@lbutlr wrote:
Does anyone have a sieve setup that removes html enclosures (or converts them
to plain text, even better)? I want to do this for specific mails, not globally
for the server, so I think sieve is the way to go here rather than a milter.
To my understanding Sieve deliberately
Bill Cole wrote:
I'm working on a setup for an expandable cluster of machines running
clamd, for the use of multiple MX hosts running diverse MTAs.
Unfortunately, my do-it-all preferred milter (MD) only supports talking
to clamd over a local unix socket. Has anyone worked out a solid way
Marcus Schopen wrote:
Am Montag, den 26.11.2018, 13:02 -0500 schrieb Dianne Skoll:
On Mon, 26 Nov 2018 17:55:57 +0100
Marcus Schopen wrote:
is always the same, but I can't catch it with blacklist_from. Can I
get
that from $entity->head->get('From') or any better ideas?
That should work, or
Benoit Panizzon wrote:
Make sure MIMEDefang is listening to an inet socket, maybe better on
localhost, if you don't run your MIMEDefang on a dedicated filter
machine.
This shouldn't be necessary, although for a variety of reasons it tends
to be *easier* to get working since there are fewer
Marcus Schopen wrote:
Am Freitag, den 24.08.2018, 10:50 -0400 schrieb Dianne Skoll:
I think this is a terrible idea for two reasons:
1) What is the recipient supposed to do with the notification? Most
recipients are not technically savvy and are more likely to panic
than
do anything else.
Kevin A. McGrail wrote:
Interesting crap tracking trick that MD shutdown from Papa John's
because we disable javascript in emails:
document.write('https://2543611.fls.doubleclick.net/activityi;src=2543611;type=email011;cat=promo0;ord =' + a +
'?" width="1" height="1" frameborder="0"
Chip wrote:
So I'm trying to ascertain the real value of jumping ship from the
filtering capabilities of SpamAssassin (which can use regex expressions)
to a .procmail/perl module hybrid.
They're tools for different types of mail filtering. You can't really
replace one with the other.
Chip wrote:
Newbie excited to use the features of mimedefang for a new project that
needs to flag inbound email for sorting into folders (this can be done
via cpanel-level filtering) based on keywords in headers.
MIMEDefang would be a powerful point of access, but it's not very
Marcus Schopen wrote:
Am Dienstag, den 21.11.2017, 10:32 -0500 schrieb Bill Cole:
On 20 Nov 2017, at 16:41 (-0500), Kris Deugau wrote:
USER_IN_WHITELIST_TO applies to all mail for a given recipient; IMO
it's a crude hack to work around cases where whatever is calling SA
can't use the SA
Marcus Schopen wrote:
Hi,
setting
whitelist_to
in sa-mimedefang.cf seems to hit
score USER_IN_WHITELIST_TO -6.0 # they want some spam
spamassassin score, so the score is reduced by a value of 6.0.
How do I hit the -100 score
score USER_IN_WHITELIST-100.0
Joseph Brennan wrote:
New one to me-- a phish came in with a .arj attachment. Pretty old
format. We're going to block it, since I doubt anyone uses it this
side of the 90s.
If you've still got the spample, check the content of that file. It's
probably a RAR archive.
I've seen RAR files
Franz Schwartau wrote:
Hi Dianne, hi list members,
I appreciate md_check_against_smtp_server() supplied by mimedefang.pl
very much. But it lacks two - IMHO - important features: ESMTP AUTH and
STARTTLS.
STARTTLS I can see, but I'm curious why you wanted AUTH at this stage?
Your nexthop
Mike Grau wrote:
Hello all,
Has anybody had a requirement to prepend boilerplate to e-mails? Perhaps
similar to append_text_boilerplate and append_html_boilerplate except
prepending instead of appending?
Check the list archives; someone just asked almost exactly the same
question about
Mark Coetser wrote:
I know html email is not ideal but unfortunately most customers use it
now days. I am currently using append_html_boilerplate to add signatures
etc and now a client has requested that we add promotional banners to
the top of all html emails. I have searched and just cant find
Leonid Vasiliev wrote:
Hi!
We use last mimedefang-2.79 and postfix-3.1.4 and have problem with definition
of $QueueID vars in filter_begin.
