subject:"Re\: \[Mimedefang\] How to configure\?"

Re: [Mimedefang] How to configure?

2009-11-05 Thread -

--- On Thu, 11/5/09, TLD MimeDefang tld.mi...@stimulacra.com wrote:
 Tilman Schmidt wrote:
  What's that combination (action_bounce + action_discard) for?

It's redundant.
 
 ...
 AFAIK, it's not possible to know if a sender was authenticated
 from within SA.  I suppose if someone were so inclined, they
 could hack the sendmail source and find the place where authentication
 is approved and maybe add another header to the email.  I don't
 even know if that is possible.

However, such information is available to MD.  Sendmail even presents the data 
in its auth_ macros to MD at the Mail From check.



___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] How to configure?

2009-11-04 Thread TLD MimeDefang


Bazooka Joe wrote:

How do I - reject mail if it has a score above 5


  My filter's file is /etc/mail/mimedefang-filter.  If yours
is the same, this is the file to edit.

  Your default mimedefang filter should already have a section
set up in it to handle the Spamassassin testing stuff.  look
for the 'if($Features{SpamAssassin})' section.  Below this
you'll see a call to spam_assassin_check, which returns several
items, one of them is the $hits.  Below this is where you'll
perform the test for a hit value.

  Something like:

if($hits = 5.0) {
  #  make a log entry
  md_syslog('notice', $hits ($score) $names);
  #  reject the message
  action_bounce('SPAM markers found');
  #  and return true
  action_discard();
}

  Though, I wouldn't recommend rejecting messages on 5.0. Maybe 9
or 10 would be a better number.  I'd just quarantine anything over
5, because chances are, you'll find quite a few false positives on
5.


or virii


  Mime defang is set up to automatically use anti-virus programs
that are supported by it.  For example, I use clamav, and the
defang filter already handles it with the filter_begin function.
Nothing to do there except keep the clam databases updated.


2 bypass SA or whitelist if the sender was authenticated via smtp_auth.


  Generally, it's a good idea to maintain the filter even on
known authenticated senders.  Supposing an authenticated user
accidentally emails out an attachment that is infected with
a virus?  You'd sure want the system to catch it.

  Just set your Spamassassin to give whitelisted names a negative
score, and let the system do its job.  I give whitelisted people
a -10 here and that's been fully sufficient to keep their emails
flowing smoothly and without problem.

  Even so, I'm not sure such a thing can be done without doing
duplicate whitelist checking in the filter.

TLD
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] How to configure?

Re: [Mimedefang] How to configure?

2 matches

Site Navigation

Mail list logo

Footer information