RE: [Mimedefang] temp failing - got code?
Here is some code I've used on a small domain with MySQL. If they retry after 10 minutes and before 24 hours they are permanently let through the greylist filter as long as they send from same classc. Hopefully this will help you. sub check_greylist(){ # return 0 is tempfail, 1 is permit if($TrustedRelay==1 || $Sender eq || $sender =~ /(MAILER-DAEMON|postmaster)/i) { return 1; } $dbh = DBI-connect(DBI:mysql:dbname,dbuser,'dbpass'); $blackperiod=10*60; #10 minutes $greyperiod=24*60*60; #24 hours $from = lc($Sender); $from =~ s/[]//g; ( $username, $domain ) = split(/\@/,$from); @classc=split(/\./,$RelayAddr); foreach my $mailto (@Recipients) { $mailto =~ s/[]//g; $sth = $dbh-prepare(SELECT greystatus,inittime FROM greylist WHERE domain='$domain' AND ip LIKE '$classc[0].$classc[1].$classc[2].%' AND (greystatus=1 OR mailto='$mailto') ORDER BY greystatus DESC LIMIT 1); $sth-execute; if (($greystatus,$inittime)=$sth-fetchrow() ) { $timediff = time() - $inittime; if ($greystatus == 1) { md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Already white); $rc=1; } elsif ($timediff $blackperiod $timediff $greyperiod) { $dbh-do(UPDATE greylist SET greystatus=1 WHERE domain='$domain' AND ip LIKE '$classc[0].$classc[1].$classc[2].%'); md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Whitelisted now); $rc=1; } elsif ($timediff $blackperiod $timediff $greyperiod) { $dbh-do(UPDATE greylist SET inittime='.time().' WHERE domain='$domain' AND ip LIKE '$classc[0].$classc[1].$classc[2].%'); md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Greylisted again); $rc=0; } else { md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Black still); $rc=0; } } else { $dbh-do(INSERT INTO greylist (greystatus,inittime,user,domain,ip,mailto) VALUES (0,'.time().','$username','$domain','$RelayAddr','$mailto')); md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Greylisted now); $rc=0; } $sth-finish; } $dbh-disconnect(); return $rc; } CREATE TABLE greylist ( greystatus int(11) NOT NULL default '0', inittime varchar(20) NOT NULL default '', user varchar(200) NOT NULL default '', domain varchar(200) NOT NULL default '', ip varchar(15) NOT NULL default '', mailto varchar(200) NOT NULL default '', PRIMARY KEY (domain,ip,mailto), KEY status (greystatus) ) ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Need to turn off CC in Defang Notifications
Upgraded to latest version I believe. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Penkower Sent: Monday, November 29, 2004 12:43 PM To: [EMAIL PROTECTED] Subject: [Mimedefang] Need to turn off CC in Defang Notifications Since Clamav 0.80 took it upon itself to detect and bounce HTML.Phishing emails, my users are getting cc's with the message. The notification to the sender (from defang) is cc'd to postmaster and to the user. In my filter, I want to turn off the cc'ing to the user. How do I accomplish that? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Allowing mails from specific users
Yes that would work. Of course any virus/spammer pretending to use that email address would also get through. Nelson Minica ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Catching the porn spams
Easy? Maybe. But at least it would have verified the spammer's e-mail address/domain/IP in a world where 99.% of spam hides behind fake e-mail addresses and zombie machines. Like SPF is supposed to do. With a whitelist based system of course the user has to manage their whitelist if they want to receive e-mail from notification systems. C/R is only one piece of a whitelist based system. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] And this would be very easy for the spammers to write mail systems to look for the challenge, and respond. The only ones that make it difficult for automated response are the ones with an image that has to be typed, but many of those cause problems for people with vision problems. And they break down when you use text only mail readers. What about some end-user type that signs up for legitimate email notifications. Who is supposed to check for the challenges from the EUs that don't remember to add the notification system to their white list? ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Catching the porn spams
Even with all my RBL/SpamAssasin/SPF/Greylisting spam blocking efforts I was still getting about 1 porn spam a month, and that's 1 porn spam a month too many for me. Switching to a whitelist based system (like challenge-response) is the only answer that seems to be 100% (at this point in time). Slowly writing/testing one, seems to be working good so far. -Original Message- How are other people blocking this stuff? Even the SARE rulesets are not catching it. Try the SpamCop URI SpamAssassin ruleset. It catches URLs in the body that match sites that are advertised through SPAM. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records
Seems to be the deadline date I keep hearing because that's when Microsoft will start checking SPF. Microsoft to enforce Sender ID checks http://www.infoworld.com/article/04/07/22/HNmicrosoftid_1.html http://www.DNSreport.com now gives a warning if your domain doesn't have SPF. ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] filter bounces using mimedefang?
If only sendmail had an OUTPUT_MAIL_FILTER grrr ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] filter bounces using mimedefang?
