner to top of email

2017-07-28 Thread Mark Coetser


On 24/06/2017 16:22, Dianne Skoll wrote:

On Sat, 24 Jun 2017 10:18:59 -0400
Dianne Skoll  wrote:


You'd need to roll your own.  It's non-trivial, given the infinite
ways HTML can be malformed.


I would also echo the comments of others on the list who have recommended
against this.  Adding promotional material to emails will quickly
get them marked as spam, and if you add it to emails in transit that you
did not originate, you could quite possibly be breaking the law.

Regards,

Dianne.


Hi

Does anyone have any links to info regarding why this is a bad idea etc, 
would like to pass this onto the client.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] blocked file types in text file

2005-09-19 Thread Mark Coetser

Hi Ppl

I don't know the first thing about perl so please be patient.

If I wanted to create a text file with all the blocked filetypes, how would
I include that text file in my mimedefang-filter ?

Would I be able to do something like

sub filter_bad_filename ($) {
my($entity) = @_;
my($bad_exts, $re);

# Bad extensions
$bad_exts = '/etc/mail/mimedefang-badexts';

# Do not allow:
# - CLSIDs  {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '\.*$';

return 1 if (re_match($entity, $re));

# Look inside ZIP files
if (re_match($entity, '\.zip$') and
$Features{Archive::Zip}) {
my $bh = $entity-bodyhandle();
if (defined($bh)) {
my $path = $bh-path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
return 0;
}

/etc/mail/mimedefang-badexts
ade
adp
app
asd
asf
asx
bas
bat
chm
cmd
com
cpl
crt
dll
exe
fxp
hlp
hta
hto
inf
ini
ins
isp
jse?
lib
lnk
mdb
mde
\{[^\}]+\}

/etc/mail/mimedefang-badexts

Thank you,

Mark Adrian Coetser
[EMAIL PROTECTED]
http://www.tux-edo.co.za, http://www.thummb.com
cel: +27 76 527 8789
tel: +27 11 805 2076
fax: +27 11 805 2330

___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

RE: [Mimedefang] quarantine and notify recipient

2005-07-26 Thread Mark Coetser

From my understanding of send_quarantine_notifications is that it only
notifies the administrator of the quarantine

From the man page

   send_quarantine_notifications()
  This function should be called from filter_end.  If any parts
were quarantined, a quarantine notification is
  sent to the MIMEDefang administrator.  Please note that if you
do  not  call  send_quarantine_notifications,
  then no quarantine notifications are sent.

Mark

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul
Murphy
Sent: 26 July 2005 06:48 PM
To: mimedefang@lists.roaringpenguin.com
Subject: RE: [Mimedefang] quarantine and notify recipient

How about send_quarantine_notifications(), which is provided by
MIMEDefang?
Read the man page for mimedefang-filter for details. 
 
Paul.

-Original Message- 
From: Mark Coetser [mailto:[EMAIL PROTECTED] 
Sent: Tue 26/07/2005 11:30 
To: MIMEDefang@lists.roaringpenguin.com 
Cc: 
Subject: [Mimedefang] quarantine and notify recipient



Hi Ppl

I have been searching and reading but cant find anything that allows
me to
notify the recipient that there email has been quarantined, I have a
filter
for spam that dumps it into the quarantine directory but I need to
notify
the recipient that the email has been quarantined ?


Thank you,

Mark Adrian Coetser
[EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.bwbtrading.co.za http://www.thummb.com
cel: +27 83 296 1199
tel: +27 11 334 7779


___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang



___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

___
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] utf-8 issue?

[Mimedefang] utf-8 issue?

Re: [Mimedefang] best practices for handling filename extensions

Re: [Mimedefang] adding promotional banner to top of email

[Mimedefang] blocked file types in text file

RE: [Mimedefang] quarantine and notify recipient

6 matches

Site Navigation

Mail list logo

Footer information