Usually all work fine. It is the known problem or we not correctly use
mimedefang? If it is required, I'm ready to get and provide detailed log
Marcus Schopen wrote:
Hi Kris,
Am Montag, den 08.05.2017, 11:13 -0400 schrieb Kris Deugau:
if ($hashfile{$fromaddr}) {
action_add_header("SpecialHeader", "$fromaddr found in list");
}
Ah, good idea. Thanks!
But if I just add this to filter_end
action_add_hea
Marcus Schopen wrote:
Hei,
I have a text base list of email addresses (one email per line). Where
would I best filter on header "From: " (not envelope from) in
mimedefang-filter and add an additional mail header in case of a hit? At
the moment I use spamassassin rules to tag such mails in
Benoit Panizzon wrote:
> Hi all
>
> Does anyone know, if it's possible to use
>
> ClamdSock = "host:port";
>
> in MIMEDefang?
>
> I found very old posts stating, that clamd can only scan local files,
> thus has to be called on the machine the file resides.
>
> Is still this the case, or can
Nels Lindquist wrote:
I've been thinking of experimenting with some of the additional ClamAV
signatures distributed by SaneSecurity in an attempt to beef up
malware detection a bit.
Has anyone done much on this front? If so, what's your experience?
Given the way that ClamAV is used in a
(Please keep replies on-list.)
Marcus Schopen wrote:
Thanks for your idea and code. Nice idea! How did you create and modify
the BerkeleyDB from console? Never did this by hand only via tools like
saslpasswd e.g. for my cyrus/sendmail user db.
I think it took a bit of fine-tuning to get the
Marcus Schopen wrote:
z for some of my domains I'd like to reject mails at a given spamscore of
=5. For some other domains at a higher score. Is it a good idea to read
those domain names from different external config file instead of
coding them hard into mimedefang-milter?
I did this a number
Philip Prindeville wrote:
As long as I’m spouting my Christmas wish list for MIME::tools, how about
also adding a method that not only finds the nth Received: header, i.e.
$entity-get(‘received’, n);
but also decomposes that into keyword/value pairs, such as:
{
‘from’ =
kd6...@yahoo.com wrote:
I take a stronger approach: Since M$ Exchange is incapable of generating
proper Received: headers, I reject all mail which has transited such a
system using that software.
If one looks carefully, their chosen syntax violates even the old RFC 821/822
standards
Hostmaster AustrianOnlines wrote:
Hello
I use mimedefang for a long time, now I have to change the mta to postfix 2.6.6.
is there a way to get mimedefang also run with postfix?
I have searched a lot put I could't find a good howto.
It should Just Work, most of the time. I found the only
Philip Prindeville wrote:
Are you running SELinux on this machine where it didn't work?
No, it was stock Debian (5.0/lenny IIRC). It worked fine straight from
the freshly-installed packages in my test VM, so I'm not certain what
went wrong.
Did you look at /var/log/audit/audit.log for
Roman Pretory wrote:
only put following lines in main.cf don't work.
smtpd_milters = inet:10025@localhost
milter_default_action = tempfail
milter_protocol = 6
milter_mail_macros = {auth_author} {auth_type} {auth_authen}
there is to change to socket also im mimedefang anywere
You're already
kd6...@yahoo.com wrote:
Any spammer stupid enough to try to send his spew forging this host
name as the sender address will also face an SPF-RR v=spf1 -all
(while those idiots still resolving ONLY TXT-RRs for SPF will get
v=spf1 +all).
Some ahem idiots are still using DNS infrastructure that
kd6...@yahoo.com wrote:
--- On Fri, 10/15/10, Kevin A. McGrail kmcgr...@pccc.com wrote:
...
Something like $subject =~ s/[^-a-z0-9 _]//i; would be a good start.
A start it is. One should allow for punctuation at the end, as such is proper writing
style. Also, certain punctuation marks
Tony wrote:
- Original Message - From: Jason Bertoch ja...@electronet.net
you can try:
yum groupinstall Development Tools
this produced a very long list of downloads that all seemed to go well
until right at the end I got:
-- Running transaction check
-- Processing Conflict: kernel
- wrote:
In general, I don't see why anybody should care about any bug that doesn't
exist with the most current release of ALL involved software packages.
Maybe because most people aren't willing to rebuild their entire
production server environment every other week?
Maybe because their
Cliff Hayes wrote:
How does using stream_by_recipient compare with using filter_recipient?
They aren't really related. filter_recipient allows you to tell
sendmail about valid recipients by methods it can't use natively (or
which might be painful to set up); stream_by_recipient allows you
SRAR Mail Administrator wrote:
A PHB has decided he wants to attach an HTML file to an email. While I
don't like it, I do like being paid... So I must accomodate. Nowhere in
my list of bad extensions are htm or html listed, but when the email is
scanned, MIMEDefang is stripping the file, and
Jason Bertoch [Electronet] wrote:
Reading the Optimizing Do's and Don'ts found at
http://www.mimedefang.org/kwiki/index.cgi?OptimizingMIMEDefang,
there is one line bugging me: lock_method flock.
I googled for info on these two locking methods and am hard up to find any
recent information on
Philip Prindeville wrote:
Only ratware seems to like to open multiple connections in parallel.
qmail does this, and short of completely redesigning it (and more or
less making it not qmail), I don't think there's a fix.
It's a real pain, but ratware is not the only software doing this by a
long
Jan-Pieter Cornet wrote:
In the end, I just do what I think is right, carefully reading the RFCs
and my logfiles, but taking neither as gospel.
Indeed. Local policy trumps anything else.
If I decide, for whatever reason, to only accept mail from systems whose
IP contains a 3, that's my
Tomasz Ostrowski wrote:
RPM version of MIMEdefang
mimedefang-2.57-4.fc5.*.rpm
showed in Fedora Extras 5 repository. This means that it will be
automatically updated by nightly yum update if mimedefang was
installed from RPM.
This version does not have any antivirus functionality
Eric Ewanco wrote:
Hi, I just discovered MIMEDefang and I had some questions about its use.
What I want to do is discard spams above a certain spam score, but not
all spams. The problem I am running into now is that although
SpamAssassin supports adding a header with the spam score, it does
David F. Skoll wrote:
And as a colleague so tactfully pointed out, people who _really_ know
Perl would probably be quite horrified by the MIMEDefang code... :-)
I regularly horrify *myself* with code I wrote six months ago.
What was I smoking, and where can I get a fresh supply?!?
-kgd
netguy wrote:
Receintly I updated DNS for a few domains. My registrar gives the
option of assigning an IP addy for domain.tld without having an alias:
mail.domain.tld Ok, says I, lets give it a go. Bam! Slam, Spam
started invading my privacy. This leads me to believe either:
1. Mail (
Fernando Gleiser wrote:
Thanks for the pointer. that did the trick...mostly. I still had to resolv
the man page's conflict but it seems to be working now.
Not much you can really do about that. :/ IIRC I forced the install on
my own systems. I've never had trouble from overwriting another
Fernando Gleiser wrote:
I'm trying to install MD on a CentOS 4.3. I downloaded the perl
dependencies and built the rpms (using cpanflute2). When I try
to install MIME::Base64 I get some conflicts and the installation aborts:
[EMAIL PROTECTED] ~]# rpm -i perl-MIME-Base64-3.03-8.i386.rpm
[someone] wrote:
On Friday, 4/7, I updated clamav from version .88 to .88.1. When I did
so, virus scanning broke. Maillog was filled with entries like:
Apr 7 15:49:23 hoover mimedefang.pl[66764]: Problem running virus
scanner: code=999, category=cannot-execute, action=tempfail Apr 7
15:49:23
David F. Skoll wrote:
PHP's mail() function is completely broken. It is insecure, and it is
*impossible* to make it secure unless you aggressively sanitize all your
input.
PHP is a truly horrible language (hey, I use it every day, so I should
know...) and mail() stands out as one of the worst
Philip Prindeville wrote:
I've found some bugs and shortcomings in Net::CIDR::Lite and tried
to resolve them with the author/maintainer, but it's extremely slow going.
I don't know if some of the more wanton issues will ever get resolved.
Anyone know of a similar module that provides equivalent
[EMAIL PROTECTED] wrote:
I may be able to get them. How well does RHEL 3 handle 50 addresses bound
to one NIC?
From experience I can say that RH7.3 handles that just fine (actually,
at one point that box had 200 IPs bound to one NIC). WBEL should be
pretty much the same.
It *does* get a
Matthew Schumacher wrote:
If we had gone with iptables we wouldn't be able to leave our abuse,
postmaster, and support addresses open, and users would be rejected
without an error message explaining exactly what happened. Since
rejected email only costs us one ldap and one sql lookup we will
David F. Skoll wrote:
Kris Deugau wrote:
define(`confQUEUE_LA', `2')dnl
define(`confREFUSE_LA', `7')dnl
Bad settings.
Having REFUSE_LA higher than QUEUE_LA is a surefire way to kill your server.
Most busy SMTP servers are I/O bound, and running in queue-only mode does
nothing to reduce
Jan Pieter Cornet wrote:
The original poster also mentioned:
define(`confDELAY_LA', `2')dnl
Ouch. It might be instructive to read some sendmail source that is
related to DelayLA... sendmail not only delays for one second after
each command, but also sleeps N seconds before accept()ing each
Kenneth Porter wrote:
A spam filter, like an anti virus, must be constantly updated to match
the spam that comes in. It's not something you install and forget about.
I'd recommend updating SA to 3.1.0 to get better results.
FWIW, I'm still happily using SA 2.64 on three systems for two
Oliver Schulze L. wrote:
I always compilled my installations of mimedefang and now
I'm trying the .rpm version of mimedefang.
I wonder if I need to include:
$Feature{'Virus:CLAMD'} = 1;
At the top of my filter in order to MD detect clamAV or will
it detect automatically?
In the case of
Ashley M. Kirchner wrote:
Our second MX decided to took a dive this morning and I'm having
to merge the domains from that one onto the first MX. The problem
is, what those MXs did. MX1 has a full implementation of MD+SA while
MX2 was used for those clients who didn't want their e-mails
Manuel Capellari wrote:
hi,
i want to send a copy of all of my outgoing mails to the origin sender
and sort those mails to the users 'Sent' mailbox,
Er... Wouldn't it be **FAR** easier to just configure client MUAs to Do
The Right Thing and save copies of outgoing mail in the appropriate
[EMAIL PROTECTED] wrote:
NFN Smith wrote:
I want to move the quarantines to the normal location, but for the
life of me, I can't find in the MD configs where that is set (or why
it would be set to something other than the normal location).
It's hardcoded in mimedefang.pl... presumably
NFN Smith wrote:
Kris Deugau wrote:
(As for Why isn't it where I expect it?, the answer is probably
Debian Policy. IIRC at one point the quarantine and work
directories were the same by default in the official MD tarball
though.)
So, the fact that the box in question is running Debian
Cormack, Ken wrote:
Aug 12 10:53:52 mail01 mimedefang-multiplexor[9340]: Slave 9 stderr:
lock: 9340 unlink of temp lock
/var/spool/MIMEDefang/bayes.lock.mail01.mydomain.com.9340 failed: No
such file or directory
Aug 12 10:53:52 mail01 mimedefang-multiplexor[9340]: Slave 9 stderr:
Cannot
Dale J. Chatham wrote:
I have been using MIMEDefang with SpamAssassin for several years and
am quite pleased with the product.
In every installation, I've been asked to divide incoming mail into
three categories:
1. Pass (probably not spam)
2. Warn (might be spam)
3. Fail (almost
James Ebright wrote:
I believe that sendmail uses Diffie-Hellman key exchange and the MTA
only keeps the master_secret in memory for a short period of time and
must be redetermined during every conversation, so technically yes, I
think a middle MTA could see it, but it would be alot more work
Damrose, Mark wrote:
With the RedHat script, settings in the rc script will be
overridden by /etc/mail/mimedefang.conf if that file exists.
You mean /etc/sysconfig/mimedefang.
It's /etc/mail/mimedefang.conf on *Debian* (and, probably, most other
*nixes). g
Check the initscript just to make
Ben Kamen wrote:
Lisa Casey wrote:
Are you saying I should modify that to read /etc/init.d/mimedefang
-U defang start
Well, personally, I would find that to set bad precedence as if
anything changes with sendmail - the /etc/init.d/sendmail file would
change. You really want to start
Mark Penkower wrote:
The archiving server has an issue. If a user receives an email that
was bcc'd to him, there is evidence that the user sent the email, but
there is no evidence of who received it. The issue is the same if an
internal user sends an email via bcc.
You'll have to add a
[EMAIL PROTECTED] wrote:
Hmmm... on further reflection, your original request was for per-user
SpamAssassin preferences.
I think your best bet is to turn OFF MIMEDefang's SpamAssassin
integration, and run it from procmail.
I have to agree; per-user SA from MIMEDefang is decidedly
James Ebright wrote:
On Wed, 30 Mar 2005 16:46:22 -0500, Kris Deugau wrote
I think you meant 99.9% of those customers WILL fail SPF as they
are sending from an IP outside [their POP provider's] range but
using [their POP provider's] domain name.
Yes, that is exactly how I meant you
David F. Skoll wrote:
When is the last time you saw a virus e-mail that had any
useful content? Probably not in the last 5 years...
About 3 years ago, just after setting up a system to scan outbound mail
for the ISP I was working for, one user got infected with a VBScript
virus that actually
[EMAIL PROTECTED] wrote:
Kris Deugau wrote:
About 3 years ago, just after setting up a system to scan outbound
mail for the ISP I was working for, one user got infected with a
VBScript virus that actually attached itself to legitimate
messages. That user called in with a problem emailing
James Ebright wrote:
SPF fails on ALOT of ISPs that use national pop accounts for
customers outside their own popsites (QUEST, GlobalPOPs,
Superheronetworks, etc)... 99.9% of those customers WILL fail SPF as
they are sending from an IP outside your range but using your domain
name (and by god
I just had a customer report that mail sent from MS Outlook clients
(Outlook 2000 I think) in Rich Text (RTF?) format, with attachments,
through a server I set up for them, arrives with no attachment.
Plaintext mail with attachments goes through just fine. The IT guy that
called me wasn't
Kevin A. McGrail wrote:
Rich Text Attachments (i.e. winmail.dat) are not readable on email
clients other than Outlook (at least to the average user).
See MANY webpages about it, notably
http://support.microsoft.com/kb/197066/EN-US/
Ah, that sounds like a likely culprit.
Good, it isn't
Paul Murphy wrote:
No, it is not a good idea to do it here. The correct places are in
the local aliases file, or in virtusertable within Sendmail.
Only if you're not redirecting based on the results of MIMEDefang
processing. I have a system set up for domain hosting that redirects
anything
James Ebright wrote:
If it is always going to be [EMAIL PROTECTED] then you could
easily write a generic rule to do this, probably in filter_end since
you want to divert based on spamassassin results I assume.
The you simply make sure sendmail has an alias or virtuser or real
user for [EMAIL
Gary Funck wrote:
Hmm, first I've heard that there might be probs. building rpm's as
root. What are they?
The biggest one is that the build/install part of building the package
will accidentally overwrite real system files. This is a Very Bad
Thing, and can *really* screw things up if you're
Mark Penkower wrote:
Since Clamav 0.80 took it upon itself to detect and bounce
HTML.Phishing emails, my users are getting cc's with the message.
The notification to the sender (from defang) is cc'd to postmaster
and to the user.
In my filter, I want to turn off the cc'ing to the user. How
David F. Skoll wrote:
I have my virus handling set to discard viruses, and I didn't even
know about the phish signatures until today.
$ grep -i ,virus,.*phish /var/log/maillog*|wc -l
9
Cool! 9 phishing scams I never even knew were sent our way.
I'm a little more paranoid; I
Ben Kamen wrote:
I asked a while back and didn't see an answer... how often do people
like to reinit their bayes databases??
I haven't had to do so on the systems I administer regularly; I had to
wipe the DBs on a pair of servers at head office a couple of times until
we had the autolearn and
ron jon wrote:
I have a working setup (mimedefang-2.38 / SpamAssassin-2.60) running
You should upgrade SA to at least 2.64; there are a number of issues
including a known DoS attack. Check the SA changelog from 2.64 for the
full list.
on FreeBSD 5.2.1-RELEASE.
I recently tried to add a new
Jeff Rife wrote:
We're not an ISP, but I have found that dropping anything that scores
higher than 10 (using the standard SA 2.63 rulesets) gives us zero
false positives, and *nothing* that anybody could possibly want.
Don't count on it. I've seen far too many legit mail me info about
your
alan premselaar wrote:
I just recently installed a system with MD 2.45 and SA 3. and
while doing some testing to see if the network tests were running, I
determined that the -C option to spamassassin does not work as
expected.
the man pages are a little hazey about the description,
mimedefang wrote:
I'm running Mimedefang 2.28 and SpamAssassin 2.43
Ouch. I think there was a security fix in a more recent version of MD,
and SA2.4x is just plain outdated. Certainly there have been bugfixes
related to how virus scanners are called in more recent versions of MD.
under
David Va wrote:
1. how to blacklist and whitelist? I have added
whitelist_from and blacklist_from in sa-mimedefang.cf,
not local.cf, but it seems not taking effect after
saving and quit. Do I have to write in local.cf too?
2. I've downloaded a few sa rules and put them in
David F. Skoll wrote:
Off topic: I hate RPM!
Hah. Try making sense of Debian's dpkg packaging system sometime.
*crosses eyes* Oy vey. RPM is clear as glass by comparison.
Does anyone have a *good* document where
all this stuff is documented? Half the stuff in .spec files seems to
be
Jonathan Maliepaard wrote:
Can anyone please tell me how I can tell Mimedefang which local
domains to scan, rather than letting it do the lot?
It would be good if I could have some kind of selective filter that I
could configure to scan some domains for virus' and others for virus'
and SPAM
David F. Skoll wrote:
Don't edit mimedefang.pl. Just put these lines near the top of your
filter file:
$Features{'Virus:CLAMD'} = '/usr/sbin/clamd';
$ClamdSock = '/path/to/clamd/socket';
And make sure you enter the same pathname in your clamd.conf for the
socket - whatever you use.
I
Jason Granat wrote:
One thing I noticed. Small root messages get through fine. It looks
like it's only erroring on large messages. The culprit messages are
~17M. I know there was a place for setting max mail message size,
but I can't remember or find where. Can someone point me in the
Chris Cameron wrote:
Performance wise, would I be better off to run my AntiVirus through
MIMEDefang, or to just use two milters?
That depends on how MD is able to call your antivirus program- it seems
that most can only be called as a command-line program, so running the
provided milter will
Jim McCullars wrote:
That is the standard sendmail reply when a MTA does a command like
this:
RCPT TO:
Gahh.. Thought that was referring to the sender, not the recipient.
Must be time for a weekend.
-kgd
--
Sendmail administration is not black magic. There are legitimate
Michael Sims wrote:
Your log files are showing the envelope sender, which is not always
the same as the address in the From header. Read receipts (or
disposition notifications or whatever you want to call them) are sent
using a null () envelope sender for the same reason that delivery
status
Paul Heinlein wrote:
Ack. I got it exactly backwards. It should be
IF message originates on our subnets BUT NOT on a secondary mx
THEN DO NOT invoke spamassassin
Or, better put
IF message originates off our network OR on a secondary mx
THEN invoke spamassassin
I do something a
Mike Smith wrote:
Basically I want to stream
everything through that comes from a certain relay with no further
checking. I was thinking something like this
sub filter_relay {
my($ip, $name, $helo) = @_;
if($ip eq xxx.xx.xx.xx) {
return('ACCEPT_AND_NO_MORE_FILTERING',
Rob wrote:
I've found a simple fix - put the following in your
mimedefang-filter:
$ClamdSock = /var/run/clamav/clamd;
This is by no means default on all distros or even the same between
different packages for the same distro. IIRC the real default
location is in /tmp. :/
(Or was at one
[EMAIL PROTECTED] wrote:
Huh? How do you do that? I don't get a SpamAssassin score until
after the DATA phase, at which time it's too late to reject.
You're free to return something other than 250 OK after a DATA
segement.
However, it *is* a bit pointless because you've burned bandwidth to
Gerald wrote:
Situation: I have MD + Spamass setup on my domain and I want to allow
a friend to relay mail through my MD + SA setup. Friend wants spamass
status in the subject instead of how I like it in the headers. How do
I tell MD run spamass with x set of rules for domain_x and call SA
Royce Williams wrote:
Our customer base got hit today with a virus that slipped through
via some wily obfuscation that I hadn't seen before. What it does,
in a nutshell, is a base64-encoded .hta file that has VBScript in it
to convert a long string of hex into a binary, store it in your
91 matches
Mail list logo