I'm looking for a way to filter specific bounces preferably using mimedefang. Looking at the sendmail logs, bounces from the local MAILER-DAEMON don't ever appear to hit the milter. Any way I can make them go through mimedefang??? I have not checked on remote bounces yet. I tried sendmail's (deprecated) Errors-To: functionality, but that still copies the Return-Path: (and hence doesn't allow me to filter). I'd really like to do this at milter level instead of local/procmail level. Thanks for any suggestions in advance! ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] local socket unsafe
I also have this problem if I try to restart MD before the previous MD processes have stopped. Log file for example you can see it is trying to start before mi_stop=1... Something wrong with init.d script. mimedefang-multiplexor: Received SIGTERM: Killing slaves and terminating mimedefang-multiplexor: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10 mimedefang-multiplexor: Starting slave 0 (pid 1456) (1 running): Bringing slaves up to minSlaves (2) mimedefang[1457]: Multiplexor alive - entering main loop mimedefang[1244]: MIMEDefang-2.42: mi_stop=1 sendmail[1463]: alias database /etc/mail/aliases rebuilt by root sendmail[1463]: /etc/mail/aliases: 674 aliases, longest 156 bytes, 17074 bytes total sendmail[1469]: starting daemon (8.12.11): [EMAIL PROTECTED]:05:00 sm-msp-queue[1478]: starting daemon (8.12.11): [EMAIL PROTECTED]:05:00 sendmail[1485]: i5R8Ktsc001485: Milter (mimedefang): local socket name /var/spool/MIMEDefang/mimedefang.sock unsafe sendmail[1485]: i5R8Ktsc001485: Milter (mimedefang): to error state sendmail[1485]: i5R8Ktsc001485: Milter: initialization failed, temp failing commands ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Where is best to use $SendmailMacros{auth_authen} ?
Here's what I use: ACCEPT_AND_NO_MORE_FILTERING in filter_relay. Can't use macros there, have to read COMMANDS file. sub is_trusted() { if ($RelayAddr eq 127.0.0.1 || $RelayAddr eq 123.123.123.123 || $RelayAddr =~ /^10\.1\.1\./) { return 1; } else { open(COMM, ./COMMANDS) or return 0; while(COMM) { if (/^=auth_authen/) { close(COMM); md_syslog('info', MDLOG: SMTP Authenticated); return 1; } } close(COMM); return 0; } } #Must set MX_RELAY_CHECK=yes in /etc/init.d/mimedefang sub filter_relay { my($ip, $name, $helo) = @_; if ($helo =~ /mydomain\./i) { if (!is_trusted()){ return(REJECT,Spam block HELO $helo.); } } if (is_trusted()){ return(ACCEPT_AND_NO_MORE_FILTERING,ok1); } return (CONTINUE,ok2); } ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] yet another greylist mysql implementation
The tied DBM code just didn't make sense to me so I wrote this before I saw someone else ported the DBM code to mysql... Just thought I'd offer it to community for comments/inspection (I'm sure it could be improved)... use at your own risk! The code greylists by domain/classc/to, but will allow domain/classc to anyone once whitelisted. sub check_greylist(){ # return 0 is tempfail, 1 is permit if($Sender eq || is_trusted()) { return 1; } use DBI; $dbh = DBI-connect(DBI:mysql:spamdb,myuser,'mypass'); $blackperiod=10*60; #10 minutes $greyperiod=24*60*60; #24 hours $from = lc($Sender); $from =~ s/[]//g; ( $username, $domain ) = split(/\@/,$from); @classc=split(/\./,$RelayAddr); foreach my $mailto (@Recipients) { $mailto =~ s/[]//g; $sth = $dbh-prepare(SELECT greystatus,inittime FROM greylist WHERE domain='$domain' AND ip LIKE '$classc[0].$classc[1].$classc[2].%' AND (greystatus=1 OR mailto='$mailto') ORDER BY greystatus DESC LIMIT 1); $sth-execute; if (($greystatus,$inittime)=$sth-fetchrow() ) { $timediff = time() - $inittime; if ($greystatus == 1) { md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Already white); $rc=1; } elsif ($timediff $blackperiod $timediff $greyperiod) { $dbh-do(UPDATE greylist SET greystatus=1 WHERE domain='$domain' AND ip LIKE '$classc[0].$classc[1].$classc[2].%'); md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Whitelisted now); $rc=1; } elsif ($timediff $blackperiod $timediff $greyperiod) { $dbh-do(UPDATE greylist SET inittime='.time().' WHERE domain='$domain' AND ip LIKE '$classc[0].$classc[1].$classc[2].%'); md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Greylisted again); $rc=0; } else { md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Black still); $rc=0; } } else { $dbh-do(INSERT INTO greylist (greystatus,inittime,user,domain,ip,mailto) VALUES (0,'.time().','$username','$domain','$RelayAddr','$mailto')); md_syslog('info', GREYLIST: $domain $classc[0].$classc[1].$classc[2] Greylisted now); $rc=0; } $sth-finish; } $dbh-disconnect(); return $rc; } sub is_trusted() { if ($RelayAddr eq 127.0.0.1 || $RelayAddr eq 123.123.123.123 || $RelayAddr =~ /^10\.1\.1\./) { return 1; } else { open(COMM, ./COMMANDS) or return 0; while(COMM) { if (/^=auth_authen/) { close(COMM); md_syslog('info', MDLOG: SMTP Authenticated); return 1; } } close(COMM); return 0; } } sub filter_begin () { if ( !check_greylist() ) { return action_tempfail(Temporary Error, please retry later); } etc... CREATE TABLE greylist ( greystatus int(11) NOT NULL default '0', inittime varchar(20) NOT NULL default '', user varchar(200) NOT NULL default '', domain varchar(200) NOT NULL default '', ip varchar(15) NOT NULL default '', mailto varchar(200) NOT NULL default '', PRIMARY KEY (domain,ip,mailto), KEY status (greystatus) ) TYPE=MyISAM; ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Where is best to use $SendmailMacros{auth_authen} ?
Nit: you're calling is_trusted twice to check the same things - including a file read. Option 1, store the value and use it for the tests. Thanks, your right. I saw that but let it go since we don't block many HELO's. Shame on me, posting sloppy code! ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang