[Mimedefang] Can I temporarily keep BCC Headers
I am using Mimedefang 2.39 (with sendmail 8.13.0) for a number of purposes. One thing that I use it for is to BCC all incoming and outgoing all emails to an archiving server. The archiving server has an issue. If a user receives an email that was bcc'd to him, there is evidence that the user sent the email, but there is no evidence of who received it. The issue is the same if an internal user sends an email via bcc. There are similar issues with distribution lists. Can Mimedefang to the following: Capture the emails before the bcc header information has been stripped. Then bcc it to the archiving server. Then strip the bcc headers and continue with the delivery. Thanks, Mark Penkower NOTICE TO RECIPIENT: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to Royce & Associates, LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information are reserved by Royce & Associates, LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Clam AV Question
When running freshclam, I get the message: WARNING: Your ClamAV installation is OUTDATED - please update immediately! WARNING: Current functionality level = 3, required = 4 I am running: X-Virus-Scanned: ClamAV 0.80/562/Fri Oct 29 08:39:45 2004, clamav-milter version 0.75c What does the version that I am running miss that the latest one catches. Thanks, Mark Penkower NOTICE TO RECIPIENT: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to Royce & Associates, LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information are reserved by Royce & Associates, LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Looking for Software
This is a little off topic. I can use Mimedefang to bcc all emails to a catch all account. I can then have Outlook download the emails on a regular basis. I have some search software (Iyss Desktop)The software will search for text within the subject, body, or attachments of all of the emails. If the text that we were looking for is in the subject or body, the software can tell what email message that the text was from. However, if the text was in an attachment, the software does not know what message that it came from. The company tells me that they should have a new verion out by the end of the year that will be able to link up text in attachments to the message that it come from. I can't wait that lonk. Does anybody know of some software that already has that functionality? Thanks mark Penkower NOTICE TO RECIPIENT: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to Royce & Associates, LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information are reserved by Royce & Associates, LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Need to turn off CC in Defang Notifications
Since Clamav 0.80 took it upon itself to detect and bounce HTML.Phishing emails, my users are getting cc's with the message. The notification to the sender (from defang) is cc'd to postmaster and to the user. In my filter, I want to turn off the cc'ing to the user. How do I accomplish that? Thanks Mark Penkower NOTICE TO RECIPIENT: This e-mail is meant only for the intended recipient(s) of the transmission, and contains confidential information which is proprietary to Royce & Associates, LLC. Any unauthorized use, copying, distribution, or dissemination is strictly prohibited. All rights to this information are reserved by Royce & Associates, LLC. If you are not the intended recipient, please contact the sender by reply e-mail and please delete this e-mail from your system and destroy any copies. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] append_text_boilerplate
I am using Mimedefang 2.39. I need some help with append_text_boilerplate and append_html_boilerplate. I have a few issues. I only want this to append the text to outgoing messages - not incoming messages. How do i accomplish this. The code is part of sub filter_end { Also, for append_text_boilerplate, I have a "\nmydisclaimer - This adds a line before mydisclaimer Where do I put the \n for the ppend_html_boilerplate. Having "\nmydisclaimer does not insert the new line before mydisclaimer. Where do I put it? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Question about upgrading ClamAv
I am currently running: clamd / ClamAV version 0.75.1, clamav-milter version 0.75c Running freshclam gets me the following message: WARNING: Your ClamAV installation is OUTDATED - please update immediately !WARNING: Current functionality level = 2, required = 3 I compiled up 0.80 on a backup server. The program and milter are working fine. I don't want to have to also have to compile on the production server. As the backup and production have the same flavor and version of Linux, can I just copy over the binaries and configuration files, kill and restart the appropriate processes? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] OFF TOPIC - Need a product to block spyware
This is off topic, but I suspect that people on this list may have an answer. I need a product to block spyware, adware and other related crap from infecting Windows 2000 PC's. Symantec has basically given up and admitted that the authors of these assorted malware are better programmers than the ones that they hire. In order to attempt to not appear defeated, they don't classify these programs as viruses. Their latest product (Symantec Anti - Virus 9) will delete these programs upon a manual scan, however, it will not block them. I need a product to block these types of programs. Can somebody recommend one. Thanks. Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Will I bounce messages is Mimedefang or Clamd crashes?
I am using sendmail 8.13.0, Mimedefang 2.39 and clamd / ClamAV version 0.75.1, clamav-milter version 0.75c. In some milter configurations, if a milter crashes or does not respond, emails are bounced. I don't want that to be the case with my setup. If Mimedefang or ClamAV crashes or does not respond, I want sendmail to process the emails anyway. Here are my sendmail.cf entries: Xmimedefang, S=unix:/var/spool/MIMEDefang/mimedefang.sock, T=S:5m;R:5m Xsample, S=local:/var/run/f1.sock Xclmilter, S=local:/var/spool/MIMEDefang/clmilter.sock,T=S:4m;R:4m sample is a milter provided by sendmail that archives messages. With my setup, if a milter dies, times out, or malfunctions in some other way, will sendmail bounce messages or crash? If so, how can I modify the entries so sendmail will pass the message along if one or more of the milters die or stop responding? Thanks. Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Help With Filter
Some of my users have indicated that they do not want to receive emails from yahoo.com or hotmail.com - How can I put this in a filter (only on a per - user basis) ? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] /usr/local/bin/freshclam
___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] df
dg ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Clamav Setup - Now working
Thanks for all of your help. I have this working. Even though Mimedefang did not detect Clamav when running .configure, it works with Clamav. When I have a chance, I will see if I can get away without running the clamav-milter and let you know how it works out. Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Calm AV setup - Almost done
I have clamav working fine on a backup mail server. I set it up on the production mail server, but am having an issue. I successfully compiled up clamav and clamav-milter and ran them. Here are entries: ps -ef defang5494 1 0 13:55 ?00:00:00 [clamd] defang5760 1 0 13:59 ?00:00:00 [clamav-milter] netstat -a: unix 2 [ ACC ] STREAM LISTENING 2800 /var/spool/MIMEDefang/m imedefang.sock unix 2 [ ACC ] STREAM LISTENING 79454790 /var/spool/MIMEDefang /clamd.sock unix 2 [ ACC ] STREAM LISTENING 79458734 /var/spool/MIMEDefang /clmilter.sock I then need to recompile MimeDefang (2.39) to recognize the scanner. After running .configure, I get: *** Virus scanner detection results: H+BEDV 'antivir' NO (not found) Vexira 'vexira'NO (not found) NAI 'uvscan'NO (not found) BDC 'bdc' NO (not found) Sophos 'sweep' NO (not found) TREND'vscan' NO (not found) CLAMSCAN 'clamav'NO (not found) AVP 'AvpLinux' NO (not found) FSAV 'fsav' NO (not found) FPROT'f-prot'NO (not found) SOPHIE 'sophie'NO (not found) NVCC 'nvcc' NO (not found) CLAMD'clamd' NO (not found) File::Scan NO TROPHIE 'trophie' NO (not found) Could not find any recognized virus scanner... do not use any of the contains_virus functions in your filter. When I did this on the backup server, it recognized clamav - what have i done wrong here: Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] How do I have mimedefang-filter to use the Clamav
Thanks for the replies. I recompiled Mimedefang (2.39) after compiling clamav and it recognized that clamav was there. I went into the clamav-milter directory and compiled clamav-milter. Do I need this? Is it possible to just run the clamav binary- not as a milter and have Mimedefang call it to scan the mailboxes? Also, what is the difference between clamscan and clamd scan? I see I found the binary clamd and ran it. Now ps -ef reports: root 25709 1 0 10:24 ?00:00:00 lt-clamd netstat -a reports unix 2 [ ACC ] STREAM LISTENING 556180 /tmp/clamd If I run clamscan or clamdscan on an infected (even a zip) file it reports the infection. I edited /etc/mail/mimedefang-filter to have it look for clamd - but mimedefang complains: Could not connect to clamd daemon at /var/spool/MIMEDefang/clamd.sock How do I get the socket - there - the default is /tmp/clamd: srwxrwxrwx1 root root0 Sep 8 10:24 clamd If I do so, will Mimedefang then call up clamd and scan messages, or do I need the milter entries in sendmail? Also, where is the init.d script - I can not find it. Thanks again. Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] ClamAV setup
I just installed the latest (0.75.1) version on clamav. The binary is /usr/local/bin/clamscan I have 3 questions: 1 - How do I have mimedefang-filter to use the binary to scan the incoming mail? 2 - How do I get clamav dat file updates? 3 - Will clamav scan within zip files? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Greco's Cash Job
Mark, Look through the cash_botbak email and see what time the saturday emails come in. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Question about Virus Scanners
I normally use Symantec (on Windows desktops) to protect my network from viruses. Im not happy with Symantec, as their current virus defs did not detect the latest beagle virus for most of the day yesterday. Mcafee claimed that their defs dealt with that virus much earlier in the day. For those of you using linux virus scanners with MimeDefang, what other vendors had defs out as quickly as Mcafee? Also, does anybody have good experiences in having MimeDefang call up Mcafee to scan emails? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] How can I block based on file name - not extension
I use the stock code to block certain types of extensions: # This procedure returns true for entities with bad filenames. sub filter_bad_filename ($) { my($entity) = @_; my($bad_exts, $re); # Bad extensions $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp||jar|js|jse|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|rar|reg|scr|sct|sh|shb|shs|sys|vb|vbe|vbs|vxd|wmd|wms|wsc|wsf|wsh|zls\{[^\}]+\})'; # Do not allow: # - CLSIDs {foobarbaz} # - bad extensions (possibly with trailing dots) at end $re = '\.' . $bad_exts . '$'; return re_match($entity, $re); } This works great. I do not want to add zip to the banned lists, as zipped files are often sent with a legitimate purpose, however, I do want to ban certain zip files as they are usually associated with viruses. For exapmle, I want to bounce any emails with the attachment - information.zip. I would also like to return a different bounce meassage for this file. The bounce messgae for bad extensions is here: if (filter_bad_filename($entity)) { md_graphdefang_log('bad_filename', $fname, $type); action_bounce("We are not acepting attachments of this type"); What can I add to this filter to accomplish this? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Why does my x-header appear more than once?
I added the follwoing code to my filter: action_add_header("X-Spam-Checked-By", "Custom Spam Checking Rules"); When I send email to myself locally, the header only appears once. If I send email to myself from an external account, the header appears 2 or 3 times. Why? Do I have it in the wrong place in my filter? I have included my filter - I apologize for any line breakes that my email client adds: -*- Perl -*- #*** # # mimedefang-filter # # Suggested minimum-protection filter for Microsoft Windows clients, plus # SpamAssassin checks if SpamAssassin is installed. # # Copyright (C) 2002 Roaring Penguin Software Inc. # # This program may be distributed under the terms of the GNU General # Public License, Version 2, or (at your option) any later version. # # $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14 21:33:20 dfs Exp $ #*** #*** # Set administrator's e-mail address here. The administrator receives # quarantine messages and is listed as the contact for site-wide # MIMEDefang policy. A good example would be '[EMAIL PROTECTED]' #*** $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = "Mark Penkower"; #*** # Set the e-mail address from which MIMEDefang quarantine warnings and # user notifications appear to come. A good example would be # '[EMAIL PROTECTED]'. Make sure to have an alias for this # address if you want replies to it to work. #*** $DaemonAddress = '[EMAIL PROTECTED]'; #*** # If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard # to add warnings directly in the message body (text or html) rather # than adding a separate "WARNING.TXT" MIME part. If the message # has no text or html part, then a separate MIME part is still used. #*** $AddWarningsInline = 0; #*** # To enable syslogging of virus and spam activity, add the following # to the filter: # md_graphdefang_log_enable(); # You may optionally provide a syslogging facility by passing an # argument such as: md_graphdefang_log_enable('local4'); If you do this, be # sure to setup the new syslog facility (probably in /etc/syslog.conf). # An optional second argument causes a line of output to be produced # for each recipient (if it is 1), or only a single summary line # for all recipients (if it is 0.) The default is 1. # Comment this line out to disable logging. #*** md_graphdefang_log_enable('mail', 1); #*** # Uncomment this to block messages with more than 50 parts. This will # *NOT* work unless you're using Roaring Penguin's patched version # of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later. # # WARNING: DO NOT SET THIS VARIABLE unless you're using at least # MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail. #*** # $MaxMIMEParts = 50; #*** # Set various stupid things your mail client does below. #*** # Set the next one if your mail client cannot handle nested multipart # messages. DO NOT set this lightly; it will cause action_add_part to # work rather strangely. Leave it at zero, even for MS Outlook, unless # you have serious problems. $Stupidity{"flatten"} = 0; # Set the next one if your mail client cannot handle multiple "inline" # parts. $Stupidity{"NoMultipleInlines"} = 0; # The next lines force SpamAssassin modules to be loaded and rules # to be compiled immediately. This may improve performance on busy # mail servers. Comment the lines out if you don't like them. #if ($Features{"SpamAssassin"}) { # spam_assassin_init()->compile_now(1) if defined(spam_assassin_init()); # If you want to use auto-whitelisting: # if (defined($SASpamTester)) { # use Mail::SpamAssassin::DBBasedAddrList; # my $awl = Mail::SpamAssassin::DBBasedAddrList->new(); # $SASpamTester->set_persistent_address_list_factory($awl) if defined($awl); # } #} # This procedure returns true for entities with bad filenames.
[Mimedefang] Can I bounce be looking at keywords in the body without using spamassassin?
Can I bounce be looking at keywords in the body without using spamassassin? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Can I block extended ascii codes in the Subject
I often get emails with crap like: ViĆgra in the subject line. I would bounce a lot of spam if I could just block all subjects that have characters that are in the extended ascii set. Can I do this with Mimedefang? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Help with Spamassassin
I am about to set up Spamassassin I do not plan on doing anything sophisticated with it. I don't want to use any point based system. I simply want to define a list of banned words in the body. If any of these words are present, bounce the email. Can somebody please direct me to the appropriate SpamAssassin configuration file and post a sample config file to do this. Thank you. Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Can I bounce by subject and body without Spamassassin?
Can I bounce by subject and body without Spamassassin? If so, a simple exapmle would be appreciated. Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang]
I am currently only using Mimedefang (2.39) to bounce emails based upon attachment type. The filter works, however, I just noticed this entry in the maillog: May 20 16:24:36 questnet mimedefang-multiplexor: Starting slave 61 (pid 8310) (2 running): Bringing slaves up to minSlaves (2) May 20 16:24:36 questnet mimedefang-multiplexor: Slave 61 stderr: Prototype mism atch: sub main::filter_end ($) vs none at /etc/mail/mimedefang-filter line 391. Subroutine filter_end redefined at /etc/mail/mimedefang-filter line 384. I get this entry when I force mimedefang to reload the rules from the /etc/mail/mimedefang-filter file. The filter works fine, but I am concerned about the error message. I have included the filter at the end of this message. Please describe what I need to do to fix this. Thanks Mark Penkower -*- Perl -*- #*** # # mimedefang-filter # # Suggested minimum-protection filter for Microsoft Windows clients, plus # SpamAssassin checks if SpamAssassin is installed. # # Copyright (C) 2002 Roaring Penguin Software Inc. # # This program may be distributed under the terms of the GNU General # Public License, Version 2, or (at your option) any later version. # # $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14 21:33:20 dfs Exp $ #*** #*** # Set administrator's e-mail address here. The administrator receives # quarantine messages and is listed as the contact for site-wide # MIMEDefang policy. A good example would be '[EMAIL PROTECTED]' #*** $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = "Mark Penkower"; #*** # Set the e-mail address from which MIMEDefang quarantine warnings and # user notifications appear to come. A good example would be # '[EMAIL PROTECTED]'. Make sure to have an alias for this # address if you want replies to it to work. #*** $DaemonAddress = '[EMAIL PROTECTED]'; #*** # If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard # to add warnings directly in the message body (text or html) rather # than adding a separate "WARNING.TXT" MIME part. If the message # has no text or html part, then a separate MIME part is still used. #*** $AddWarningsInline = 0; #*** # To enable syslogging of virus and spam activity, add the following # to the filter: # md_graphdefang_log_enable(); # You may optionally provide a syslogging facility by passing an # argument such as: md_graphdefang_log_enable('local4'); If you do this, be # sure to setup the new syslog facility (probably in /etc/syslog.conf). # An optional second argument causes a line of output to be produced # for each recipient (if it is 1), or only a single summary line # for all recipients (if it is 0.) The default is 1. # Comment this line out to disable logging. #*** md_graphdefang_log_enable('mail', 1); #*** # Uncomment this to block messages with more than 50 parts. This will # *NOT* work unless you're using Roaring Penguin's patched version # of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later. # # WARNING: DO NOT SET THIS VARIABLE unless you're using at least # MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail. #*** # $MaxMIMEParts = 50; #*** # Set various stupid things your mail client does below. #*** # Set the next one if your mail client cannot handle nested multipart # messages. DO NOT set this lightly; it will cause action_add_part to # work rather strangely. Leave it at zero, even for MS Outlook, unless # you have serious problems. $Stupidity{"flatten"} = 0; # Set the next one if your mail client cannot handle multiple "inline" # parts. $Stupidity{"NoMultipleInlines"} = 0; # The next lines force SpamAssassin modules to be loaded and rules # to be compiled immediately. This may improve performance on busy # mail servers. Comment the lines out if you don't like t
[Mimedefang] Need help with filter_relay
Much of my spam can be flagged by keywords in the "from" line of the headers. Here is an example: Received: from centraalbeheer.nl (dsl-213-023-032-104.arcor-ip.net [213.23.32.104]) Here, "dsl" is the flag Other spam keywords that I have found are: adsl pool client cliente unassigned I have 3 questions: 1 - It is my suspicion that bouncing emails with these keywords in the "from" header will only bounce spam. Am I correct here? 2 - Can somebody post more keywords that I should block. 3 - For the purposes of a filter to bounce these emails, I am not sure where to reference the header in filter_relay. Would this work: sub filter_relay { my ($ip, $name, $helo) = @_; if ($name =~ /dsl) or if ($name =~ /pool) { return action_bounce("My Bounce Message"); } return (CONTINUE, "ok"); Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Where is the list posted
I often post a message to the list. It is then answered on the next mailing. Where is the link to see the messages before the next mailing comes in? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] More on Sendmail Queue runner
Interesting, When I killed the queue runner process, I sent myself a test message with a banned attachment. Mimedefang behaved correctly and bounced the message. Then, I got an email from [EMAIL PROTECTED], informing me that Mimedefang had bounced a message. With the queue runner running, I don't receive these types of notifications. I have the following code in the filter: action_notify_administrator("The Mailserver bounced a message.\n"); } Could somebody please post the code with a modification to also give: The sender - along with all of the headers The intended recipient The attachment name Thank you Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Sendmail Queue Runner
I added a sendmail queue runner (/usr/sbin/sendmail -Ac -q5m) to the Mail Server startup routine, because the Mimedefang (2.39) instructions told me to do so, however, if I kill the associated process (root 24682 1 0 10:13 ?00:00:00 sendmail: Queue [EMAIL PROTECTED]:05:00) Mimedefang still works. I am only using Mimedefang to bounce messages with certain types of attachments. Will Mimedefang cease to work if use it for other tasks? If so, what functions would those be? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Why did my Filter Reject this?
It appears that my filter bounced an email with a .doc extension. I have not instructed the filter to block this extension. Please explain why the filter bounced this, and what changes I can make to the filter to allow this in the future. Here is the message from the maillog file: May 5 15:17:05 questnet sendmail[32136]: i45JH3SL032136: from=<[EMAIL PROTECTED] >, size=134617, class=0, nrcpts=1, msgid=<20F754F41050AA4784706FDA24ECF7EF69794C @mail-4.ici.org>, proto=ESMTP, daemon=Daemon0, relay=client45.somewhere [xxx.xxx.xxx.xx] May 5 15:17:05 questnet sendmail[32136]: i45JH3SL032136: milter=mimedefang, act ion=header, continue May 5 15:17:05 questnet last message repeated 13 times May 5 15:17:05 questnet sendmail[32136]: i45JH3SL032136: milter=mimedefang, act ion=eoh, continue May 5 15:17:05 questnet sendmail[32136]: i45JH3SL032136: milter=mimedefang, act ion=body, continue May 5 15:17:05 questnet last message repeated 2 times May 5 15:17:05 questnet mimedefang.pl[23904]: MDLOG,i45JH3SL032136,bad_filename ,T. Rowe Price letter.doc,application/msword,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED] enet.com>,comment letters I thought that the the filter did not like the naming convention, so I make a word document and called it: T. Rowe Price letter.doc I was able to send it to myself without any issues. Here is my filter: /etc/mail/mimedefang-filter # -*- Perl -*- #*** # # mimedefang-filter # # Suggested minimum-protection filter for Microsoft Windows clients, plus # SpamAssassin checks if SpamAssassin is installed. # # Copyright (C) 2002 Roaring Penguin Software Inc. # # This program may be distributed under the terms of the GNU General # Public License, Version 2, or (at your option) any later version. # # $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14 21:33:20 dfs Exp $ #*** #*** # Set administrator's e-mail address here. The administrator receives # quarantine messages and is listed as the contact for site-wide # MIMEDefang policy. A good example would be '[EMAIL PROTECTED]' #*** $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = "Mark Penkower"; #*** # Set the e-mail address from which MIMEDefang quarantine warnings and # user notifications appear to come. A good example would be # '[EMAIL PROTECTED]'. Make sure to have an alias for this # address if you want replies to it to work. #*** $DaemonAddress = '[EMAIL PROTECTED]'; #*** # If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard # to add warnings directly in the message body (text or html) rather # than adding a separate "WARNING.TXT" MIME part. If the message # has no text or html part, then a separate MIME part is still used. #*** $AddWarningsInline = 0; #*** # To enable syslogging of virus and spam activity, add the following # to the filter: # md_graphdefang_log_enable(); # You may optionally provide a syslogging facility by passing an # argument such as: md_graphdefang_log_enable('local4'); If you do this, be # sure to setup the new syslog facility (probably in /etc/syslog.conf). # An optional second argument causes a line of output to be produced # for each recipient (if it is 1), or only a single summary line # for all recipients (if it is 0.) The default is 1. # Comment this line out to disable logging. #*** md_graphdefang_log_enable('mail', 1); #*** # Uncomment this to block messages with more than 50 parts. This will # *NOT* work unless you're using Roaring Penguin's patched version # of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later. # # WARNING: DO NOT SET THIS VARIABLE unless you're using at least # MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail. #*** # $MaxMIMEParts = 50; #*** # Set various stupid things your mail client does below. #*** # Set the next one if your mail client cannot handle nested multipart # messages. DO NOT set this lightly; it will cause action_add_part
[Mimedefang] 2 Questions
The README file for Mimedefang suggests this entry for sendmail.mc: INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, f =T, T=S:360s;R:360s;E:15m') My sendmail.cf (I don't remember why I varied) reads: Xmimedefang, S=unix:/var/spool/MIMEDefang/mimedefang.sock, T=S:5m;R:5m Mimedefang is working properly - I am missing the E:15m entry - What is or is not happening due to the lack of this entry? Also, I see in some posts references to the file /etc/sysconfig/mimedefang. I don't have this file. Therefore, what are my default maximum slave processes? At various times during the day, I have typed "pgrep mimedefang | wc -l." It has returned values from between 6 an 12. I think that it is unlikely that the number will ever be greater than 20. Are the default settings ok for me? Thank you. Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Resource Question
I am using Mimedefang 2.39. My Mail server is a Pentium 2.4 GHZ with 2 gig of Ram. I have a 4 Gig Swap Drive. I have a raided 70 Gig SCSI Drive. On average,the combined incoming and outgoing messages number between 3,000 and 5,000. The total volume is never more than 500 meg. I don't do much with Mimedefang. I bounce banned attachments, and add a disclaimer to all outgoing emails. In the future, I will have Mimedefang BCC all outgoing emails assigned accounts. I don't need Mimedefang to do any Virus Checking. I assume that the hardware that I am using is plenty and that I should never run out of resources with my current Mimedefang Configuration. Can somebody verify this. Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Help with Blocking Bad extensions
This morning, I received this text in a message: WARNING: This e-mail has been altered by MIMEDefang. Following this paragraph are indications of the actual changes made. For more information about your site's MIMEDefang policy, contact Mark Penkower <[EMAIL PROTECTED]>. For more information about MIMEDefang, see: *HTML NOT PASTED* An attachment of type message/rfc822, named Fw_ Please help..email was removed from this document as it constituted a security hazard. If you require this document, please contact the sender and arrange an alternate means of receiving it. Content-Type: multipart/alternative; boundary="--=_1080999509-14207-181" Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) As emails that have been forwarded multiple times often come in with extensions like this, I need to allow this stuff to come in. So, will changing this line: $re = '\.' . $bad_exts . '\.*$'; To this: $re = '\.' . $bad_exts . '$'; Do what I want? Also, I don't ever want a message to be altered by Mimedefang. With my current filter - posted below - will there ever be a situation where Mimedefang alters a message like the example that I posted? Thank you. Mark Penkower # -*- Perl -*- #*** # # mimedefang-filter # # Suggested minimum-protection filter for Microsoft Windows clients, plus # SpamAssassin checks if SpamAssassin is installed. # # Copyright (C) 2002 Roaring Penguin Software Inc. # # This program may be distributed under the terms of the GNU General # Public License, Version 2, or (at your option) any later version. # # $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14 21:33:20 dfs Exp $ #*** #*** # Set administrator's e-mail address here. The administrator receives # quarantine messages and is listed as the contact for site-wide # MIMEDefang policy. A good example would be '[EMAIL PROTECTED]' #*** $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = "Mark Penkower"; #*** # Set the e-mail address from which MIMEDefang quarantine warnings and # user notifications appear to come. A good example would be # '[EMAIL PROTECTED]'. Make sure to have an alias for this # address if you want replies to it to work. #*** $DaemonAddress = '[EMAIL PROTECTED]'; #*** # If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard # to add warnings directly in the message body (text or html) rather # than adding a separate "WARNING.TXT" MIME part. If the message # has no text or html part, then a separate MIME part is still used. #*** $AddWarningsInline = 0; #*** # To enable syslogging of virus and spam activity, add the following # to the filter: # md_graphdefang_log_enable(); # You may optionally provide a syslogging facility by passing an # argument such as: md_graphdefang_log_enable('local4'); If you do this, be # sure to setup the new syslog facility (probably in /etc/syslog.conf). # An optional second argument causes a line of output to be produced # for each recipient (if it is 1), or only a single summary line # for all recipients (if it is 0.) The default is 1. # Comment this line out to disable logging. #*** md_graphdefang_log_enable('mail', 1); #*** # Uncomment this to block messages with more than 50 parts. This will # *NOT* work unless you're using Roaring Penguin's patched version # of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later. # # WARNING: DO NOT SET THIS VARIABLE unless you're using at least # MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail. #*** # $MaxMIMEParts = 50; #*** # Set various stupid things your mail client does below. #*** # Set the next one if your mail client cannot handle nested multipart # messages. DO NOT set this lightly; it will cause action_add_part to # work rather strangely. Leave it at zero, even for MS Outlook, unless # you have serious proble
[Mimedefang] 1 more filter question
I want to block the extensions that I have banned, but I do not want to block or alter (the current default behavior) extensions with trailing dots on the end. Can I just edit this line to do what I want: $re = '\.' . $bad_exts . '\.*$'; If not, please tell me what to edit. Thanks Mark Penkower We are not laible ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Can I test a filter before I reload the rules
Is it possible to test a new filter to see if it works (perhaps using a test email account) before putting it into production and reloading the rules? Thanks Mark Penkower We are not laible ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] More Help with filter - Almost there
Thanks for all of your previous help. I am almost there. The enclosed filter almost works - except it doesn't just bounce the extensions that I have banned, it blocks all extensions. I am sure that I am just missing something simple here. I apologize for any line wrapping that makes this hard to read. Please help - What do I need to do to fix? Thanks Mark Penkower # -*- Perl -*- #*** # # mimedefang-filter # # Suggested minimum-protection filter for Microsoft Windows clients, plus # SpamAssassin checks if SpamAssassin is installed. # # Copyright (C) 2002 Roaring Penguin Software Inc. # # This program may be distributed under the terms of the GNU General # Public License, Version 2, or (at your option) any later version. # # $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14 21:33:20 dfs Exp $ #*** #*** # Set administrator's e-mail address here. The administrator receives # quarantine messages and is listed as the contact for site-wide # MIMEDefang policy. A good example would be '[EMAIL PROTECTED]' #*** $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = "Mark Penkower"; #*** # Set the e-mail address from which MIMEDefang quarantine warnings and # user notifications appear to come. A good example would be # '[EMAIL PROTECTED]'. Make sure to have an alias for this # address if you want replies to it to work. #*** $DaemonAddress = '[EMAIL PROTECTED]'; #*** # If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard # to add warnings directly in the message body (text or html) rather # than adding a separate "WARNING.TXT" MIME part. If the message # has no text or html part, then a separate MIME part is still used. #*** $AddWarningsInline = 0; #*** # To enable syslogging of virus and spam activity, add the following # to the filter: # md_graphdefang_log_enable(); # You may optionally provide a syslogging facility by passing an # argument such as: md_graphdefang_log_enable('local4'); If you do this, be # sure to setup the new syslog facility (probably in /etc/syslog.conf). # An optional second argument causes a line of output to be produced # for each recipient (if it is 1), or only a single summary line # for all recipients (if it is 0.) The default is 1. # Comment this line out to disable logging. #*** md_graphdefang_log_enable('mail', 1); #*** # Uncomment this to block messages with more than 50 parts. This will # *NOT* work unless you're using Roaring Penguin's patched version # of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later. # # WARNING: DO NOT SET THIS VARIABLE unless you're using at least # MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail. #*** # $MaxMIMEParts = 50; #*** # Set various stupid things your mail client does below. #*** # Set the next one if your mail client cannot handle nested multipart # messages. DO NOT set this lightly; it will cause action_add_part to # work rather strangely. Leave it at zero, even for MS Outlook, unless # you have serious problems. $Stupidity{"flatten"} = 0; # Set the next one if your mail client cannot handle multiple "inline" # parts. $Stupidity{"NoMultipleInlines"} = 0; # The next lines force SpamAssassin modules to be loaded and rules # to be compiled immediately. This may improve performance on busy # mail servers. Comment the lines out if you don't like them. #if ($Features{"SpamAssassin"}) { # spam_assassin_init()->compile_now(1) if defined(spam_assassin_init()); # If you want to use auto-whitelisting: # if (defined($SASpamTester)) { # use Mail::SpamAssassin::DBBasedAddrList; # my $awl = Mail::SpamAssassin::DBBasedAddrList->new(); # $SASpamTester->set_persistent_address_list_factory($awl) if defined($awl); # } #} # This procedure returns true for entities with bad filenames. sub filter_bad_filename ($) { my($entity) = @_; my($bad_exts, $re
[Mimedefang] Help with filter - modified
In my last email, I posted the wrong filter - I forgot to uncomment out stuff. Here is the current (not working) one. Thanks Mark # -*- Perl -*- #*** # # mimedefang-filter # # Suggested minimum-protection filter for Microsoft Windows clients, plus # SpamAssassin checks if SpamAssassin is installed. # # Copyright (C) 2002 Roaring Penguin Software Inc. # # This program may be distributed under the terms of the GNU General # Public License, Version 2, or (at your option) any later version. # # $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14 21:33:20 dfs Exp $ #*** #*** # Set administrator's e-mail address here. The administrator receives # quarantine messages and is listed as the contact for site-wide # MIMEDefang policy. A good example would be '[EMAIL PROTECTED]' #*** $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = "Mark Penkower"; #*** # Set the e-mail address from which MIMEDefang quarantine warnings and # user notifications appear to come. A good example would be # '[EMAIL PROTECTED]'. Make sure to have an alias for this # address if you want replies to it to work. #*** $DaemonAddress = '[EMAIL PROTECTED]'; #*** # If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard # to add warnings directly in the message body (text or html) rather # than adding a separate "WARNING.TXT" MIME part. If the message # has no text or html part, then a separate MIME part is still used. #*** $AddWarningsInline = 0; #*** # To enable syslogging of virus and spam activity, add the following # to the filter: md_graphdefang_log_enable(); # You may optionally provide a syslogging facility by passing an # argument such as: md_graphdefang_log_enable('local4'); If you do this, be # sure to setup the new syslog facility (probably in /etc/syslog.conf). # An optional second argument causes a line of output to be produced # for each recipient (if it is 1), or only a single summary line # for all recipients (if it is 0.) The default is 1. # Comment this line out to disable logging. #*** md_graphdefang_log_enable('mail', 1); #*** # Uncomment this to block messages with more than 50 parts. This will # *NOT* work unless you're using Roaring Penguin's patched version # of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later. # # WARNING: DO NOT SET THIS VARIABLE unless you're using at least # MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail. #*** # $MaxMIMEParts = 50; #*** # Set various stupid things your mail client does below. #*** # Set the next one if your mail client cannot handle nested multipart # messages. DO NOT set this lightly; it will cause action_add_part to # work rather strangely. Leave it at zero, even for MS Outlook, unless # you have serious problems. $Stupidity{"flatten"} = 0; # Set the next one if your mail client cannot handle multiple "inline" # parts. $Stupidity{"NoMultipleInlines"} = 0; # This procedure returns true for entities with bad filenames. sub filter_bad_filename ($) { my($entity) = @_; my($bad_exts, $re); # Bad extensions $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|ht a|hto|inf|ini|ins|isp|jar|js|jse|lib|lnk|mdb|mde|msc|msi|msp|mst|pcd|prg |reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbg|vbs|vcs|vxd|wmd|wms|wmz|wsc|w sf|wsh|zls|\{[^\}]+\})'; #*** # %PROCEDURE: filter_begin # %ARGUMENTS: # None # %RETURNS: # Nothing # %DESCRIPTION: # Called just before e-mail parts are processed #*** sub filter_begin () { #*** # %PROCEDURE: filter # %ARGUMENTS: # entity -- a Mime::Entity object (see MIME-tools documentation for details) # fname -- the suggested filename, taken from the MIME Content-Dispo
[Mimedefang] Please help with filter!
I have attached my mimedefang-filter. All that I need fot it to do is to block the banned extensions and to add the boilerplate disclaimer. I know that this does not work because I have the wrong number of brackets somewhere. This is driving me up a wall! Could somebody please post the corrected code. Thank you so much. Mark Penkower # -*- Perl -*- #*** # # mimedefang-filter # # Suggested minimum-protection filter for Microsoft Windows clients, plus # SpamAssassin checks if SpamAssassin is installed. # # Copyright (C) 2002 Roaring Penguin Software Inc. # # This program may be distributed under the terms of the GNU General # Public License, Version 2, or (at your option) any later version. # # $Id: suggested-minimum-filter-for-windows-clients,v 1.72 2003/11/14 21:33:20 dfs Exp $ #*** #*** # Set administrator's e-mail address here. The administrator receives # quarantine messages and is listed as the contact for site-wide # MIMEDefang policy. A good example would be '[EMAIL PROTECTED]' #*** $AdminAddress = '[EMAIL PROTECTED]'; $AdminName = "Mark Penkower"; #*** # Set the e-mail address from which MIMEDefang quarantine warnings and # user notifications appear to come. A good example would be # '[EMAIL PROTECTED]'. Make sure to have an alias for this # address if you want replies to it to work. #*** $DaemonAddress = '[EMAIL PROTECTED]'; #*** # If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard # to add warnings directly in the message body (text or html) rather # than adding a separate "WARNING.TXT" MIME part. If the message # has no text or html part, then a separate MIME part is still used. #*** $AddWarningsInline = 0; #*** # To enable syslogging of virus and spam activity, add the following # to the filter: md_graphdefang_log_enable(); # You may optionally provide a syslogging facility by passing an # argument such as: md_graphdefang_log_enable('local4'); If you do this, be # sure to setup the new syslog facility (probably in /etc/syslog.conf). # An optional second argument causes a line of output to be produced # for each recipient (if it is 1), or only a single summary line # for all recipients (if it is 0.) The default is 1. # Comment this line out to disable logging. #*** md_graphdefang_log_enable('mail', 1); #*** # Uncomment this to block messages with more than 50 parts. This will # *NOT* work unless you're using Roaring Penguin's patched version # of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later. # # WARNING: DO NOT SET THIS VARIABLE unless you're using at least # MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail. #*** # $MaxMIMEParts = 50; #*** # Set various stupid things your mail client does below. #*** # Set the next one if your mail client cannot handle nested multipart # messages. DO NOT set this lightly; it will cause action_add_part to # work rather strangely. Leave it at zero, even for MS Outlook, unless # you have serious problems. $Stupidity{"flatten"} = 0; # Set the next one if your mail client cannot handle multiple "inline" # parts. $Stupidity{"NoMultipleInlines"} = 0; # This procedure returns true for entities with bad filenames. #sub filter_bad_filename ($) { #my($entity) = @_; #my($bad_exts, $re); # Bad extensions $bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|ht a|hto|inf|ini|ins|isp|jar|js|jse|lib|lnk|mdb|mde|msc|msi|msp|mst|pcd|prg |reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbg|vbs|vcs|vxd|wmd|wms|wmz|wsc|w sf|wsh|zls|\{[^\}]+\})'; #*** # %PROCEDURE: filter_begin # %ARGUMENTS: # None # %RETURNS: # Nothing # %DESCRIPTION: # Called just before e-mail parts are processed #*** sub filter_begin () { #***
[Mimedefang]
I am running Redhat Linux 9.0 and am setting up Mimedefang 2.39. According to your instructions, to install the various libraries needed Mimedefang, I need to do the following: perl Makefile.PL make make test su -c 'make install' When I type - su -c 'make install', linux responds: su -c 'make install' At the time, I am logged in as root. simply typing - make install works - Is this good enough? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] BCC All Emails
Good Afternoon, Can I do the following with Mimedefang: I want all emails BCC'd to accounts that correspond to that username. For example: All emails sent from user1 get bcc'd to user1bcc All emails sent from user2 get bcc'd to user2bcc, and so on. I will of course already have the accounts user1bcc and user2bcc and so on set up. If so, can somebody please post the sample code to do this? Thank you. Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Block emails pretending to come from my domain
My company is getting a lot of messages (some new virus with infected zip files) that have forged "return path" headers. The emails pretend to come from my organization. I want to be able to block these messages. The problem is that I have some legitimate users who send emails to our domain from outside of the organization. They use their isp's mail server to send the mail out, however, they have our domain ([EMAIL PROTECTED]) as the "reply to" setting. I therefore have 2 questions: 1 - Is there a way to block all emails coming from outside of roycenet.com, including people forging the email addresses of legitimate users who send emails to our domain from outside of the organization, but at the same time allowing the legitimate users to send emails to the organization? 2 - If that is not possible, can I block all people forging the email addresses of legitimate users who send emails from outside of the organization, but keep a safe list of people who don't get blocked? Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Mimedefang and Redhat 9
Hi, I have a new Redhat 9 Distribution. Does the Distro have the required libraries fro Mimedefang 2.39, or do I need to install the libraries as described here: http://www.rudolphtire.com/mimedefang-howto/ Thanks Mark Penkower ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang