I've just got an email that was rejected by MIMEDefang. It complained
about suspicious chars. After examining copy of message in quarantine,
it doesn't seem to contain anything suspicious. Only printable ASCII
and tabs. Any other explanation for this?
Sorry for not including the offending
Dave Williss wrote:
I think to myself... If I go out of my way to block spam, I'm probably
NOT going
to be inclined to buy anything from a spammer anyway. So why do they
bother?
Spam is usually blocked by sysadmins. They are attempting to bypass
that and reach end users that might be incli
Stewart wrote:
So right now my panic subsides, just slightly, but i'd like to know why
mimedefang might be passing on messages without their attachments and
not warning the users inline, or me via syslog, that there's some sort
of problem ... that wouldn't be an approved behaviour i'm sure!
David F. Skoll wrote:
Fernando Gleiser wrote:
It worked flawlessly until the last version of sober hit it a couple of
days ago. Since then that piece of cr*p is hitting it with bursts
where the server gets 60+ mails in less than 10seconds, so MD runs out
of slaves.
You might want to set the
Kenneth Porter wrote:
Additionally the Fedora wiki has a page for registered system uid's, and
defang is defined there.
Hm, search on the Fedora Wiki hasn't found the page. Could you post the
link to it?
___
Visit http://www.mimedefang.org and htt
Jon Fullmer wrote:
Here's probably a rookie question. How can I configure Mimedefang to skip
checks for messages originating from localhost?
At a higher level, I have a script that runs on the mail server and
generates e-mail messages to some of my users. MD keeps rejecting the
message due to
Quoting Steffen Kaiser <[EMAIL PROTECTED]>:
On Thu, 17 Nov 2005, Aleksandar Milivojevic wrote:
If any of $SuspisiousCharsIn* are true, I'm doing (as one of the
first things in
filter_begin, even before checking for viruses):
action_quarantine_entire_message('descripti
Quoting "Kevin A. McGrail" <[EMAIL PROTECTED]>:
I have to concur but I'll give you more ammunition.
This is pretty broken and large ISPs like AOL and Yahoo may block
mail servers that do not accept bounces.
For example, from: http://postmaster.aol.com/guidelines/standards.html
AOL may reje
Quoting Aleksandar Milivojevic <[EMAIL PROTECTED]>:
return action_bounce("Disposition notifications prohibited");
On second thought, you probably want to call action_discard() instead of
action_bounce here. If you want to play safe, you might want to store
the copy
into
Quoting Marco Berizzi <[EMAIL PROTECTED]>:
Hello.
I'm using a sendmail/MIMEDefang box as a gateway for my M$ Exchange
5.5 internal mail server.
One of our bigger customers are rejecting all messages from <>, so
MDN and return receipt from my M$ exchange relayed through the
sendmail/MD box are
Quoting Mark <[EMAIL PROTECTED]>:
One of our bigger customers are rejecting all messages
from <>,
Then you need to wax their ears some, and set them straight
a bit. Do not accommodate to their gross brokenness.
It might be that they are simply rejecting return receipts as such.
However, if
Quoting Tomasz Ostrowski <[EMAIL PROTECTED]>:
So I'd propose something like:
/* after message_contains_virus() */
if ($SuspiciousCharsInBody) {
action_rebuild();
}
If any of $SuspisiousCharsIn* are true, I'm doing (as one of the first
things in
filter_begin, even before checking for
Quoting Jan Pieter Cornet <[EMAIL PROTECTED]>:
Patching sendmail to reject on bare LF terminated lines is likely
asking for a LOT of trouble. Since traditionally sendmail doesn't care
if you used CRLF or just LF, it's likely that lots of (local, unix-
specific) programs submit messages using onl
Quoting "David F. Skoll" <[EMAIL PROTECTED]>:
David F. Skoll wrote:
Sigh. When you send body chunks back to Sendmail, it converts CRLF
to LF, because it's writing it to a queue file, which is stored with
UNIX-convention line endings. Also, when Sendmail reads the queue
file and sends it to MIM
Quoting "David F. Skoll" <[EMAIL PROTECTED]>:
[EMAIL PROTECTED] wrote:
How about --dont-fix-line-endings
Then I have to use getopt_long and portability goes to hell. :-(
Choose a letter for beta options, and do them like '-B fix-line-endings=off'
(replace '-B' with whatever letter is free)
Hi,
I need to connect to SQLite database from some functions in mimedefang-filter.
Not sure if I got the docs right. What I currently have is something like
this. The semaphores stuff is just to serialize transactions (SQLite pukes
when more than one process is accessing same file). I'm also u
header). If you have a user prepared to
manually circumvent this in order not to have disclaimer added, you have
a bigger problems to worry about anyhow.
Glad to help reduce number of useless disclaimers ;-)
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Ad
ant.org to localhost (127.0.0.1).
Wooohooo :-)
(OK, I haven't checked RFCs, but delegating domain to localhost is
simply plain wrong)
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Pl
as second virus
scanner. It is free and it seems to be good at detecting (at least
some) viruses that are hidden in broken bounced messages. Anyhow,
having mail scanned by two different virus scanners is always a good idea.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknot
filtering (including zip file scanning)
be run in Filter-Begin instead if Filter?
Not really.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winni
on SMTP level anyhow).
When you reject, you can reject temporary (telling other side you
currently have some problems, so it should retry) or permanently
(telling other side it isn't going to happen).
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknot
willing to live with the risks, yes it is possible.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
___
ation in that nice tropical paradise? Maybe not, too risky,
they have extradiction agreement ;-)
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276
e should be split up. In that case, Outlook
Express will generate message/partial.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276
art separately, and
than only remove infected parts instead of blocking entire email).
So basically, commenting or deleting parts of mimedefang-filter where
you are checking for viruses should prevent any virus scanning from
taking place, regardless of values assigned to global variables.
--
exist somewhere out there), so theoretically
each retransmission attempt might come from different IP address.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ex
-effect: When/if you send quarantine notifications later on, they
will contain the report.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg,
ikely that spam will be that big.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
_
your
sendmail).
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
___
Visit http://www.mi
ng it)?
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
___
Visit http://www.mimedefang.o
before sendmail does)
sendmail timeouts are defined in sendmail.mc:
INPUT_MAIL_FILTER(`mimedefang',
`S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:30m;R:30m;E:30m')
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator
/mail/spamassassin to /etc/mail. Try moving the file, or
making symbolic link, and see if that is going to make any difference.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2
it to work with MIMEDEFANG ?.
Yes. You need to add INPUT_MAIL_FILTER to your sendmail.mc and rebuild
sendmail.cf from it. See INSTALL/README files that came with MIMEDefang
for example how that line should look like.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
I do, with the following
information.
X-Header-Overseas: Mail.from.Overseas.source.211.246.165.209
X-Header-NoReverseIP: IP.name.lookup.failed[211.246.165.209]
Ideas?
You can add/change/delete whatever headers you want in filter_begin
and/or filter_end.
--
Aleksandar Milivojevic <[EMAIL P
l parts). Was there anything unusual in those emails that
made MIMEDefang use inline attachments instead of mungling existing text
and/or html parts?
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
T
Jeff Rife wrote:
On 12 Nov 2004 at 9:03, Aleksandar Milivojevic wrote:
For later (simpler) global solution, just add these lines to
sa-mimedefang.cf:
auto_whitelist_path /var/spool/MIMEDefang/awl
bayes_path /var/spool/MIMEDefang/bayes
These are really *bad* paths if you put /var
rrectly (actually, I believe it displays
all text/plain attachments by default).
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276
use_bayes_rules 1
bayes_path /var/spool/MIMEDefang/bayes
bayes_file_mode 0640
bayes_auto_learn 1
You'll probably need DB_File Perl module installed.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator
s that are invalid here, mail can
have more than one, and some might be valid), and filter_end (to check
headers). You'd probably need to install some LDAP perl modules. If
you are going to have persistent connection to LDAP server, make sure it
is made from filter_init.
--
Aleksandar Mili
email,
give the other side as much time as it needs to do whatever it needs to do
before accepting that email.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276
s fixed in version 5.415.
It might be good idea to upgrade MIMEDefang to current 2.48, since there were
couple of small bugs fixed there too (although not as important as the bug in
MIME-tools).
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator
Dave Williss wrote:
My favorite was on an old Data General workstation...
Kernel Panic
Would you like to take a system dump?
These days it would probably be:
Kernel Panic
Would you like to supersize it?
;-)
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote L
as a list of
recipient
addresses for the current message.
I'd just add that mimedefang-filter manpage has small error in part
describing $RelayHostname. If hostname could not be determined, it will
not be undef. In that case it will be set to "[$RelayAddr]".
--
Aleksandar
board'. Simple ;-)
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
___
Visit http://w
chine, and
mimedefang milter and multiplexor on another machine?
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg,
e it in
filter_begin (it is not defined there). Of course, you can use
$entity->head->get() function to get value of any header. Note that you
will need at least MIMEDefang 2.48 to use this (it was broken in
previous versions).
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>
ist_factory() is supposed to do?
Thanks for any help/hints.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winn
-learn on that as the
forwarding will not get the original headers.
Not sure if I understood what you wanted here.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276
operation, you should see those directories
created and than removed by MIMEDefang as it process email. If you
MIMEDefang was not started with -d, and you still see those directories
left over, something is not working right.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Ban
houldn't be hard to patch
Sendmail in this way. Basically, this would be generalization of
already existing Sendmail feature (slowing things down if number of bad
RCPT's is detected). If tactic becomes widespread, spammers might start
actually looking for 5xx codes and acting accordingly.
ilter add: header: X-Scanned-By: MIMEDefang 2.xx on 1.2.3.4
Good idea when you are still building mimedefang-filter file is to have
it log everything it does. My personal preference is using md_syslog()
for this (not md_graphdefang_log()).
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pol
David F. Skoll wrote:
On Wed, 3 Nov 2004, Aleksandar Milivojevic wrote:
This is because we have only "error" built-in mailer in Sendmail. If we
had "disconnect" built-in mailer, things would probably be a bit different.
From reading the Sendmail source code, it looks like Se
Bugtraq, that don't forward spam
(probably because it is moderated), but do some other stuff that might
trigger things here and there. So you might just as likely end up
blocking those, to delight of your users.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknot
s is because we have only "error" built-in mailer in Sendmail. If we
had "disconnect" built-in mailer, things would probably be a bit different.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator
_SURBL
Not directly related to discussion.
I guess that header was added by MIMEDefang? How do you fetch original
SpamAssassin headers into MIMEDefang? I'd rather have SpamAssassin
style headers appended (X-Spam-Status, X-Spam-Report, and so on) than
X-Spam-Score from example mimedefang-filter.
ll take *really* long time
and huge amount of memory for SpamAssassin to digest large emails.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276
data read
Milter (mimedefang): to error state
data, reject=451 4.7.1 Please try again later
If MIMEDefang took too long, and sendmail is accepting the mail (since
F=T was ommited), you'll see first two lines, and than a line saying
that mail was accepted.
--
Aleksandar Milivojevic <[
after
it sends "lone dot" to remote server). If it is limited to only mails
from some sites, it might indicate somebody played with these timeouts
in his configuration file.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator
is way too much. If you set it to 100MB,
and you happen to get 90MB ZIP archive, it might take long time for
AV to scan it, plus MIMEDefang will also spend considerable time (and
memory) to digest it.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Syste
In sa-mimedefang.ca:
auto_whitelist_path/var/spool/MIMEDefang/mimedefang-autowhitelist
And in mimedefang-filter enabled standard initialization stuff for auto
white lists as distributed in stock mimedefang-filter.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Lim
n be, and often is, different than
any of the IP addresses that MX records indirectly point to).
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276
ause he is used using
them.
If you live in US, most of your correspondents will use US-ASCII only,
and such emails will usually be spam. If you have any oversees
correspondents, sooner or later you'll end up refusing some of the
legitimate email.
--
Aleksandar Milivojevic <[EMAIL PROT
ould simply adapt to it. No gain
there. And we end up with screwed DNS, resulting in slower response of
ISP's to abuse complaints.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Pl
MEDefang part), but you completely blocked off my ISP
(GT). Actually, after that guy from US who blocked entire ".ca" domain
because of spam, you are the first one who bounced my mail back, eh ;-)
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote
reasonable, so I haven't attempted to experiment
with that.
Anybody else seeing this?
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276
han the one
proposed by MIMEDefang documentation.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
__
ogged.
I'd say probability of getting response from slaves vs getting that
error message logged is somewhere around fifty-fifty.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
T
D-MX-STATUS
Running%20SpamAssassin%20i9SJPe0L013829
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
__
David F. Skoll wrote:
Hi,
MIMEDefang 2.46-BETA-2 is available at http://www.mimedefang.org/node.php?id=1
This release addresses the problems identified by Aleksandar Milivojevic.
It greatly improves the sanity of the message-rebuilding algorithm. Also,
I've changed it so the append_boiler
0640
After that, things started to work (or at least it looks like that).
Question is, is this correct way to do it?
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204)
rge binary
attachments and such.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
__
test skipped.
Failed 1/5 test scripts, 80.00% okay. 1/339 subtests failed, 99.71% okay.
The old (patched) version of MIME-tools worked fine with MIME::Base64
2.xx (that comes standard with RedHat 7.3).
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Sy
Aleksandar Milivojevic wrote:
I wanted to extend my mimedefang-filter to block disposition
notifications (return receipts).
In short, what I attempted to do in filter_end was the following:
if (lc($entity->head->get("content-type")) =~
m+multipart/report.*disposit
.
The second problem is that I can't seem to be able to check for presence
of certain headers. For example, this doesn't work:
if ($entity->head->get("disposition-notification-to")) {
...
}
(always returns undef).
--
Aleksandar Milivojevic <[EMAIL PROTECT
guess the release that fixes this bug will be 2.46?
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winni
nt to filter_begin? It could be usefull if it was possible to
do some checks on the message before it is modified by MIMEDefang. It
would be more efficient if I don't need to wait until filter_end to do
some simple checks.
--
Aleksandar Milivojevic <[EMAIL PROTECTED]>Pollard
livered to my mailbox, it contains correct headers.
Is this known issue with MIMEDefang? Documentation says that $entity
argument of filter_end will contain original message (unless modified by
previous filter* funcitions).
MIMEDefang version 2.44, MIME-tools version 5.411a-RP-Patched-02.
--
Aleksanda
77 matches
Mail list logo