Re: [Mimedefang] A rose by any other name... Renaming MIMEDefang. What's your idea for a name?
On Tue, 12 Nov 2019, Anne Bennett wrote: MIMEDefang needs a new name. Why? Hm, the name was considered obsolete way back, if I recall correctly, because it grew way above the original intend: to defang suspicious MIME parts. Maybe, with trademarks on the hand et al, it's time to move. From: From: Jobst Schmalenbach It obeserves/checks/looks at the Mime of mail messages and then deletes/cans/removes a dangerous part The MIMEDefang Milter can do much more: + Apply ACLs + Reroute messages + Add/delete recipients + Change senders + Manipulate messages + Log messages + Archive messages + Sign/encrypt/verify messages + ... Several other milters focus on Virus, SPAM, Malware and the like only. From: Richard Laager PerlMilter would clarify exactly what it does, but might be too generic. Yeah. I like it. GenericPerlMilter AllYouCanThinkOfMilter :-) = ClamMilter - a Perl based Milter to scan and manipulate messages In reference to ClamAV as pointed out by Bill. Does anybody know, if ClamAV (now owned by Cisco, IMHO) is an acronym, well AV == Anti Virus, but the "Clam" part? SquidMilter - ... Squid, any of more than 300 species of 10-armed cephalopods classified within the order Teuthoidea [Britannica] ... the squid has its tentacles everywhere. Might be a reference to the Squid web proxy/cache as well. PenguinMilter - ... PengiMilter - ... In reference to the past of it GeneralPurposeMilter (abbr. GPMilter) - ... all you can think of you can do with *the* General Purpose Milter -- Cheers, Steffen Kaiser___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] KAM for MIMEDefang Leadership Role
On Mon, 21 Oct 2019, Kevin A. McGrail wrote: Hi MimeDefangers, My name is Kevin A. McGrail. I've been a long-time user of MIMEDefang and I'd like to put myself forward to take the mantle of leadership from DFS now that she has moved on to other work. I don't envision it will be as amazing as under Dianne's leadership but I look to continue maintaining MD for the public good. I've been a PMC Member/Developer/VP & Release Manager of Apache SpamAssassin as well as serving as an executive officer at the ASF. I'm good at administrivia and foundational work so I would work to make sure the project has a home. I would likely work on that first while also cool, that someone "good at administrivia and foundational work" is willing to spend time for MIMEDefang is good news. working on any backlog of submitted patches. Although the prime time of sendmail seems fading and MIMEDefang with it, how about to revive the community driven Snippets section as well. Kind regards, -- Steffen Kaiser___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: Quoted text detection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 27 Jun 2018, Amit Gupta wrote: In my mimedefang-filter, I'm trying to segment quoted text from an original email I realize this question is more to do with actual email processing, but is there any trick within MD, MIME Tools or another library that can help me out? I realize there is no 100% I don't think, that there is some "trick" or module you can use. MIMEDefang splits up the MIME parts and you have the part as entity in filter (). From there on, you are on your own, I guess. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWzskkVL0rwz758OzAQJr/gf6AlIz2g5RvJerd+pCXNCNATsDqUePPALf Nw7mZ/pfaMsSmW667/htSQ7/LRsU7HeuIxvAxupg/OflRdYZo6D+m8tPMAlS4ZLt E8QjzPYgjaze0ipyMxZs8lKnf+xbFTjbmQfUiQaAq82daPMCFsrhw1GGRQjYaKa/ 2q11wWpsstEMosfhbtoRvRZh9bLRMasXhF9oDdImQuakljZ9zefb/u4A9QfnWIUV iMmPdbN8PO+SHWz85j7MUU9+jSDb3Gr4drG7GIqZ9UvXQm2S6yymA8NyRAHMpCPQ uYbNps3/1SGsHCcc7TU/Xv2zf+SR9uehAQiPoEVuxQv8B4rs08cteA== =2pEF -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] cpanel whm centos 6.9 flag on header keywords?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 9 Jan 2018, Kris Deugau wrote: Chip wrote: Newbie excited to use the features of mimedefang for a new project that needs to flag inbound email for sorting into folders (this can be done via cpanel-level filtering) based on keywords in headers. MIMEDefang would be a powerful point of access, but it's not very user-accessible when you need to make changes. Mail sorting is IMO best done purely on delivery with procmail, sieve, or some other similar system that runs on per-user final delivery. if this is correct: https://documentation.cpanel.net/display/68Docs/Forwarders you could forward to a program, such as procmail. You'll find several hits about cpanel and procmail. However, as Dianne pointed out, you could set a tagging system in front of your sever and configure cpanel's rudimentary filter with tags in hidden headers. I would not change the subject, esp. because you've mentioned DKIM. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWlW0elL0rwz758OzAQIVbQgAsKnWHg8NcBEmPnSGKHFV55fn7yIYtjtc d8WiR1J49H/WLg9Y19sXvi+0/weJMZ+cO7VJ5gHK42JwN2XLsiEA9LQ1bjvmm44q 7yNuME8L5LljtsGKeXZcNZ/3Aei7iQMWN/EUjBjXdsTnbM1Tl/3ZnDrDdUT2vGZp NLTuYyN+sJh0W5oJSajTipdcsAbjnhDTDY0OAPFJbupj+CXTl69HFSiIkLai0T2E uRXuxPbS+zue+cPEcLBn6HYF7f+RQapbRR1l5zENWly3mpuy3tn60UVuHWKxfOkm MBmztlHzsGPqrzda5J2W4OMx0TXwvNj8bGVodBW3diVazRZwXD6NpQ== =MPF/ -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] suspicious characters
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 5 Oct 2017, Michael Fox wrote: I'm trying to understand what triggers the setting of $SuspiciousCharsInHeaders and $SuspiciousCharsInBody? All I can find are circular definitions that vaguely mention possible exploits. But no specifics are given. Before I use either of these, I'd like to understand better what constitutes "suspicious" in both cases. suspicious := If header or body has a \r without \n If the body has an embedded \0 Do you bounce every message that for which $SuspiciousCharsInHeaders is true? Yep, but haven't triggered long time now. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWdXwI1GgR0+MU/4GAQKoEAgAqPr5WQ4e0I+KpsUvIUQ7J5Zi7+IuUkcu JysdONlSL93FagfeP92+JlU+UE6aeGM9a/Lz2/fS4FRtYV1YUoQlcPuFSOxliyI5 grC9qW2ub8P8ZksHHWPJdALB385fhgsltFGKCiwDC18aQXzB7dO/AjTJyXzGS4lq UKklpD5GUehjUhWi2811Br/3JkFbRsNkt1C818m21RTF3OWTIoq9n4Myh2HLi29n C6veIk/IqM8YA6ufGjFFOjalaztqFPTES6TpUWTMh0dch/WJiLQzqjQJWziBIFqo a/U5RQRb91od4B7BIxlyDYfaPZw5+b+2iO4ywjzBQr4QKvwSB5kvSw== =HHoI -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] base64 to text
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 26 Sep 2017, Kees Theunissen wrote: On Mon, 25 Sep 2017, Dianne Skoll wrote: On Mon, 25 Sep 2017 10:46:01 -0700 "Michael Fox" <n...@mefox.org> wrote: I'd like to be able to deliver HTML and Base64 messages to those clients. Honestly, I would de-MIME the whole message, re-format it and replace the entire message with the new one. You can do it by throwing away non-text/plain parts where a text/plain part exists. Be careful with that. In an ideal world "multipart/alternative" MIME parts would supply differently formatted versions of the same message. But I have seen way too much messages where the plain text version is only used to inform me that my mail client doesn't support html-mail. Yes, I can confirm this with messages from several senders, even those operating in the name of large firms (Microsoft, ...) - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWcn8HVGgR0+MU/4GAQJNjwf+J2QbWmci1OxQ4UZZGLsU8QEfLywk1Vw4 2htMw95o8x/PzIj5Gzl4ocf1p+XXe92QgK9/MOZpPqnKIjFVhYJgC5ks/upwZoqM Nb3Omik8+00xEexbyeJ6JtrW7SN8w8kche0Xp9u3kFyI/3O7D4IlJ2wEPbRHPipU hMtPC5oUOP5pPiGH4flf5v1oPuhiYFph0ptxe3DiJgvSVEv6NJ8o5VfaZdZFviCM ev94+CwpGjhdFZTGpqMAMJpQEGNdEONZW4NYuAhYmMU/DFtpSFjT/Bc3rPvXVORW COHeExZ+xdt6NhTNh9aMZd0cOvZ+vw5vaP/qsID/NK1dYzTenkQkGQ== =TGGD -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Delaying 2xx as long as possible with stream_by_xyz()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 31 Jan 2017, Steffen Kaiser wrote: On Mon, 30 Jan 2017, Kevin A. McGrail wrote: I think I need to play with this more. Then I can more definitely say what happens under xyz cases. I'm pretty sure there had been suggestions like this - probably without stream_by_*() because of the flag Dianne mentioned - in the past. However I cannot find it in my archive, maybe this one: http://mimedefang.roaringpenguin.narkive.com/IYvAt216/spam-with-more-than-one-recipient-reject-or-not a thread "Spam with more than one recipient - reject or not?" Michal Jankowski 2005-08-16 08:45:53 UTC there had been more, I guess. some wild idea: you could resend the message manually and collect all processings into a database; while the state of the resent messages is not satisfying hold the SMTP link open; if the client breaks the connect and retries, hold the connection. (DATA phase) Use some hash / ID derived from the message in order to identify it later, even if comes from different IPs and different HELOs. Record IP and HELO as well. If a message arrives in RCPT TO phase with a 2nd recipient, check if there is "pending" "held" message from this IP (range) and HELO and with both recipients. Now, do someting "cunning", because it might be possible that there are two or messages from that IP with more than one recipient. ;-) Either tempfail all-but-one, tempfail according that recorded status' and check if the message is the same. ... - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWJBFs1GgR0+MU/4GAQIX6wgAk0AN9EO3XQQRmhN2wRZWuXNSRpcK1TG8 mwWS0cTlb31JhCJN4dJedc2ippNGhYWrKcJnq//WBFeY5jzYk811PnY6O7UaSQBo yOxqtEjkT6xTWfozEhLydBO7RMZrflsTr5T7rPuuqrsfSuOMYnCwVi9efaM2CgIO Tqdjx8XMEIHGez3je1LXzSpSCHM45pP1PFxK1Ko/Y0xgdOV5/TjQxyJlBQG/iSh+ eql/xuocz7RN90OM0cYeMgBYqc7ZcZhli/z/WyWM4462qrlgt8UqwJPeP4HVGnwB Hht8Ly+tLTmu7aXpoIl+gBvnBjFc4y+imYmfS9Aw/tHZ4OBM0S32fg== =DHSC -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Delaying 2xx as long as possible with stream_by_xyz()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 30 Jan 2017, Kevin A. McGrail wrote: I think I need to play with this more. Then I can more definitely say what happens under xyz cases. I'm pretty sure there had been suggestions like this - probably without stream_by_*() because of the flag Dianne mentioned - in the past. However I cannot find it in my archive, maybe this one: http://mimedefang.roaringpenguin.narkive.com/IYvAt216/spam-with-more-than-one-recipient-reject-or-not a thread "Spam with more than one recipient - reject or not?" Michal Jankowski 2005-08-16 08:45:53 UTC there had been more, I guess. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWJA7LFGgR0+MU/4GAQIMewf/fPfEhm7V/iDj6tCrrvgevRGn5UTPJR7Z zT93Yf2N78tR0ekfGqHSTe4IV9n7ejhjpWXAvC3DlBcCGmCmqi0OzvStmfX99Q6y BczeQuRshQZ18DJ2IGOVvPqS6EOIUu+iPXvHLN+i9MNrisWxH7txWhswLdYCL7Hw sIK9grCQzXjS60VHCDoZPaCuDkgPPNJnHYOUuzqlvF6ek384miKeY9y+St6HlksO EOS9jdsdK5o1WJIuZ/C355XS8fSUF6tXTff5wi6lSejKLitCzfcTNt3luLpqQq8T kZG1h/XYPjReErSaHvWnXGobEKZfbRDtq8gkOw7bbeKU8KhyPFkoAA== =HugW -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Delaying 2xx as long as possible with stream_by_xyz()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 26 Jan 2017, Kevin A. McGrail wrote: If not, can we do interactive SMTP responses such as checking the helo values, then stream the messages to process it per domain or per recipient? I can't find it documented, but I seem to remember that once you stream the messages per domain or per recipient, that you've given a 2xx DSN and closed the session. So if you then later find you want to decline, you have to generate a bounce. Any pointers appreciated especially if this is a milter limitation or an MD framework limitation that I can figure out a way around! "If users are in different domains, stream_by_domain() resends the message (once to each domain) and returns 1 For example, if the original recipients are j...@abc.net, j...@xyz.net and s...@abc.net, the original message is resent twice: One copy to j...@abc.net and s...@abc.net, and another copy to j...@xyz.net. Also, any subsequent scanning is canceled (filter() and filter_end() will not be called for the original message) and the message is silently discarded." It's the last sentence, IMHO. But you *can* delay, I think: sub filter_begin { if (stream_by_recipient()) { ### Here you can delay, but how would you get information about # the processing of resent messages? # # also, if the connection interrupts, the sender retries and # the message is processed another time, maybe resending it yet another # time return; } # Rest of filter_begin } - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWIsHOlGgR0+MU/4GAQLCpwf/UH9zjUXEaIyTShl6vB02NQ2NsD/5q1+0 dVh/xVLVog6Y0B4vG7G7n+PoGcHyJQ11wNueEMecswZT0n6hvHdI01DJ0N7luanB avPwYS4J6yzlBwRrJqNFSDnOCOqSC/I1EPlm43vC0AhJ6SMxBN5982I4E0IZka4B Ejd244bQj2QneOsIpw93aIO2AgtI5Ndp1eZA+CGDjjCrtPHJwbZcC+Qlf5LcJwcn MafqjoNi2Q2CTLXMdVWcbkrqSRsR2D3dtdL6tq7gB8jByV4hQ3X3j1dPNBYXwN7N AcFA/HRVpcs6WOpkoD3PLbnSNNv7m7cbIq923flsEyBdf01XiIuuSQ== =wXn/ -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Delaying 2xx as long as possible with stream_by_xyz()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 27 Jan 2017, Steffen Kaiser wrote: On Thu, 26 Jan 2017, Kevin A. McGrail wrote: If not, can we do interactive SMTP responses such as checking the helo values, then stream the messages to process it per domain or per recipient? Um, what do you mean with "interactive SMTP responses such as checking the helo values" I just forgot to point out the obvious: Which state you are returning to the sender, if your streamed messages return different status'? E.g. it could sent to recipient one, but not two and recipient three tempfailed. Maybe ... I can't find it documented, but I seem to remember that once you stream the messages per domain or per recipient, that you've given a 2xx DSN and closed the session. So if you then later find you want to decline, you have to generate a bounce. Any pointers appreciated especially if this is a milter limitation or an MD framework limitation that I can figure out a way around! "If users are in different domains, stream_by_domain() resends the message (once to each domain) and returns 1 For example, if the original recipients are j...@abc.net, j...@xyz.net and s...@abc.net, the original message is resent twice: One copy to j...@abc.net and s...@abc.net, and another copy to j...@xyz.net. Also, any subsequent scanning is canceled (filter() and filter_end() will not be called for the original message) and the message is silently discarded." It's the last sentence, IMHO. But you *can* delay, I think: sub filter_begin { if (stream_by_recipient()) { ### Here you: 1) register the message in order to identify it later again 2) TEMPFAIL the message 3) your streamed messages somehow register their status with 1) within their own MIMEDefang sessions / processing When the message is resent (maybe the list of recipients is different now), you check with the status and TEMPFAIL the message until you can make a decission. return; } # Rest of filter_begin } - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWIsJ7VGgR0+MU/4GAQLAlgf/e/sDPQvNn8T7IzethW9Cg4yZLQ8ebkR0 H28JPIzY2oAZxHc9sOwTk5l+VzV+EedZ1hmGw0Cc0KYjAiozndR3qfhHJhc3Rt06 NKI9hd+XhIo/QKxW1HAc35tpdlJWvGUR4T0PMLHUNCE1s+iPNKKDCa7APua0YtEd fa1EeCqiWaBZQGaWnHi/w3dCeJ8n9AHGYyaNs7Rn5VVBpmeMk6+7Ln3Hfa/Bo/uv 3Cj2u0WLX+fxR7twsIhPrVcFMYMD5Uy3QAfv4Dk+BvV8/REtyNeI/87sfKkCaxJw c6o6oX7YQ2ntSmA+M75ffnZv9pUnpftYYS0HZOjKLKUjoObOSx7O6g== =BpRu -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] strip down mimedefang-filter to sub filter_recipient for md_check_against_smtp_server checks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 10 Oct 2016, Marcus Schopen wrote: Am Freitag, den 07.10.2016, 14:49 +0200 schrieb Marcus Schopen: I'd like to start a second mimedefang instance, which is called before milter-greylist. This mimedefang should only check if recipients on internal hosts exist, so incoming emails for non existing recipients don't run into milter-greylist. I striped down the mimedefang-filter example to "sub filter_recipient" where I run some "md_check_against_smtp_server"-checks against internals host and removed all other subs (= filter_bad_filename, filter_begin, filter, filter_multipart, defang_warning, filter_end). Seems to work, but anything wrong about this? I had been running two instances of mimeedefang on the same server for a different purpose for sevaral years without problems. I wanted to reserve some slots of the filter for specific IP address ranges. I've started a second mimedefang instance, which mimedefang-filter is striped down to sub filter_recipient for md_check_against_smtp_server (nothing more). This works fine, but it's a complete second mimedefang with own spooldir, socket, pids just for recipient checking. Today read about SOCKETMAP option, what I didn't unterstand fully. Is there a way to call the same mimedefang by different socket names, but same socket and then check inside mimedefang by which socketname it is SocketMap is a feature of sendmail to query a "key" not from hash maps or DNS or something like that, but via a socket. So no, you cannot call the same mimedefang infrastucture via two sockets and differ between the origins in the filter. Maybe you can offer a patch to roaringpenguin.com. You would start at mimedefang.c to get two sockets and extend the protocol to pass the socket forth. Or, think about adding a second socket to the multiplexor, then you would have two mimedefang interceptors, but just one multiplexor - scanner pair. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBV/yKT1GgR0+MU/4GAQItyAf/bbLu4Bz8EEns6gvs0EET/S6rVc201Leq 9UV8Ytx2IqBdGu1p/0RI8SAS4asz04NbKnHhllOkFd5EJ/2ELw/1Rb3b7tSWI2kk 1jHfUwqlB8+3pUrJVOmf5vGzZeDOlk6ZpGuK/ADPkwVn9vHbFx3q5PSYzWp8oUSK SQ8HX2dkl2fGeceUDMUDxqs8WyPoRh3xWbrD8gSQf6nEez1dbM9kvJLyaAzi0z3R snwRr49BGi5clWv/Hvz9rSJ3zb+IPFI6qBc3nWik44aX+vHFw+3WwNmOlG9/rg86 nwTjPr1iaZ6O6wub/I6Jzmz8CvNn/OcB3LYRAEbxHa5Gl+vNYnDSmA== =FveB -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Poll: Who uses the "filter_tick" and "map" functionality of MIMEDefang? (-X and -N options to mimedefang-multiplexor)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 27 Apr 2016, Dianne Skoll wrote: I'm looking at stripping out unused features from MIMEDefang. 1) Does anyone use the "-X n" feature that calls a function called filter_tick every "n" seconds? If not... I'd like to nuke. No, I dont'. 2) Does anyone use the "-N map_sock" feature that provides a SOCKETMAP to Sendmail 8.13+? If not... again, I'd like to nuke. I did once 2007, but I had a problem returning results more than 1KB, that is especially when sendmail queries the everyone-alias. Therefore I use a selfmade server now. However, it would be nice to re-integrate it back to mimedefang in order to benefit from the multiplexor, the worker management a.s.o. Kind regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVyG1+lGgR0+MU/4GAQKiSwf+Ivye/Z7gGiV+PEfwsSUCYuhfXbOCnJBa kqeCECHrE/UJtsCEmc+Dl5rt9fAg1onWJS4XfYmmbWp3+zOitWeyEMmmf8Srw2Ro 38eRGKdzztgkGaLmPxJbQIPrx5Vg1fYZFC1IJZ9BfaNDMDxXum1xcN8FykhTtdtO a59QjCciYryiiqRmLBet49i4VCP3W+ZXs7bya3e56bOT2AlxHzOi4LTMgoYquFxN t8PTe7wVluWQ44qEK21kFPPzAM4+TEHvSDTGNNQgYoUZD4XYx9qcXXeuuT3jHvY8 1Q0/+CDMXNywNiatGkS1CPX3Jr77c9nB3KihfZtkAaaO2Mz1AqVvOQ== =t64e -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] documentation bug/omission for newbies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 19 Apr 2016, starlight.201...@binnacle.cx wrote: At 02:58 4/19/2016 -0400, Steffen Kaiser skmimedef...@smail.inf.fh-bonn-rhein-sieg.de wrote: On Mon, 18 Apr 2016, starlight.2016q2 at binnacle.cx wrote: I just spent a day butting my head against the fact that filter_begin() is _always_ passed a multipart MIME message container that _never_ has a useable $entity->bodyhandle(). This is not mentioned *anywhere*. hmm, I would not rely on this assumption. I looked, and one positively for certain can rely on it: in mimedefang.pl version 2.78 at line 6008: it is not documented and therefore v2.79 might implement it totally different. lines different than the first attempt. So all I'm saying is that the "guaranteed multipart" state of That would stick all future versions of MIMEDefang to that decision. In fact, doing so would contradict the idea between filter_begin()/filter/filter_multipart(), IMHO. For normal cases, you need not to worry about the MIME structure of the message. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVxcd9lGgR0+MU/4GAQKmiQf+PqOb0Pgn+b70smJENiXFFvrTl0AmgQOC CWl284ibvFufaUrlLMXtUPh6oS6keQ8HkMcKdy6ve/otd/aoh6BAfdOxZNZH2Kwb ylP6ee3I4jlgyoXeKM1FkfQhSRVthHSO99khZi4ScstPF4zeI6AYH2y5ERjXTxd5 Ucp3FRKj2Kz+oSW/ewv/BVSAhsZhm+S/wbx43EVGE1i+Vv4FHW8Bq9Q8+QxPm8Jc 9FyRwzjMKEMqfoBwDXCbszhoGN+F++8s2BBnwzBB55VGaKGeddUYEbjhqrrYya+n OoDpgBYctO3xzNg1stpMfEU2hWeft7F0D0y72V7eQhcZhq4WK1f25A== =lC1j -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] documentation bug/omission for newbies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 18 Apr 2016, starlight.201...@binnacle.cx wrote: I just spent a day butting my head against the fact that filter_begin() is _always_ passed a multipart MIME message container that _never_ has a useable $entity->bodyhandle(). This is not mentioned *anywhere*. hmm, I would not rely on this assumption. I'm still having trouble seeing it--apologies. Spent most of an hour going through the presentation deck Saturday while writing the body regex scanner and did not find anything that addresses it. Just looked again searching the document for "body," "open," "text," "match" "regex," "regular," "expression," "getline" and "match" with no luck. Hmm, because MIMEDefang internally breaks up the message into parts anyway and feeds all parts to filter(), I would construct your code like so: filter_begin { $globalFlag = 0; } filter { if($globalFlag == 0) { # first plain part ever $globalFlag = 1; if($type =~ m!\Atext/!i) { scan that part if(condition) { $gloablFlag = 2; or drop/replace part right here and now } } } } filter_end { if($globalFlag == 2) { full message processing } } Of course, if you do no further processing, this looks like overhead. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVxXXD1GgR0+MU/4GAQIFDAf/RxavIbAicmLftDwvQ2HVlf3rMO+zk3ph 62OkDAVzeiSMDEFnqHytwd9NAy90G1RPiCx6FZpRZqkM1Me2We7+LdBUhi6UsvjD YRdCqJ4n1qLKQ48zqIY1jr1FgnwfkGTGh7cqbzSllORe9ONGXfKlszXs2VYeb9t8 5bsACDAyYcD+ZPPe0d+2CCHRMNiERRZK9JMOMQxfEmHZuykYdTDPFuO2sNZTVzec 94nDdt4lNRP3Sf6BGYO1S83ZWs7AFcBD4fB5p/M1JiuVGdPRM80BkMhpuPvBwZhY xuB7e2r2jyoLb5VV8zMisabIyPW++TcocXBgqQloNxCRQe6yOQOZlg== =65Va -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Word Macro warning in subject.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 12 Feb 2016, System Operations wrote: I made the changes to the sub contains_office_macros below, I hope that these changes are correct. Does the sub contains_office_macros need be called by sub filter_multipart only or does it need to be called by the sub filter as well? you want to test files only, hence, no need in filter_multipart, but filter only. Also, see this snippet from the man page: The heart of mimedefang-filter is the filter procedure. See the examples that came with MIMEDefang to learn to write a filter. The filter is called with the following arguments: $entity The MIME::Entity object. (See the MIME::tools Perl module documentation.) $fname The suggested attachment filename, or "" if none was supplied. $ext The file extension (all characters from the rightmost period to the end of the filename.) $type The MIME type (for example, "text/plain".) you should use $ext and $type to probe these strings, if you check the content, because MIMEDefang takes great care to populate sane values there. They replace the foreach loop. Also note, if the MIME type suggests "MS Office style document", the filename need not end in .doc/.xls/ . Many MUAs accept those parts as MSOffice doc, too. # These markers were documented at: # http://blog.rootshell.be/2015/01/08/searching-for-microsoft-office-files-containing-macro/ # as of 2015-01-15 # $entity is a MIME::Entity that's the parsed message my $marker1 = "\xd0\xcf\x11\xe0"; my $marker2 = "\x00\x41\x74\x74\x72\x69\x62\x75\x74\x00"; sub contains_office_macros { my ($entity) = @_; my @parts = $entity->parts(); if (scalar(@parts) > 0) { return 0; } my $is_msoffice_extension = 0; foreach my $attr_name (qw( Content-Disposition.filename Content-Type.name) ) { my $possible = $entity->head->mime_attr($attr_name); $possible = decode_mimewords($possible); if ($possible =~ /\.(doc|docx)$/i) { $is_msoffice_extension = 1; last; } } return 0 unless $is_msoffice_extension; return 0 unless defined($entity->bodyhandle) && defined($entity->bodyhandle->path); my $fp; if (!open($fp, '<:raw', $entity->bodyhandle->path)) { return 0; } my $contents; { local $/; $contents = <$fp>; close($fp); } if (index($contents, $marker1) > -1 && according your reference, marker1 must be on location == 0 (start of file) index($contents, $marker2) > -1) { return 1; } return 0; } ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVr2ZqFGgR0+MU/4GAQL8fAf8CbdC+jrh7Kf+6BdTmVm8+r2h7twgYzwm KzYu8RM4RQsHiViaYJIP2/IMs8ur2qJik4f6FYs7IrcZ3uFuYwXpT8ySbYJlEIMC Rz0m8mMmMPdtv8n2mAfZmgJc4mGf1QO6zqiJFEEMo/5iXlFo9auDhxsCJ09aR0X+ NJ8udQa3IXfpTTEZBvuuV2otmAyzozSH9kXUWqPuS7uAumuIlbaVpzbRUdwAk8Kz 4U9VzRM0pPTY8cKqo6J41/SBga08+3lxj5FW+Nj1SSMh3sVSCe0ZNNVSt9gsVJb7 6LS/c6xE3EQm7q9pPazV8HcDeswP7h2unqwwNt+GBO50ocPDT3H/Lg== =88Uy -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Word Macro warning in subject.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 9 Feb 2016, System Operations wrote: Hmm, do you use SpamAssassin. I thought one could add search strings to ClamAV as well, but cannot find any pointers in the internet. Slave 1 stderr: Can't call method "parts" on an undefined value at /etc/mail/mimedefang-filter There is no line number? sub filter { my($entity, $fname, $ext, $type) = @_; return if message_rejected(); # Avoid unnecessary work if (contains_office_macros) { ^^ missing ($entity) like many procedural languages you need to pass argumenents in ()'s action_notify_administrator("An attachment of type $type, sent by $Sender for $Recip named $fname contains macros.\n"); my $subject = $entity->head->get('Subject',0); action_change_header('Subject', "[Warning Attachment $fname contains macros (possible virus):] $Subject"); } return action_accept(); } sub filter_multipart { my($entity, $fname, $ext, $type) = @_; return if message_rejected(); # Avoid unnecessary work if (contains_office_macros) { action_notify_administrator("An attachment of type $type, sent by $Sender for $Recip named $fname contains macros.\n"); my $subject = $entity->head->get('Subject',0); action_change_header('Subject', "[Warning Attachment $fname contains macros (possible virus):] $Subject"); } return action_accept(); } == # These markers were documented at: #http://blog.rootshell.be/2015/01/08/searching-for-microsoft-office-files-containing-macro/ # as of 2015-01-15 # $entity is a MIME::Entity that's the parsed message my $marker1 = "\xd0\xcf\x11\xe0"; my $marker2 = "\x00\x41\x74\x74\x72\x69\x62\x75\x74\x00"; sub contains_office_macros { my ($self, $entity) = @_; ^^ remove $self, there is just one argument, also remove any $self-> from the code below. my @parts = $entity->parts(); if (scalar(@parts) > 0) { foreach my $part (@parts) { if ($self->contains_office_macros($part)) { return 1; } } return 0; } my $is_msoffice_extension = 0; foreach my $attr_name (qw( Content-Disposition.filename Content-Type.name) ) { my $possible = $entity->head->mime_attr($attr_name); $possible = decode_mimewords($possible); if ($possible =~ /\.(doc|docx)$/i) { $is_msoffice_extension = 1; last; } } return 0 unless $is_msoffice_extension; return 0 unless defined($entity->bodyhandle) && defined($entity->bodyhandle->path); my $fp; if (!open($fp, '<:raw', $entity->bodyhandle->path)) { return 0; } my $contents; { local $/; $contents = <$fp>; close($fp); } this code pulls the whole part into memory. if (index($contents, $marker1) > -1 && index($contents, $marker2) > -1) { return 1; } return 0; } - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVrxL0lGgR0+MU/4GAQJsGggAjsFY1BY0d7I8d8DWOhxYOzUMKH267Wdz d4rAmWFKYenM8ucDBFAxS1cqh+t30jdn+bz5EyEW31tHqDLyzLOHOGCsfOBis4Vr uUTfQ08Tl80eQCbK97hlUN8C1FvJf9ONJZf2wcBKy+T7hrQ+7zjUqaZhnpDHLZba 79A/M9iXll5PLcQJPSV6YgL3lDOfYzuIlP7V6Iq8dyFVzdoqlxjkuww6SjPBHpA9 /sfeMSbYsCPGWu+LxSMeieAUF3UbaOIpSe/cgMutJEPle7XPV9THX8oMcDQucazo AaEhxArOEDgTAmR/A1ZNaeKehZwlMWYMS13bGb6ntjvhcEUWVs1gTg== =36Gx -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Permissions on /varspool/MIMEDefang
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 11 Feb 2016, Bill Maidment wrote: -Original message- From:Richard Laager <rlaa...@wiktel.com> Sent: Thursday 11th February 2016 18:22 To: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Permissions on /varspool/MIMEDefang On 02/10/2016 11:01 PM, Bill Maidment wrote: Hi After your most recent release I have had problems with the permissions on /var/spool/MIMEDefang being reset to 0750 after a reboot. I need the permission to be 0770 to allow for clamd scanner to use the directory. I eventually discovered this line in /usr/lib/tmpfiles.d/mimedefang.conf z /var/spool/MD-Quarantine 0750 defang defang - - `grep -r tmpfiles.d mimedefang-2.78` returns nothing for me. Are you sure this isn't coming from your distro's package of MIMEDefang? It may be coming from EPEL (the packager), but the file is mimedefang.conf not mimedefang-2.78 Also, /var/spool/MIMEDefang and /var/spool/MD-Quarantine aren't the same thing. I meant /var/spool/MIMEDefang And in any event, why would clamd need to write to /var/spool/MIMEDefang? It's where clamd@scan wants to store the clamd.sock when communicating with mimedefang. File a bug with RedHat or where your repo is located, the socket should be located somewhere else. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVryPu1GgR0+MU/4GAQJiWQf/aKkX5nYTw4qglxyWTbua1jXVHWIUmuON 67nS9WZcNp6BWnpW6+fGA9uipg+ZqITnpGqTFHMZONCisKFi655anZjPeSPw7xPh BiA8G8KDEzPM6VsEeUgjcMAFuO8b1AnoUtyE5Z4j6R/DaXxpgi2zjN4OQ2+ABD4A 1bbyumrg8A+Q7BImpUTwB4VsYaMHw6DMOmdmZE3gypAOFWjkW862weZQWMxO0cyJ A5H8B+stTYdtRsUPWR1dGfqLulF80WGWMYiVqyunvG648VFzne7zosiyl3I0k5tW MGpcjFF2mg7Xq3r5FKH7y/W9uEmeMOWW0f5uzskPyuqJVByViiOOyg== =avNA -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Installed FPScan and it's just hanging and then timing out.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 4 Feb 2016, mimedef...@bass-speaker.com wrote: F-PROT Antivirus for Linux Workstations - 1 user #9Corporate UseSubscription is there a fpscand executable shipped with? That's the demon and is more performant, however, you might run in access permissions problems, if it does not run as root or, if used with MimeDefang only, as the Defang user. my($lclscannertwocode, $lclscannertwocategory, $lclscannertwoaction) = message_contains_virus_fpscan(); then mimedefang does indeed start the virus scanner, but it just seems to hang for about 10mins and then times out I guess here is the result from ps -ef for the scan defang 23812 22632 0 20:11 ?00:00:00 /usr/local/bin/fpscan --report --archive=5 --scanlevel=4 --heurlevel=3 ./Work First(ly), I would try to patch mimedefang.pl in sub message_contains_virus_fpscan () to include "--nospin progress bar and And if the problem persists prefix the while command with "strace -f -o /tmp/strace.fp.$$ " or similiar for your system. So you could see at which point the problem comes up and which syscall it is. Maybe add one of -r, -t, -tt, -ttt and/or -T near -f. root@mailserver01a:/var/spool/MIMEDefang/mdefang-u14KBLch023801# cat /proc/23812/stack [] pipe_wait+0x61/0xa0 does this mean, fpscan is blocked on write? Maybe --nospin helps here. This is now beyond my scope I think, I tried this : That's the test.pl, right? Try to run it without an terminal attached, e.g. nohup perl test.pl & wait Use the same shell (sh, bash, tcsh, dash, ...) that starts the MIMEDefang demon. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVrRFfVGgR0+MU/4GAQKezggAq6b8dspxrK9n2cJc3Yr0tk0HBa0saCP0 PJM4l2yoMLz3V10oKOOoCcOabWMBDfjl6gIteISCUdYRE4lpOKa5pFRBwyCaFpAU Pl700fkGqwfVDW7VKsjs6RsknBlGac2qLDKoFawMLEcO9tALlAUXMnLMCXeSrlOp 7QIoQJOEfcXKW46coYpubMwrySLMXHi/nbcGZ7CqliCLb2OIbkWQZ3vkfIrCWrZE mMK7BMiEU+Q+LmgnYt4eVk9EabL2ug5EyxqgODYMK3QVtznEcaVR0p0fnwNc1Q2X H+wg5sSX0UxZeMuOgGcGv3WTTA/U0wNp+nIjv85lxsKL0l4n2OIm6A== =hSFV -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Embedded Perl (continued)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 22 Sep 2015, Amit Gupta wrote: My situation is that the number of mimedefang.pl processes jumps to about 70 during peak loads (we are processing a couple hundres messages per minute on average). Our filter file is in need of some optimizations(since each mimedefang.pl is taking about 125mb of ^^^ resident memory), but I'm wondering if using embedded perl will help in this situation. I see you mentioned using embedded perl prevents forking entire processes.. So does this mean each request is handled by a thread within the main process instead? So would my RAM requirements be reduced drastically? Read Dianne's response about the garbage collector. Unless the script use very view different values of your loaded data or use weak references, you will not notice any reduction in long run. I had SpamAssassin rules allocating about 100MB, the forked children only shared the C libraries after some time. That's a problem of Perl's way to handle rereferences to data. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVgFwzFGgR0+MU/4GAQJ5gQf7B/MqyaeU97R22AxFCsT2+/se7Aqy8yFK oMcjXfsyIKG0sUVLbR5fGNALHtw/jpxDFiiikm2z7QzFIhingTUS04/zAwjuqVF2 LhvQ/RgZeGUyq8MHDd4z6sFLH8znbOINpnoIJBhrrE0ewq77gONwi8XRU+F/382z VW3a0k8t9A2QRLqa2JgE1lsVF+mRM/R7/YCASf2CazscwdUtgd0bFUDbzYhGZvO3 Xm1hajxMjdm+xCMBN5WxsjO/iQ1Q9XF083oQy8A/1GGXJR9R91psU4q+Bsu7V5N8 LFLHKGLZayCms1Eh4qshEPtUJde8AX1CicVvr0u3q6DivQHTeQ08Zw== =yqjd -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] right value for MX_MAXIMUM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 24 Jun 2015, Muthu N.C wrote: I am having the system with sendmail, mimedefang and spamassassin. Mimedefang is running with the below options. -m 2 -x 80 -y 0 -U defang -b 300 -l MX_MINIMUM=2 MX_MAXIMUM=80 #MX_QUEUE_SIZE=10 that means queueing is off. In a day I am getting the below error multiple times. By looking at the md-mx-ctrl rawstats, all the 80 slaves are busy at that time. We are receiving around 500 e-mails in a minute. that are 6.25 messages per slave per minute. mimedefang-multiplexor[2500]: No free slaves mimedefang[2517]: t5O6odRs007105: Error from multiplexor: error: No free slaves How much slaves should be set for this workload? Set as much as your server can handle in parallel. That's the whole point. If you handle 300 messages in parallel and the server (esp. spamassassin) starts swapping, you gain nothing. Also, each message is copied into your mimedefang spool directory in a working directory. You need about twice the size of the maximum message size per message. In order to be bullet proof, you would require 80 * 2 * max message size in your temp space. Would increasing the MX_QUEUE_SIZE help, how much I can increase? Re-read the man page: + incoming connections are queued up (if no free slave exists, yet) + if one slave becomes free, the next connection from the queue is immediately fed to it This will smooth peaks of incoming messages a bit, by delaying the processing of later ones, instead of drop the connection right away. This also means, that the number of open connections to sendmail and the number of sendmail processes increases, because their connection is held open. So, yes, enabling this option might help you. Any other suggestions to overcome this issue? Lower the processing time. :-) If you have peaks of incoming messages, you will see this error now and then anyway. Do you often get mass mails for your users? I had such problem with a sibling MTA sending personalized mass mails (one message per recipient) in parallel with no limit at all. All available slots of Mimedefang where taken up and no other sender got a chance to drop a message. I have therefore limited the number of simultaneous connections per client in sendmail. Since the sender's admin limited the number of outgoing connections to 1, their mass messages are deliviered quicklier then before. I read that the e-mails sent during this time would be retried by the other MTA automatically, but I am seeing it as lost. ? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVYqqqlGgR0+MU/4GAQI9Iwf8DstrvdfVrW9W9ahYtJfsp14qE+d4nFIG Y77U0ktvALaKYZEx1TatJee7L6bMRWea6XfFmic+fi+43TclbRakvJ+SAHwXNP79 eeUPoLWscSeOy2JscSzGzY6nOoGeTsPm+eJf1S4VLpYp6NddTZxna0Rv2N4E5vOE EDP4fg+Y0FJzGHQfiibcne+EFzAkaMZKE7yacr192pzBEFK0gmQleOKrD77AJgXO 78WvS5yW+Jff+2HexUJUXPkD42H7YDy3NqnELgnY2q4oSk2rJJ+Fttr5KINRi/kT T3+jWrAQEjm1hCKI2J8koK3z69wbXQHcWmHRM7mab5QLZS9vuikQsg== =dN3C -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Wide character in print at /usr/bin/mimedefang.pl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 11 Mar 2015, vi...@openmailbox.org wrote: On 2015-03-10 20:20, vi...@openmailbox.org wrote: Hi, I noticed that a decade ago some users detected Wide character in print messages in their mimedefang logs. It was supposedly fixed by adding export LC_ALL=C in the mimedefang init script. (perl unicode issue) However, my Linux distro (Gentoo) runs the following in the mimedefang init script: LC_ALL=C export LC_ALL but I'm occasionally getting the Wide character in print messages. I'm running v 2.75 and Perl 5.18.2. Any ideas? Hi again, Just wanted to add that I modified /usr/bin/mimedefang.pl for debugging purposes: /usr/bin/mimedefang.pl: sub action_notify_sender ($) { [...] if (open(FILE, NOTIFICATION)) { --md_syslog('err', action_notify_sender print FILE $msg); [...] If I check the logs, this is what I get (basically I have a custom filter which calls action_notify_sender with the name of each attached file): action_notify_sender print FILE ComposicioÌ..pdf So mimedefang and perl are choking on non-ASCII characters with Wide character in print messages. Unfortunately the consequence of all this is that some e-mail messages aren't processed and are kept in the queue and not sent: Mar 11 18:19:38 mail1 mimedefang-multiplexor[31444]: A0C4A326EB1: Slave 1 stderr: open body: Invalid argument at /usr/lib/perl5/vendor_perl/5.18.2/MIME/Entity.pm line 1878. Could you post your filter? Mar 11 18:19:38 mail1 mimedefang-multiplexor[31444]: Slave 1 died prematurely -- check your filter rules - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVQFCclGgR0+MU/4GAQKosgf5AeFs7xmr9Q8q4Yi+gN9rxj4Z+nyWQvWE x7G/4hb2Xxwc5kwn/f20NiXJOItto+SaeaxYaxFBIKJmOClceOuhmQ0h3U7PKQXK fwtbYGFP6jegLdlZdSzsg2J3X20uyryiQJ2ltDEdx4jhKyKhfrNubv/HtL6Dkg+h 56bpvCmy8lbd0aAcbE9vwT0h8sOY2h4UEJDn6Uk/4X/VRosvw2sbyDrqi7KGWLX7 c8FrViabkpDq+Hd6O/hL3D6+DW2BxO1GVIaz4FaCBtORPAFEw2rAkMwh8iAO8LzD atWqWP8ZNlvNc3dILFuVOHjd+OQnWlTI5aG1pRxOgFYwt5DMu1T/Kw== =zWwY -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang-filter, string matching from a (big) data source?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 26 Feb 2015, Fredrik Pettai wrote: I want to make a “semi” dynamic rule that would tag emails that matches a list of strings, something like this: Transform the strings into a SpamAssassin config file and let do it that job. They found out that pattern matching takes lots of memory and CPU and therefore invented techniques to overcome those problems, e.g. by using pattern matching in C files. You can then probe for your tags. sub filter { my($entity, $fname, $ext, $type) = @_; return if message_rejected(); if ($Sender =~ XYZ { if ($Subject =~ [input from a list] ) { action_change_header('Subject', “[ADD CUSTOM TAG]$Subject); } else { my $io; if ($io = $entity-open(r)) { while (defined($_ = $io-getline)) { if ( [input from a list] ) { action_change_header('Subject', “[ADD CUSTOM TAG]$Subject); last; } } $io-close; } } } return action_accept(); } I wonder what the best solution would be to achieve this? Currently, the [input from a list] is a text file which holds a lot of strings, one per line, and is currently about 6000+ lines long... Is it a bad idea to open and read the text file from mimedefang-filter? Would it be better to generate a new version of mimedefang-filter with the content of the text file inline? Or should I consider something else? The text file is also updated, but not that frequently… - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVO8bO1GgR0+MU/4GAQJosQf/e1i0UGyl0lCSbbuZbEfe55fBedOPHHlZ Z4iGNcnRxiPnrirwpUlBXhTg3ofPr3sStBatWV+p0jJMUFgbEsnUF7LUYHauy4aA dLPPIyyQv0QYESmu+Z669g5qFBFknzXK37FVVywd4tl1t8ugeKUOAQRYFxAa5yh+ nDjP0oJ50OjvfgQMlu2I7o6zJbtMi5rSvmzvLHq82vCsTM+TQSMt17og3qEXvAiu jd6UE9CFwn60uLGccxkW4jHVp2K9wkzwrFKvdSIFH0Z8t8LEVpQb8LWQE+zIrIrX i2VU4yI6W2qNPF4eWJrPz/3Ca1p06ZHu7hXUx3fRNpGK8Ivt2S3Vsg== =EjHb -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quick question about Windows ISO encoding vs UTF-8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 17 Feb 2015, Albert E. Whale wrote: Since no on else was having a similar problem, I pointed out several references and we finally found that by changing the encoding of the message (using Outlook - or LookOut as I call it!) from Windows ISO to UTF-8 everything worked as expected. I did not see anything in Sendmail. Clamav, or Mimedefang which senses the encoding, so is this totally a Windows exercise in futility or what does this encoding format do? (besides break email delivery) You did not mention, _which_ encoding format you are referring to: MIME-Type, Content-Transfer-Encoding Content-Type. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVOQv3FGgR0+MU/4GAQI4hAf/QzVj6UbBTzeqex+uxHbgU9YELPDskJIO eT5lZu2XgBwg8//fX9xWuyAgjpTaZXS2sCBd/RG/7WySVNMOvxAbgkTwUy/H5agw 9VJtI6FD9LgShm9lDoQvK8A65Lkzn2GQ+RCogqgP5mditMomQgg+y3A77GV2G/f5 uk+JDTL0H2nM99lml5V2pShI0oOhAwVlJ1TmRkgY6K7n3YXO+XnanDNDQvlnBAoH QVFGNEUeVedM3qIPBLftDAYTF1kRUsr4WrHrnFNibXzNg34xjwjzYCXOZWrO+MdE 0oJjxyibiLXNxxo0e5Dldb1Vd00eOFhHf+5FTvRX6G1b71v6Zm2ZUw== =V456 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] differing spamassassin configs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 22 Jan 2015, John Nemeth wrote: I've started looking at scanning outbound mail for spam. This is to prevent being added to RBLs. As part of this, I would like to be able to call spamassassin with different settings. All outbound mail is either coming from the same system or authenticated users, so when scanning outbound mail I don't want any RBLs being consulted. However, I still want RBLs to be consulted for inbound mail. I've looked at mimedefang.pl and don't see any easy way to do this. The only obvious thing is to set $SASpamTester to undef before each call to spamassassin. I'm wondering if a destructor function should be called or if this would result in a memory leak. Does anybody have any other suggestions? Checkout the top of the mimedefang-filter # The next lines force SpamAssassin modules to be loaded and rules # to be compiled immediately. This may improve performance on busy # mail servers. Comment the lines out if you don't like them. if ($Features{SpamAssassin}) { spam_assassin_init()-compile_now(1) if defined(spam_assassin_init()); # If you want to use auto-whitelisting: # if (defined($SASpamTester)) { # use Mail::SpamAssassin::DBBasedAddrList; # my $awl = Mail::SpamAssassin::DBBasedAddrList-new(); # $SASpamTester-set_persistent_address_list_factory($awl) if defined($awl); # } } Do this once for one config, save the $SASpamTester in yet another global var, e.g. my_SA_inbound; undef $SASpamTester; do this for the second config and save $SASpamTester into, say, my_SA_outbound Now, before you scan, assign either my_SA_* to $SASpamTester. However, if you have a large ruleset, you load it twice into memory. Also look at $SALocalTestsOnly . - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVMJOgFGgR0+MU/4GAQJxLQf9GvPkwjotUVXmCDo5VZ3aLo/65hg6eUKc GZ0LETWOJoyYRICSByTzp9IQwqxnRER70XaiTbGm1l852NIx+tRBdAzp5xH5baPU XkgNMBMoQKO6qe8nfcIzscj1FNHXCjOdwpDxwS7FrGStyFtAuLsY8WLuIIDDxAL/ 3MITqiLv4YnXPuWxWuBIb8aH4zvaHZ7FRFC38YIdGFv1a9wJp03gSOyDK+x41P+X 2cYKBftTNPX64JQNCCvmrQT+QELocBEUjIJ7yxmdiEcuUJkhzfMSk0SH/+rnJGon vIuIHn50BuMD3lylR2kvrmcCwNUNTCTmvL9fP081MNEwC1JAwKwmoA== =2G+8 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 20 Jan 2015, Francis Cabrera wrote: May I request for a help on how to remove SpamAssassinReport.txt being always attached on my emails I am using axigen email systems. I already check mimedefang-filter. You should ask your axigen support - it's commercial after all. This snippet adds the report only, if the SPAM score is above the configured required minimum limit. # Spam checks if SpamAssassin is installed if ($Features{SpamAssassin}) { if (-s ./INPUTMSG 100*1024) { # Only scan messages smaller than 100kB. Larger messages # are extremely unlikely to be spam, and SpamAssassin is # dreadfully slow on very large messages. my($hits, $req, $names, $report) = spam_assassin_check(); my($score); if ($hits 40) { $score = * x int($hits); } else { $score = * x 40; } # We add a header which looks like this: # X-Spam-Score: 6.8 (**) NAME_OF_TEST,NAME_OF_TEST # The number of asterisks in parens is the integer part # of the spam score clamped to a maximum of 40. # MUA filters can easily be written to trigger on a # minimum number of asterisks... if ($hits = $req) { action_change_header(X-Spam-Score, $hits ($score) $names); md_graphdefang_log('spam', $hits, $RelayAddr); # If you find the SA report useful, add it, I guess... action_add_part($entity, text/plain, -suggest, $report\n, SpamAssassinReport.txt, inline); } else { # Delete any existing X-Spam-Score header? action_delete_header(X-Spam-Score); } } } - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVL4AkVGgR0+MU/4GAQJUzggAjtkoeiQjDqLtm6Pqkt1tLvW/NZ8qIqrO QbtMipon/uWmo3lnEQjLCkItkoZ/5j4LnIzUAPN0NJIeo9RK1YA/0MPStyrqWV1K 0/GhlTKQ0sDmGc10q/OrOkBloUx5VNb8rv4Rm6xHfxzHjlKgI5BGgn8jRK0Z8Nnv LGLDnTaBK/jTT6dDBzYGJElB2WFidks2o4UGmGywMplzvtW0DiZjqijT5ZFUe8y1 zcNwV1upTPl96IEYLUpKdaAQyZtVBL0J6xQwx/gHndaob8jFLBdbJOwwYCEUDksL +iWBz9iINscOJq9XUCLcZA0Ii81r0KBOz/hod35wNDTfaq9z/xuxMg== =utqB -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 20 Jan 2015, Francis Cabrera wrote: I already did that but unfortunately it was falls beyond their area of expertise but I have send the configuration file that i found for them to check it if there is something that they can do. the default location would be in /etc/mail/sa-mimedefang.cf the setting required_hits. But different systems use different default pathes and MIMEDefang could pull the default settings from anywhere, if axigen modified the MIMEDefang scripts. On Tue, Jan 20, 2015 at 3:15 PM, Steffen Kaiser skmimedef...@smail.inf.fh-bonn-rhein-sieg.de wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 20 Jan 2015, Francis Cabrera wrote: May I request for a help on how to remove SpamAssassinReport.txt being always attached on my emails I am using axigen email systems. I already check mimedefang-filter. You should ask your axigen support - it's commercial after all. This snippet adds the report only, if the SPAM score is above the configured required minimum limit. # Spam checks if SpamAssassin is installed if ($Features{SpamAssassin}) { if (-s ./INPUTMSG 100*1024) { # Only scan messages smaller than 100kB. Larger messages # are extremely unlikely to be spam, and SpamAssassin is # dreadfully slow on very large messages. my($hits, $req, $names, $report) = spam_assassin_check(); my($score); if ($hits 40) { $score = * x int($hits); } else { $score = * x 40; } # We add a header which looks like this: # X-Spam-Score: 6.8 (**) NAME_OF_TEST,NAME_OF_TEST # The number of asterisks in parens is the integer part # of the spam score clamped to a maximum of 40. # MUA filters can easily be written to trigger on a # minimum number of asterisks... if ($hits = $req) { action_change_header(X-Spam-Score, $hits ($score) $names); md_graphdefang_log('spam', $hits, $RelayAddr); # If you find the SA report useful, add it, I guess... action_add_part($entity, text/plain, -suggest, $report\n, SpamAssassinReport.txt, inline); } else { # Delete any existing X-Spam-Score header? action_delete_header(X-Spam-Score); } } } - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVL4AkVGgR0+MU/4GAQJUzggAjtkoeiQjDqLtm6Pqkt1tLvW/NZ8qIqrO QbtMipon/uWmo3lnEQjLCkItkoZ/5j4LnIzUAPN0NJIeo9RK1YA/0MPStyrqWV1K 0/GhlTKQ0sDmGc10q/OrOkBloUx5VNb8rv4Rm6xHfxzHjlKgI5BGgn8jRK0Z8Nnv LGLDnTaBK/jTT6dDBzYGJElB2WFidks2o4UGmGywMplzvtW0DiZjqijT5ZFUe8y1 zcNwV1upTPl96IEYLUpKdaAQyZtVBL0J6xQwx/gHndaob8jFLBdbJOwwYCEUDksL +iWBz9iINscOJq9XUCLcZA0Ii81r0KBOz/hod35wNDTfaq9z/xuxMg== =utqB -END PGP SIGNATURE- - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVL4tWVGgR0+MU/4GAQLUQAgAoLCSzXtBHIlFC29EidaWqIjpGedlei1z SnrCS72pTP5mIBTeUrsgK7ZuqF0UUM3K6ljAvkyqgKPe6K8pruWaLdD/7nK37sR9 LWnCn5yqqrv2WyEh7ep4FEE6PHxv8is8GZztGylkYfTOGYnOTmTOXsmoJ7yDliP/ xHN698vJg9A+RNG3+DMO3gP6naFyVl+O0ldZb21umf0/p2WSNKswzoSYcRnty2J7 oqBdBmZqk1GRlkikH+EOvoqO85MrT5Wk6+oiaWl5TCUbA8xuvq60L4ru1G7kC4Ym hUPkhwrruJLCIBqwyWdMWXN60jm2oAR1ndvtqbRNJK8scl1NvnhnvQ== =4fL/ -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] spam score different from when scanning via mimedefang
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 17 Oct 2014, i...@bsolution.net wrote: Spam did get better, however bayesan still sucks in my configuration. here is an email i got 15 min ago, scores like this: well, Bayes could have learnt in that time. However, did you checked if the Bayes database has more than one user? Maybe SpamAssassin uses two users internally. -Spam-Score: 1.308 (*) BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,SPF_PASS,T_KAM_HTML_FONT_INVALID,T_RP_MATCHES_RCVD,URIBL_RED X-Scanned-By: MIMEDefang 2.75 save this email as .eml and running on command line does detect as spam X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on newcitymedia.net X-Spam-Flag: YES X-Spam-Level: ** X-Spam-Status: Yes, score=6.9 required=3.0 tests=BAYES_99,BAYES_999, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100, RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,SPF_HELO_PASS,SPF_PASS, TVD_RCVD_SPACE_BRACKET,T_KAM_HTML_FONT_INVALID,T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY,URIBL_RED autolearn=no autolearn_force=no version=3.4.0 - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVEEi0lGgR0+MU/4GAQKItggAxYD6v3BLediuN9g/dCEdagOgcXZMlS9J B1dK4j8dTD2mS6NS6HFwBmwReLdZy5iStsNFFQj/vm2XqgPIjhrmlWIcL5/O13yL OCUrPMqK3ekBsVc9CTMwpOgTTZl8O9ZmSsTATttyz7qmt7EP2bzw2om1r0IEIN40 KHzpvqzAHGzctfTFVnoHhWsyjnG6BoeJbO/tD1xH9k3l31R1YhrZrfFUgD0HZJiV 93Aa/Wguvo3+djV//iMe+rh3RM2wR/CkF+XrcCuDTgf9OzbktQV+PGFl5afHnTpP Ta4cGmzqy43udh0IBsrcZZtXEJI52hRplgGyLHCRbuWU/mwM7MHJwg== =fey0 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Process SPF checking for certain recipient domains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 24 Jul 2014, Jon Rowlan wrote: In filter_begin() you know sender and all recipients, there you can deploy the different checks. However, what will do if one recipient checks and another one does not and the message is to reject? You either need to silentliy discard the message for some recipients or generate bounce messages. There will not be any cross contamination between domains. So a message will be for someone at one customer domain and a number of their users but not for other domains that I host. In reality I only need to check the first recipient. Well, maybe the possibility is quite low, that one message hits two domains with different filter sets, but how do you ensure there will not? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU9H2yFGgR0+MU/4GAQK2ywf/XsHOHIBbACWVqMdQfkOE56dx5unICISo RUh8ntB1MlH6I8jQ8+p4Ew8XpHjRYR37n3FGeK1TOthPt+SDrknz0ScKKh8tX67s 85uNqR2rE/NNUMCFzE/x9TonRqxp/9A7m5pJ+ErwA93Q9Yvqcmv0kbHusq+zW/Ro dKSHdvmGUqjN6PybQqklrG8TxMigz+wVh2Kij17i7hPWUHilUtIkE9VI6AjNeAiH YXSxamB+yb7GeuHf+25WiuZ0h0JcPNZtPEA5JL2ErOx4uJ99Mb4gHmsjIjwABy7/ 3rWJENhOY2QzFVrVOYaxh533AWTyWr6Azr4xwYEvZk3h/rpgCu5FyA== =NIf6 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Process SPF checking for certain recipient domains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 23 Jul 2014, Jon Rowlan wrote: I have been looking though k/b articles but can find no real help on whether its possible to SPF check certain recipient domains? I would like certain domains that we accept mail for to use SPF but not on others. In filter_begin() you know sender and all recipients, there you can deploy the different checks. However, what will do if one recipient checks and another one does not and the message is to reject? You either need to silentliy discard the message for some recipients or generate bounce messages. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU9Cja1GgR0+MU/4GAQL//Qf/Z3nwV51WIdbIypEM8T1LFNqf1QRbdceA x3eM6Ixo7GHuLzXGMr1s0dwVQltYV6ilRQLIwtRSCKOwlVWa9KhUFJ1CiGrXERaX Cq/PqdN1L0kQGwtSaQqMamtRb9pb915nOOua3RoIcwJiUSIKCBd4IPTsxDIrZjaA J8jcXilT3dJ4DBX6UO9WAyRhdu8uHKEa6ilGFSQCva9zyTHAUw2f3yBnnKByINq6 vmerElFjyx7MLo/KZ6iVTQFVddDAs9j7xrk1uRV1OTU6e7FsGneUQ4D0Yl+RZbGU GNgv0PUxuXDrs5pvoCx4Th1Qx8TS9lxEV8AzzNhOtVrX0dN4zuJHMQ== =2BJH -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang/Multiplexor wrong score. Stops running tests randomly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Jul 2014, Justin Edmands wrote: the heck? It only runs those tests? It runs random tests sometimes. I random tests?? have no idea why. Does it have a max process time or something causing it to stop running tests after X time? Anyways... Here is the header of the spam message: Date: Thu, 17 Jul 2014 14:29:53 -0700 X-Virus-Scan-Result: ok X-Spam-Flag: NO X-Spam-Score: 0.698 X-Spam-Status: No, score=0.698, required=3.4, tests=[BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,SPF_HELO_PASS,SPF_PASS] Here is the message run through spamassassin itself: [root@localhost ~ ]# cat /tmp/msg.eml | spamassassin -D http://www.mimedefang.com/node/21 incl. Also see Both SPAM tests run with completely different settings. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU8iz01GgR0+MU/4GAQJz0Qf/ZcpqumrsUmp8cVAQ5bCjkvqeGOCWZtp8 J8TF32MYPyX10qquqFBuR8bdbSLI31BaNFFvOqC2qJy5ftCVJdzSrKUlING5bfu+ z6fmlpLUxkZfZZCKg8D/FV5kLbFjlalUuFoCTZD9lFH3UwponMKWnCXHkf79Uvnh R3/WxVFeoU5C8v7UQY3MeEgmx7anZyaMfhxDcKO/ZeOaq63XTXbH3EmHxZXxedkH AJfkN0A+ml/oFdu77Vw6273dB5Pma4AOyLpOw8fgrFjpkHFZ2fkhxApO+mB9mION 6Qo5+FXz3SfuHlTxXkd6NJauCDrXm00BvzfRgK/DQF2Nmn1hl813tg== =GJTi -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] how do I train bayes MySQL when relayed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 26 Jun 2014, Justin Edmands wrote: Seems like lots of spam is slipping past. In turn, I would like to train/retrain my bayes database for the defang user. This is certainly just a relay so the mail is in and out without being stored. How do I train the database when it's MySQL. Do I need to go to my MDA and pull the .msg files and feed them to the sa-learn program? See http://wiki.apache.org/spamassassin/BayesFaq?highlight=%28train%29|%28bayes%29 Will I overtrain Spamassassin if I feed it all my hams and all my spams? Answer: No. As long as you ensure that everything fed to Bayes is accurately classified, manually verified, then you can only improve Bayes' accuracy by training it on everything. Esp. accurately classified, manually verified I let users move SPAMs into a special IMAP folder, which content is learnt via sa-learn or spamd demon on a regular basis. Also, in the actual database I wanted to see the spam and ham count. Seems like so much ham and not much spam collected. Any reason this is incorrect?: mysql select id,username,spam_count,ham_count,token_count from spamassassin.bayes_vars; ++--++---+-+ | id | username | spam_count | ham_count | token_count | ++--++---+-+ | 1 | defang |404 | 15794 | 203108 | ++--++---+-+ If you did not trained the Bayes DB, it will not contain much. These might be dumb questions...sorry if RTFM is the only solution and I missed it somehow. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU60SClGgR0+MU/4GAQLeawf8CG1SKjLj+kyLQqcigPbSM01FK7oX83Ct uqANQRf/htFrfZBkLfPd1nCLDN2MDEy8TWtxMf8thD0TtWSN9kn91chS3ZtTVo2C LoBIMuKtWqISn0gxtnoNESbnO2o7yhTSorCeJXWprV2PzwlWlSKzcBryjI9WJm2K ShQCi+/vzBQGC3P6m0Jb19yadDSjfc2JvQuz+rO+fRkUaOfsvImCjhBkVHhC6Gqh 1lRC02jhKz+N07awpRTSi+DB+YmmYP16PgezAYBK/CDcH1xCgm3r7KtRPSYToH1l 2uI/z4Tmugpt6+t71RAoXfAPfnDstkGis4iRV8t9yDw+6V5QapcJ1g== =NuIp -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Relayed emails can't be filter!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 12 Jun 2014, Cương Bùi wrote: I'm really stuck here. I configure my sendmail server using smarttable (http://jmaimon.com/sendmail/anfi.homeunix.net/sendmail/smarttab.html) and smart_host feature for routing to different smtp servers, users. All local emails (sm-mta process) are caught in mimedefang filter. It means I can process it in filter_* routines. === Jun 12 14:39:17 srv-01 sm-mta[6520]: s5CEdHes006520: from=/someuser@localhost/, size=2461, class=0, nrcpts=1, msgid=1793922844.1402583957445, proto=ESMTP, daemon=MTA-v4, relay=localhost [127.0.0.1] === And, all outgoing relayed emails (sendmail process) are not caught. It means I do not see it in filter_* routines. What emails you are mean with outgoing? Are they submitted via the local system, e.g. by calling the sendmail exectuable, or via SMTP? === Jun 12 14:40:20 srv-01 sendmail[6552]: STARTTLS=client, relay=/smtp.outside.com/, version=TLSv1/SSLv3, verify=OK, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jun 12 14:40:21 srv-01 sendmail[6552]: 1983T66ee0001: to=/a...@example.com/, delay=00:01:04, xdelay=00:00:04, mailer=relay, pri=0, relay=/smtp.outside.com/. [/1.2.3.4/], dsn=2.0.0, stat=Sent (Ok: queued as 296B68067B) === Please show us your submit.mc. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5qWgFGgR0+MU/4GAQLA+QgApM6ifBCy7Dak+j8QThwEmLInA+qvLPCL kpEatsWUiYEfl5F+SyKgblRDptITLYTHGxJDUq7FUvpDy3Jm8qlpb5xivg8NVdWK MSNZoqGDgaKKT/aBKQl8C/bTz5GSJTUj/u7R8RtGAqT61fRjsoHxKp5/MpHL9Wro uI5nf8bDGqqaXIcMRdgAf1xsRiIq5dQjIG3rAlB4efP/h8crJigpp7KjRB7iou80 o/15hwUjFBxNWt+ffBmT4Vx6KgeC5RNEbuoGVrexOlo1DL5UGi68O67ltdcya4Qo jMRxXsE5NpUAJ/L+6GnILgiiA+Aj054fZ3Uprdrjft3wvDriO/A67w== =Xkx3 -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Relayed emails can't be filter!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 13 Jun 2014, Cương Bùi wrote: *1. What emails you are mean with outgoing? Are they submitted via the local system, e.g. by calling the sendmail exectuable, or via SMTP? * These emails originate from OpenEMM, on the same server. There are 8 running processes of sendmail on different queues. = When there are some messages in these queues, it's automatically sent by these processes. (my understanding, not sure 100%) Hmm, http://www.openemm.org/faq/questions/22/Why+do+you+use+Sendmail+and+not+other+MTAs%3F Sendmail is difficult to replace in OpenEMM by other MTAs because - - spool files can easily be generated directly (the process is documented) - - therefore, OpenEMM can assign spool file names so that OpenEMM has sufficient ID information encoded to use the names for bounce management during mail transmission I don't know if I understand the 1. statement correctly, but they seem to say that they create the spool files for sendmail directly, bypassing the injection via both sendmail executable and socket. If that's correct, no milter can be activated obviously. OpenEMM is open source, so IMHO patch the processing you want to make into its injection. If you don't want to patch OpenEMM, you need to get to know how the mail flow of OpenEMM is, how many sendmail configurations there are (the 2nd statement above let me assume that OpenEMM runs its own configuration), and put some filter in between. That might brake the bounce detection. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5q5b1GgR0+MU/4GAQJcEAgAsuU40j1kucRmR8+INBbfA5t6EcvE61pE bJ4xwjlXEF6b85kN9RQ/aJh4OphICPPTmrHAFatLLosxNnAU5WA+6GbVf7R19XzX O2EhyXhgO+oUtmWbZgesIOzmdBWDRclYJQ2b7kXMPh8fMLIi29ZdtanSgmBsMfIn r9M+iyEiPr5gzbdB1kpz9TWl2ap/NG44yplMPWC9USkxva03o9lL9JN4PkwnjRvP vqe8xBTLWJXXKaqDOO8VJf4j86g/UyQNLaxFQTyV/W4ITbUpSIiA0vE3V/jufMQt lxihVMSCy5pb94yGV7d+GQ176FCFRK1sPQ4zpDt+cN68P3mSy2S/lQ== =7DZT -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Relayed emails can't be filter!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 13 Jun 2014, Cương Bùi wrote: Date: Fri, 13 Jun 2014 16:05:25 +0700 From: Cương Bùi bhcuong2...@gmail.com To: skmimedef...@smail.inf.fh-bonn-rhein-sieg.de Cc: mimedefang@lists.roaringpenguin.com Subject: Re: [Mimedefang] Relayed emails can't be filter! Hi Steffen, Thank you for your investigation :) 1. - spool files can easily be generated directly (the process is documented) - therefore, OpenEMM can assign spool file names so that OpenEMM has sufficient ID information encoded to use the names for bounce management during mail transmission = OpenEMM spawns 8 concurrent processes of sendmail for handling sending (1 of 8 used for accepting incoming emails). The 7 others handle 4 queues (4 spool dirs) as below (from command ps -ef). === root 17717 1 0 08:36 ?00:00:00 sendmail: MTA: Queue runner@00:01:00 for /home/openemm/var/spool/ADMIN === I guess your normal config of sendmail in /etc/mail does not use /home/openemm/var/spool, so OpenEMM does indeed use its configuration and my proposals seems to apply. = I think the issue may come from this. It handles directly... Back to my test previously, use sendmail from command line (sendmail -vt [file of email content]). I see that there are differences between 2 cases (from OpenEMM vs command line) === Jun 13 08:46:26 srv-01 sm-mta[17949]: s5D8kQAP017949: Milter add: header: X-Scanned-By: MIMEDefang 2.75 on x.x.x.x Jun 13 08:46:28 srv-01 *sm-mta*[17949]: STARTTLS=client, relay=smtp.outside.com, version=TLSv1/SSLv3, verify=OK, cipher=AES256-SHA, bits=256/256 Jun 13 08:46:30 srv-01 *sm-mta*[17949]: s5D8kQAP017949: to=use...@example.com, ctladdr=sysu...@srv01.example.com (0/0), delay=00:00:04, xdelay=00:00:04, mailer=relay, pri=30377, relay=smtp.outside.com [184.73.178.44], dsn=2.0.0, stat=Sent (Ok 0146946821e9-c9c81ea2-9fcf-4076-952f-1c8e3591464d-00) Jun 13 08:46:30 srv-01 *sendmail*[17948]: s5D8kPP1017948: to=use...@example.com, ctladdr=sysuser (0/0), delay=00:00:05, xdelay=00:00:04, mailer=relay, pri=30138, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (s5D8kQAP017949 Message accepted for delivery) === 2. - bounce management is based on a well documented plugin interface of Sendmail (milter) and permits combining the realibility of Sendmail with the flexibility of OpenEMM functions. = OpenEMM develops its own filter for handling bounces. It's just like other filter. It does not affect other milters (like AchiveSMTP, MIMEDefang) It depends on how that milter detects bounces. If you re-route the message through your sendmail instance configured by /etc/mail, you could break the process. On 6/13/2014 3:42 PM, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 13 Jun 2014, Cương Bùi wrote: *1. What emails you are mean with outgoing? Are they submitted via the local system, e.g. by calling the sendmail exectuable, or via SMTP? * These emails originate from OpenEMM, on the same server. There are 8 running processes of sendmail on different queues. = When there are some messages in these queues, it's automatically sent by these processes. (my understanding, not sure 100%) Hmm, http://www.openemm.org/faq/questions/22/Why+do+you+use+Sendmail+and+not+other+MTAs%3F Sendmail is difficult to replace in OpenEMM by other MTAs because - - spool files can easily be generated directly (the process is documented) - - therefore, OpenEMM can assign spool file names so that OpenEMM has sufficient ID information encoded to use the names for bounce management during mail transmission I don't know if I understand the 1. statement correctly, but they seem to say that they create the spool files for sendmail directly, bypassing the injection via both sendmail executable and socket. If that's correct, no milter can be activated obviously. OpenEMM is open source, so IMHO patch the processing you want to make into its injection. If you don't want to patch OpenEMM, you need to get to know how the mail flow of OpenEMM is, how many sendmail configurations there are (the 2nd statement above let me assume that OpenEMM runs its own configuration), and put some filter in between. That might brake the bounce detection. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU5rFhFGgR0+MU/4GAQIV7Qf+K17r7kB6Jb/QZF+tpAiYaPfGmSWoF76f iY9ogZxipKKl++vk52HLsg11M7fuuAzR44i1KQ03cQMkO4DnCOyY7DivyT5zSjOB kaFq4ciYC6Q0mLoxqda1hVndlGYN4P/kahY4PP37HS6ySe+1omHaALUYxLwSYfED fiVS70GArICcp7qHbVR6fHVjRcDztIkKR6NK0gIYEW0onfRnSIPYU3WMo0wlEAPI ZSv0qMjUVVOyc9PRyR1upxBbUFc8VYzwJgubWC6qaYYTM4azmTufkNhSosdo3kC7 8hAifvbCSVXt9xXJnM0ADMZtifYQInqi9XV9eurYX/kHzhLbReiYZw== =AyL9 -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org
Re: [Mimedefang] filter_sender block multiple address
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 25 Apr 2014, Ricardson Williams wrote: I´m trying now block multiple email address how to do? I already try like below and not working sub filter_sender { my ($sender, $ip, $hostname, $helo) = @_; if ($sender =~ /^?spammer\@badguy\.com?$/i) { return (’REJECT’, ’Sorry; spam...@badguy.com is blacklisted.’); } return (’CONTINUE’, ok); if ($sender =~ /^?x\@\.com?$/i) { return (’REJECT’, ’Sorry; x...@x.com is blacklisted.’); } return (’CONTINUE’, ok); The first return stop processing and returns from the function, the remainder is never reached. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU19Er1GgR0+MU/4GAQI8sAgAsV9KenRKRN7jSPBxLxJ0oNkwG49xlkpD dc6MrMMqhZxxP1wN5RUuz8XxoFDOyjqBBjXKwSVhbdVW9bbuyOJsJlFR9kmQHIP1 GE2hwrT5n6lHz2XTKJ3NZhuF97RvUlb11+FASumqqxpU5eNgonhaRX8dg7yeHfaO bVfLmtIs/BCxJKyyNZvg/pafgs8jSKu9H2VNr1RlAhrycHyoutckB0JohEm7dt5Y sLPPdn37xIJ9xxyfId2PjrUDPAkUI8th8/tBzgwit2CBM5/KDykxm7XpofWj0yNq Ij69SYZ7xlQJ1HlgCfJzueT6XRRrZ9/A04SE+MubykZCm2jEGG2XLQ== =0xN0 -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Operating on attachments - choosing which attachment to operate on
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 24 Apr 2014, Michael Lazar wrote: I am having difficulty preserving the original attachment. sub filter{ if (lc($type) eq 'application/zip' ) { action_add_entity($entity,-1); my $cmd = 'zipc -silent -extract -directories FILTERINPUT extractf -keypass=; zipc -silent -add FILTEROUTPUT ./extractf/*.*'; action_external_filter($entity, $cmd); my $name=Œclear.zip'; my $fname=Œclear.zip'; my $type='application/zip'; action_defang($entity, $name, $fname, $type); #undocumented hack to preserve body pop(@Warnings); } Hmm, I would actually try this way: 1) in sub filter() detect encrypted files and spool them into $CWD/my_spool. Make sure, you use a different name per attachment of the message 2) in filter_end(), if there are spooled files: my $e = action_add_part($entity, text/plain, -suggest, Unencrypted attachments, Unencrypted_attachments_.time()); $e-make_multipart(mixed); foreach my $file (@files) { # decrypt $file my $new = MIME::Entity-build(...) $e-add_part($new); } David's advice will save you from the additional HD space needed in step 1). - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1n9SlGgR0+MU/4GAQIMDQf8D8J8qVDcNi4KZN03pRZJNqLLJGQjC17s SmWCBx3lJmDVvPZFtHCqGrL/Rsl2aOAESKduXvh0d/EUSMtQ7qBefMtzzRuItJE+ 4wh3KKwhpH4Zk0Oo5WEDjYPuS+xYFTEmcIYmWGIiFOgW8aJYVpsEiONa+eeyCw0u crAdtg/uC+Vet8bNSg9v0iFTmsBVtcmT4ypD+13jSoHI9MQu2j3SvNRDr4ri46Xe NaQDXUTV/AtFAtgubvnLemRm+FSq+ORTtYhlWLYvbUANU6zUC8nCzKLx03MvqUHp K+MNcbLsKVqRaVNq+AosIBLv1YpYsZHqPxxROVv8hpun+kiTbe/O1A== =V/4i -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] adding a new attachment or duplicating the existing attachment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 23 Apr 2014, Michael Lazar wrote: Is there a way to add a new (additional) attachment to an email? Is there a way to duplicate an attachment and re-attach it to the same email? see action_add_part in man mimedefang-filter - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU1i0GlGgR0+MU/4GAQKk4Af/cEksMTZYoxve94AlHRtSGW18VNLOi63P N4CQunVk7IoszhgtEm9tSF+g2Gi8K9xyxRVMngdv7CFCH6vhLItgrNDPFv3pjNMc 4mYtbASeOQDsiKHbTo6IvYSrkSNEb5SMJYopVv305hnLpjKg2gtko1iwDSFylraX SOcexJEqcjXuhAXModnhf8CTJsBlOJlLwOsE8FM/yGrdRY+SqDUDIIKwh5/zYamM /raVS8NBtrp6AmwMo+dFte/0mKo68CZEYotbTYv27CflrD3GLK7E/UUqtPGnYWy6 eUIpsUVr8pXYXDpbnnxRvtRrZvrdGyPdlqpZqUz4ZuLUGIdTsjbf+w== =axK6 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] skip filtering if smtp auth even for local mail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 16 Apr 2014, Ghislain wrote: i use a filter_sender clause to skip any filtering if the mail is sent by authentified users from smtp_auth ii mimedefang 2.69-1 e-mail filter program for sendmail ii sendmail 8.14.3-9.4 powerful, efficient, and scalable Mail Transport Agent sub filter_sender { read_commands_file(); if( (defined($SendmailMacros{auth_authen})) ($SendmailMacros{auth_authen} != 'monitoringemail') ){ ^^ this should be ne instead of != md_syslog('warning',smtp auth depuis $ip, $name, $sender, $MsgID); return ('ACCEPT_AND_NO_MORE_FILTERING', ok); }elsif($RelayAddr eq 127.0.0.1) { md_syslog('warning', local Email, $MsgID); return ('ACCEPT_AND_NO_MORE_FILTERING', ok); }else{ md_syslog('warning',pas de smtp auth depuis $ip, $name, $sender, $MsgID ); return('CONTINUE', ok); } } my issue is when a user connect with smtp auth on port 587 and send a mail to a local user ( someone from the same domain) then it get filtered and never trigger the defined($SendmailMacros{auth_authen})) part. Is there any solution to that ? It seems that smtp auth is simply ignored for local delivery even if the log show a successful smtp-auth for this connection. I don't believe this. To verify add a md_syslog('warning', $RelayAddr . / . $SendmailMacros{auth_authen}) before the if() statement. Or do you happen to have separate configurations for port 25 and 587? the filter_sender works for external recipient and skip all filtering but impossible to do it for this case. I want to skip filtering because spamassassin trigger a LOT of false positive rules when in this configuration (all RCPT and HELO rules). - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBU05jXJSHNCne69JnAQJTpAf8D5wn48Lmtg+coWvrWyYs+UwxPWHwJcu0 b7r2SAuMKfHLjJ/j42JVILvb6u9KAVBXjmqddCIYn2M9yUyvWltDtyLiSPVQ4qgX 2WJv/R1GqKQDNhxH8HEnSWiDcnxI0HY1onS4nLvf5ElG9QdNXWk4hdlnjeueYaxO 9OJfIezxqf4Zk8OnX6ggXd1QX4FQHoI1ro5sbsT7IhO5UX4GAMdDGfEKc8fQdNYo ED6XmxpyGmBqIE1WOuIhtoBJh4eFYjCLBUs7jQNRQfO0b5/OfEwPUGjEgmRxSckW OAZKObkiNRDetCz73CW/OWKsNif37iDLQI+pk+jXaJegSkCLbW5n2Q== =7E7F -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] redirect spam for a single domain to another recipient
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2 Apr 2014, Marcus Schopen wrote: I use stream_by_domain and like to redirect/move spam for a single domain to a special recipient/mailbox and collect it there. Any better code possible? sub filter_end { [...] if ($Domain eq 'mydomain.de' $hits = 5) { foreach $recip (@Recipients) { delete_recipient($recip); } add_recipient('spambox'); } Looks good for me. About $Domain: I'm not sure, whether or not the domain is always lower-case and never has a dot at the end, therefore I always lower-case domains names and accept an additional final dot, e.g.: $Domain =~ /\Amydomain\.de\.?\z/i Cosmetic: foreach my $recip ... or delete_recipient($_) for @Recipients; - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUzz7YZSHNCne69JnAQKUXwf/fLhwChGWGTdSRgZqBRkPth5tCp8ldp89 HE1UbzONAfFDGCjABDl4EE/+erFHjfeyPzhaRlH9dh+NoNLwByD8+d3Wdadm8wVA QlfkAirk6yHrp1njrs5fTOuf+TIL0AuX/oQGhYtza2O6Q92tHUnF97CdWM+op26c 4tLGNiMxLFzA85MIE1MdkxLc0OljWEIrK2WslYwYermMRbMiW61SAYdvOPlkJEio 3lGwML0Ey/oglAHQP8jsUZGVtoL9+e0Mh18NeeeJdSmbGtEFgduhXvUj4Zx0UGkg KkHxI76N7SUY53Pba3/S3V7xrnVefcqBAK8UnCLzQQqskEbrB6/TPw== =NEiN -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] read domain list from config file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 27 Mar 2014, Marcus Schopen wrote: for some of my domains I'd like to reject mails at a given spamscore of =5. For some other domains at a higher score. Is it a good idea to read those domain names from different external config file instead of coding them hard into mimedefang-milter? sub filter_end { [...] if (($Domain eq 'exmaple1.org' || $Domain eq 'example2.org' || $Domain eq 'example3.org') $hits = 5) { if ($WasResent) { action_discard(); } else { action_bounce(Recipient refuses mail due to ...); } } There are numerous ways: a) DB_File, as Kris pointed out, b) Storable c) require an Perl-formatted file d) CSV files and Text::CSV e) plain text files f) SQL backends ... actually, I have all configuration stuff at the top the filter as hashes or qr//s. e.g. in your case my %domainsDropHighSPAM = ( 'example.org' = 1, # ... ); [...] if(exists $domainsDropHighSPAM{lc $Domain} $hits = 5) { - -or- my $domainsDropHighSPAM = qr/\A(?:example\.org|example\.net|...)\z/i; if($Domain =~ $domainsDropHighSPAM $hits = 5) { - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUzUmgpSHNCne69JnAQJsawf/e0P0vviYHHexlK7Q6OxxXiXjFEGbspW8 E4lbG8/0eBEpcsLy6qgfPoyvpJ4a1zpMPrS0dC/jwGlZgjiJzJXix6myI7TOAueD M7MApVfCrWdCiyUcYnlitGHiiFGlqk8RUw8kIkCKZcJknvdjHmxupF3flYeWRDmF qKPu8vVGYnAhzMdyzkm36e2fEUWTAg3B111X+MdR5LvNllxPuRdQKD7wQ0QpkjSj 0ZvGOOypQHPbVeA6eCXsiy+OlmEZtZDJjKKbfwXjuTROIMnmHexcY5xuca+YHvQI 3nh5LBFlRTgH2ZsYNdhDJXZx5sDwiknKZxJkKnHLSoe/z9nU64N2Sw== =+7bq -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] reject a message if listed on more than one DNSBL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 18 Mar 2014, Marcus Schopen wrote: is it possible to reject a message if it's sending server is listed in use the Net::DNS resolver and query the blacklists. mimedefang.pl has the skeleton how to query. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUyhxdZSHNCne69JnAQLMsQf7BcRrSVYchWSgrbYbmizGG55HizgUI9z+ ZByh3LQCcOG3qIZnhMrpP7pn7RIziQrwJvfCTgOb4XgG8FIFYOTsGg6RbIOU8tHV izHOJyshh5iDO/q7jf87pvm0xvjwS8OWz6y+Xk+STULWf5MW+VLEFGALUoB2W6dW qd4dKGRh+4gDWFysWKnR2l5l+LioohhZBORTX5DEt0s4NvDKUUE549vxl5Oj8ePJ IXY4XTMma9fz3E8xFCNgXyYdjlbBc/vseJTl65GLk/lDlhDu1UhDFycSUV1JLXk6 LR4EbyHlDWfJFoOn5Z0LyhoJ15itzZxIc2pIruieS348UqRzZH6OBQ== =IFw6 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] move SPOOLDIR to tmpfs - how to keep bayes and qdir files at reboot?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 20 Feb 2014, Marcus Schopen wrote: I'm planning to move SPOOLDIR (/var/spool/MIMEDefang) to tmps. My /etc/fstab tmpfs /var/spool/MIMEDefang tmpfs defaults,size=128m,mode=750,uid=ofdefanguser,gid=ofdefanggroup 0 0 This works fine, but mimedefang stores quarantinedir and spamassassin bayes files in /var/spool/MIMEDefang too. How to handle this. Copy /var/spool/MIMEDefang/.spamassassin at stop/start of mimedefang to another directory outside tmpfs. And what about quarantinedir files. Those fill up the ramdisk. Move them by cronjob? if you compile MIMEDefang yourself, you can specify another quarantinedir. IMHO, you can change the location by setting: $Features{'Path:QUARANTINEDIR'} anytime. E.g. at the top of your filter or in mimedefang.pl. My .spamassassin is not located in MIMEDefang's spool dir. But I use the demon. You can most likly use a symlink, I mean: On startup you setup the tmpfs and before starting MIMEDefang, e.g. in its init.d script, you create the symlink to the permanent spamassassin location. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUwcDAZSHNCne69JnAQKevwf9HVu44ExXxgcS2yG+x3DJk8xrXDjMjrz+ Q3Zz+L5do7M68T5wCVl8JCQ3HScQJx/hmXtv4O9rZIhUqRJF71nt7iC2n62FYEhn je6+zjL2ytNS7cjLjxTy3bkFpWDs5espXY2pVvEkPF3w6dX48A+kZ1fS2o5VPkts vx3uaIBmiJB0IAS4Eia36zPi+xwJLZhktBX7zcQ2JfDEBlUmttqHEC4jOk6PGI/2 8ntld3+5/l2mmglT5lPcMnUJFpkucs9YF+SOqJGbsBFrOXGXRv22zi4PgKp+9i0B MDFa0hVG7Kvkf+bkzuV0KJE1gNctNNE4opziXpWn3oQ6fjEJgnpBBA== =Yt9Q -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] rate-limiting for outbound mails per sender
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 9 Feb 2014, Marcus Schopen wrote: what would be a good way to implement rate-limiting for outbound mails per sender e.g. 50 recipients per smtp_auth sender per hour? I do this in filter_begin. There I detect the sender, assign a SenderID based on different rules and query a SQL database about the sum of recipients of this SenderID in the last hour day. If the SMTP quota is not exceeded, the tuple (scalar(@Recipients), SenderID, NOW()) as added to the database. I purge old entries daily. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUvhs5pSHNCne69JnAQLikQf+Iqg9/E3QAhWSb9b0DMKlGBym5qKnO2uc L1U3QHCh2cIyjbMfjtEGjtZkuN7MJoTcSc9uWqxLQXGIg4ujfnJ7yKCHYSRpd/v9 GgvjL6UbgVFYIZjfghK2azCSYeOLwHbo2rq2nWkJf5EQkhvLs1fct+3nnVfvkpF8 sFrN8ibgEoawasQ/NwYAnn4E3sMSIpy20ae/IH6kWkUcq2t0BbXwQyrK8sE3xfiu j9qhATfhEJ/Uhepb9oF04r3e+iDVKTMT35vfCujipJxjmu4TXv/EBvrQEIc6p/d9 OBZLUmut/g/tcyMfZWW+jIVSm4Pl148VEg8Bx/9c8QWO34SWFlunZQ== =6YV3 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang filter sender using filter_sender
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 18 Jan 2014, Prabin Acharya wrote: My mailserver has been compromised. The scenario is: bogus users are using mailing address of my company and sending spam messages. Do you refer to this scenario as My mailserver has been compromised? Or is there some other problem as well? My mimedefang filter has included my workplace mail domain as safe sender. However some spam mails are such that sender fakes my workplace domain too. IMHO, you should drop this whitelisting of domains. Your suggested filter_sender is a step in that direction. I'm thinking of using thing like below: by using filter_sender, i'd check on legitimate email addresses that are allowed to pass through my mailserver. If the sender address contains my domain, check for ip address of the sender, if ip address belongs to my internal network pass it on, if not drop the mail. I'd add: pass it along, too, if the sender is authentificated! However, if your mail server is compromised and someone is sending SPAM from your mail server, this won't help to stop it. However #2: if someone is sending SPAM outside your server and those messages bounce, you get the bounces still. So this change does not help in neither of your problems. You could look into SPF or BATV. My filter_sender is as follows: sub filter_sender(){ my($sender, $ip, $hostname, $helo)=@_; $rg='.*?(@)(pmail\\.com.np)'; $iprg='(10)(\\.)(59)(\\.)(\\d+)(\\.)(\\d+)'; Is there a reason for all the ()'s? You should anchor $rg to the end of the string, probably with: \.com\.np\.?$ The .*? is not necessary then as well. You should anchor $iprg to the beginning of the string, the \d+\.\d+ is not necessary, unless you want to process the numbers further. if($sender=~ m/$rg/is){ if($ip =~ m/$iprg/is){ Why do you use variables? This drops performance. Write the strings here or use qr// in the assignment of the variables. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUtzSAZSHNCne69JnAQKkEQf/T3slFpyKP69TL40vojaPhJa5qWaFWuDV QMD+z+0N4m/YQfG3IiuYkwruiwuSAqPU2GZ1y2kDskNLyFtD5AnOyaTFOr+g67PV GoDpGrJbRnoFgW5utiwMPsR04wPi9FO3wZHmu4ZxUt95KrHoD0Ct392wzwvBKiLv Qgq2eDkHTg1Cqx30vhKjCw5a+sJwUfYQnJYv1y77nyAbg4vbgDKG1V6SXcd9gtMl cOnGxWZWZsafA7u1zxEjSEAVJ6t3Cmr/yrcneu51kdj1da5HlG7PlEOtOR5uDnKL Yi9Vp9FiwVlvK1/Zx55Czu0XepQLFvqX4MQ0Lg1tQE8iO2bnjLVCFQ== =2QGN -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Little help with no checks for AUTH users on 587
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 21 Nov 2013, Ben Kamen wrote: I need a little quick help -- in my mimedefang milter, what can I put in to bypass checking emails being relayed by my server submitted on 587 by authorized users?? Check out %SendmailMacros, in filter_recipient and filter_sender you need to call read_commands_file() first. Add a test [ for existance usually do ] at the right spot [usually almost at the top] in your filter functions. There is a return code of ACCEPT_AND_NO_MORE_FILTERING, which should replace the explicit test in each function. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUo8Kt58mjdm1m0FfAQJddAgAoURaI91yVCMgDLl1nEY0Ztn4uRkwDoP4 luoEnQPxKC2WhIEEJ311yzszcsbEHPxDm/KVYAvG5izL7toHkrOCYkce+dYdU3D8 1dlbwMl7kQzgeuROmU861H9LlyOpi13hsV/KGET5q7QRDz/kzDt4kSv3mUH1EQLP 7s/NK2rVvnFuNth+KDQ6B1zNzz3nH73ln8/UfBS9YmP/P5Ij1I2iB7SncNFywnaK Ae9SSSOao8PDBdg+IK70ZRLnqB2ozgpNzJljDKze6rFBBafvfKL+IDbPIWcgjeHg Cml2HmTLENZ2ApIxycQF0VN2ypc91tKQv9v6B3+Wfn/mTeXMI9ZGkg== =Z5GE -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Stream by recipient and sendmail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 28 Oct 2013, Marcus Schopen wrote: I'd like to use mimedefang to split up incoming emails on a single domain with multipe envelope recipients to single emails having only one envelope recipient like Received: from ... for ... test...@domain.com; Sun, 27 Oct 2013 ... If those emails with more then one recipient were dropped to a multidrop mailbox the received header line doesn't contain the recipient. Only the To: and/or Cc: mail headers come up with the recipients. I thought stream by recipient could be a way but I'm not quite sure. If you mean the following: sendmail adds the recipient to the Received header only, if there is just one recipient, then yes, stream by recipient will do. What I don't understand is the multidrop mailbox part. If you alias one recipient into multiple local mailboxes, just like: list: userA, userB, userC and mail to just one recipient list, then yes, too, at least in my setup :-) If mean, you alias multiple recipients to one mailbox, just like: userA: single userB: single userC: single and mail to userA, userB, userC, then yes, too, but you will get the same message three times in the mailbox of the user single and the Received: header will differ in userA, userB, userC respectively. stream_by_recipient() splits the message into three individual messages and sendmail is no longer able to detect that the message has just one drop point. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUm4Sn58mjdm1m0FfAQJCvAf/YoE0MCmjsZ7b9+OcDfipjULOuwAe28zA Gk+Al0r2du0VnctQbUSzEtCnRjmJSWYvjhWQhPWLJJvHWbaEmaM/zp4N93QO3EQQ Yd6CxUOb+j/EsIbxYGdbR2KYu2mN2sZIbjVzen9VTdWFVhxuuzRM9OXl7Pt8SCIc U3CmEyeM2IVis8YT4/Gc0J48p0JGupUvQUHy27Xyi5WDTsbh6zFnqVLQe/SbZu9r qayBcq5FE8rBrgOrjEmeDQK6xZROumN8KOeEjGohCEmw3lhabgNZFKEkbuB8hvIX N7HXbo33kkm0OkblejmnE2v/CGfyQHwXqek65RP6k+KY1ADcCJaU7w== =w1LL -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server() returned an empty response
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 27 Mar 2013, Richard Laager wrote: I'm troubleshooting an issue where md_check_against_smtp_server() intermittently hangs for 5 minutes. It's *always* 300 seconds exactly (ignoring sub-second precision). I'm using this function for doing callbacks against the sender's address. I look up the MX records using Net::DNS. Before you hate me too :-| Does anyone have any idea why the 15 second IO::Socket::INET timeout isn't applying in these cases? tar-pitting? IMHO, the timeout kicks in when there are no TCP alive packets. But when the other partner sends keep alive packets, but does not respond simply. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUVK4+p8mjdm1m0FfAQL84wgAkFbNP1dGeHiQ1RhilKnPpyGdxHQ4GwSQ bFwK2IUhn3WfBSg0n9xHZZpZidsbsc8rwap3ExKEvJwgPgJJF4iVo5y3MvHTK0cQ HTyN85eovgmsdxdnBk3aa7zJoc9QKfCMj4soTNtmaMMVYcaFXS82hpUwluf6ukZD z0stXY4pD+IngHcs+LXlUKa5o7ysU+/t3p12no+/yZqpEty97fJq8v2gk0HqbwF0 RQG+WaBNJNJ9mmSwAfGjgLV6m5K/9EHVXyv2e9Nmm+Mc5yGY6j10Rb+Flm4erN/9 PTSCNmrb+hGoviubzAAKGhVTSTvrZX4uIowg37VrDijknZpc52ekfA== =BsnM -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 25 Mar 2013, kd6...@yahoo.com wrote: 2) md_check_against_smtp_server is intended to be used against servers you control. If you want to blacklist your own MIMEDefang relay... That may have been your intent for adding the function, but it can easily be abused to perform callbacks to random servers, especially when well, there is Net::SMTP, which can be abused, too, the same way. However, pointing out the intention puts the burden of abuse that code onto the user. used to test the sender's address for validity as a return address. If it were to be limited to servers under one's control and enforced as such, the routine would have to obtain the recipient's MX-RRset internally and test all higher priority MTAs; thus it would not need the remote host address parameter. It would determine which host in the MX-RRset it is running on based on the macro variables passed in via the milter interface. I don't agree, using the MX is necessary for external addresses, but for internal ones, esp. if the server does not relay many domains, which are managed by others, one usually knows the correct _internal_ maildrop host, which has probably no MX at all. At least one saves the DNS requests. The use of MX records would make it much more easier to use the function for external addresses. Actually, the man page could stress the fact more, that external hosts will not like using the function against them maybe blacklist the server, because this is considered address harvesting. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUVFTn58mjdm1m0FfAQLgWAf/fWYrtmFoj7armpAry8prZLRtkipFfMFM t57TiSuAgFIuX3M/HV8IIfs/pf929nf9u27efiy792uFqYmwqKRZrRxVCo96pesi VS7qZC+UzSClWKsi7EQ6RUqTzg1Mj27pjqCxaUmjOn3bMdOJjeGx0YlQuJcd9BOC pb49mdgo3s/u2bnEOMuYDRhSZpdwOU0vBFrzaQxcvdiDfIDrF+dlXJpmAlRoOn/d VKDPTka3ub+nSulb+T4C2VYYe1rpIMivcU2dgG4typHEFB+Uu+VEsPvEO6zuQp1F 7jxeRdDisQg6iP4R/O8YiqM9sjrE9QsFK8LZisrpr8vkf4nfe+zgOg== =jD3F -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] javascript in address header
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 20 Mar 2013, Joseph Brennan wrote: Ever see one of these?-- No, I didn't. To: Joe B j...@columbia.edujavascript:_e({}, 'cvml','j...@columbia.edu'); I changed the name and address, but otherwise this is what someone on Gmail sent to a user here. The envelope RCPT was evidently normal, as logged by sendmail, but when we re-sent it to an Exchange system (still with a normal RCPT), Exchange rejected the header. This is an invalid header after all, isn't it? The domain part after @ cannot contain . - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUUsaX58mjdm1m0FfAQIAxQgAk3f5S/jlPhzL8CkCWp23FfKYUouny4Tx Y0CXG/jvbkFAeV91X2jPmVcCpgPVby2VkfHsQU5nK9ZtOxBpXeWdNtBjKk9Bl05h Itdk/2Op35yCPm+F2orURjcaAgUx2B2Q7zeJn5wbi2vhFM7ITUSEzuzxAoFSlN1h MPsZZsmFSnbz98VteDT40QAs0y/uhSSkN9zAAIuEqrnQb+70lWyujoTJ3jQuN7AO JL/SHp5CBWTTQ5yh4qf5HFJ+KiZUjU/KOV3enq9PmAgZ7gNmgYNwcGKqO6mBmuHj RRVQft63sdlGrlAaZ7iMEotk/esagQG7+/snM7zxTeLmLP7VPBGVNg== =pymY -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 4 Mar 2013, David F. Skoll wrote: On Mon, 4 Mar 2013 12:30:09 -0500 Dale Moore dale.mo...@cs.cmu.edu wrote: [Broken Android email app does not consider 5xx failure to be permanent, but keeps retrying.] Your ideas are appreciated. You can send your ideas to me directly and I will summarize in a week. Or you can send them to this list. I would take a scorched-earth approach. I would immediately lock the account of any user from whom I observed such behaviour and refuse to unlock it until the user replaces the email app with a non-broken version. You seem to be writing from a university, so you may be able to get away with this for students. Faculty/staff might need a somewhat more nuanced approach. :) I do agree with David, er partly :-). There are plenty of alternatives for Android. @Dale, I would change your action from: - manually scanning the logs picking out such behavior - personally notifying the users that their email isnt going out and why - helping them put their droid in airplane mode - helping them remove the offending message from their 'Outbox' - helping them put their droid out of airplane mode to: - programmatically scanning the logs picking out such behavior - automatically notifying the users that their email isnt going out and why, e.g. point to a FAQ and/or send that FAQ page as attachment - helping them to install yet another mail client - helping them to get the old messages edited and on-wire finally - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUTWkPp8mjdm1m0FfAQIAEwf9GN71zEP2w5oDB4/3Qct4WjgF32qjr6ms o+ZoXme2ZOdmaCUuaQgwGbXXF7lc7Q8GVONUT8b1UCRyx+QvjFUkWEaom/jewJt6 Bjvdg6iTffg6tbID372xVZVdYzRAv61sDkJSrYwn2q+JrLjQJHj3LhvNCeqERcL4 dY1Nt3EsTDhJ7ggGmrZuBvyPlXXhTas4rD3GTpG+P0XOLCw61Jg/RoEAO7Q2PL5C NXnEH+I+u2CBU+mnEK3ev594ue+KEcXLd4hMCRDyLeq9KKqXg1fl7MUzvBVHJKUI g8Ek5rwy1l1mrY3CPnzBgpbOuI6MeGhS+RVy4vEQedPrO3Xss0tAtg== =yn3M -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIME::Entity not handling Charset = 'utf-8' correctly?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 20 Feb 2013, Philip Prindeville wrote: Awesome, that worked! I'm wondering if in MIME::Body we should take: sub as_string { my $self = shift; my $str = ''; my $fh = IO::File-new(\$str, ':') or croak(Cannot open in-memory file: $!); $self-print($fh); close($fh); return $str; } and have: return Encode::decode($charset, $str); I suppose that violates the internals of the MIME:: and Mail:: namespace functions. They are tied together very closly. Actually, I looked into a UTF8 MIMEtools a few years back to overcome character set problems when storing header data into a postgres database. I thought that everything the MIME:: functions should return would be in Perl utf8, any character set information already decoded. Anything the functions get passed into is Perl internal utf-8 as well. I think one would need to rewrite the whole framework anew. instead, but I'm not sure how we'd retrieve $charset… It would need to be stored into MIME::Body which isn't currently the case. Encode is a tricky module by its own, perldoc Encode: Handling Malformed Data The optional CHECK argument tells Encode what to do when it encounters malformed data. Without CHECK, Encode::FB_DEFAULT ( == 0 ) is assumed. As of version 2.12 Encode supports coderef values for CHECK. See below. NOTE: Not all encoding support this feature Some encodings ignore CHECK argument. For example, Encode::Unicode ignores CHECK and it always croaks on error. Some encodings modify the $str argument to return the characters NOT decoded. So you'd call Encode::decode($charset, .$str) to enforce a copy - - but have the performance penalty. I also got weired results with decode('latin1', $str). I guess because of CAVEAT: When you run $string = decode(utf8, $octets), then $string may not be equal to $octets. Though they both contain the same data, the UTF8 flag for $string is on unless $octets entirely consists of ASCII data (or EBCDIC on EBCDIC machines). When I pass results of decode('latin1', $str) to LDAP or Postgres, I sometimes get errors. I pass all strings through a function now, that looks terrible, but since then Web, Postgres, LDAP and text files play together. On Feb 20, 2013, at 6:21 PM, David F. Skoll d...@roaringpenguin.com wrote: Try putting use Encode; near the top of your test file and replacing utf8::upgrade($string); with: $string = Encode::decode('utf-8', $string); In fact, I found that utf8::upgrade() works for me in order to replace decode('latin1'), which seems to do nothing, causing other modules, like Net::LDAP or DBD::Pg, to pass invalid UTF8 to the services. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUSX4uZ8mjdm1m0FfAQJLPAf9EPC0E+gm5cJ4PvwxQHT2MzGoTmfLz1/C nd7kihJnCqmWHQeYLhRlETqX4D1vG/ZGS6WbaP8Fybn400Tfb4JZBs9kZafS7dri z3r6wk70Vd0By7GM5zIPlTbovU7HqiIFBBoHrdLkaSvzGq95ZfyH5u8aZjj39D85 2nDracTpxp9VF1rsgDi9I3z2lJpRjtJsufVUTvIhynOghQoAhw0S8FEAp7CrLnOX UHsTTW1+CPhJA3zxY7jgGKV65smNYjtB4MZ1D0cxq2Y6Op7R2NmbRZrlXfFsfMBs ah7y6nOmlOOpJ1oG760qZY31GjAcvuHgzcliV6rBXueMb1qSM3yHyw== =A/mV -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Block specified mime type
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 14 Dec 2012, Zoltán Gyula Beck wrote: block/remove (remove the attachement but the mail is passed with a notification, that the file.ext was removed and contanct the sender if you really need that file) some type of attachements, .exe, .bat, etc ... I tried with $bad_exts but if I rename an .exe to .pdf then mimedefang passes. Is there a way to check the file type and not only the extension? first, make yourself comfortable with the fact, that the mimedefang config file is a Perl script. Second, in sub filter() the first parameter is the item currently found and ready to check, see man mimedefang-filter $entity The MIME::Entity object. (See the MIME::tools Perl module documentation.) In perldoc MIME::Entity you'll find the doc to access the object: There you'll see: bodyhandle [VALUE] Instance method. Get or set an abstract object representing the body of the message. The body holds the decoded message data. Note that not all entities have bodies! An entity will have either a body or parts: not both. This method will only return an object if this entity can have a body; otherwise, it will return undefined. Whether-or-not a given entity can have a body is determined by (1) its content type, and (2) whether-or- not the parser was told to extract nested messages: When you have access to the file content, you could for instance use the Perl modul File::MMagic to guess file type. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUMs9n/41+pMevzVSAQIqCQgAvSAuKO7C29hhZ6okPVrvcseFgoNdesFp Lc7hJ9vz1nJzMFpqPhTpUcynqfmt913KipRYb8Ya5auLGXLXHrE+o7DQrqyJI177 y/LmpFCB8WD83qXnSzsEvGvbO2K9gQsQRAj9dBe6VAcQ3ey+qWlCIAg2Ewvwi5na C/HX3RdkirubEr7e0NcL9sVHUl49UvAAXDRqYugdC7DdEBKqOnKq2AwQ/CSKiMvY sGEGHpcg+RrXbEGO9HLAsbufZvcq7X7rEQaCqY9BvpwVX2DMB6xpKvE/vFIG Guw7X5jt3iIXkPv9bWwunqmv2SIN901V0zpJRkyk8gpC1qhZFMoCaA== =vCne -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DNSWL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 30 Oct 2012, Tilman Schmidt wrote: something like this - untested # Spam checks if SpamAssassin is installed my $dnswl; if ($Features{SpamAssassin}) { if ($RelayAddr =~ /^10\.0\./) { # Don't scan messages from local net md_graphdefang_log('locl'); } elsif (defined($SendmailMacros{auth_type})) { # Don't scan messages from authenticated senders. md_graphdefang_log('auth'); } elsif(defined($dnswl = relay_is_blacklisted($RelayAddr, 'list.dnswl.org')) $dnswl =~ /\A127\.\0\.\d+\.[23]\z/) { # Don't scan messages when whitelisted in DNSWL md_graphdefang_log('dnswl ' . $dnswl); } elsif (-s ./INPUTMSG 100*1024) { # Only scan messages smaller than 100kB. my($hits, $req, $names, $report) = spam_assassin_check(); if ($hits = $req) { ...yadda... } } } I would like to extend that so that the SpamAssassin call is skipped for hosts which are ranked medium or high on the DNSWL, as recommended on http://www.dnswl.org/tech. Alas, that page does not offer a MIMEDefang recipe. Google found a discussion on this list in December 2007 under the subject dnswl and relay_is_blacklisted() in Mimedefang sub_filter_relay that appears relevant, but I'm not sure how to apply that to my case. Could someone share a code snippet? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBUI/dyv41+pMevzVSAQKZWwf+MLLdHZ0+tfB3qt3YAIiGym21/G315LB5 rsU0LMBRp53N4PaXZCDw10+pI/RlEN+bRg5jg+J/SL1ov8pd7b/m66/VjeZ+Jttq f1ODDybscORDoityJgnL80Pp8wTqRY8JmtwUdtM7wV5nRDPPIospO0nHgqdjVBAi 0THBQGcXE1vITq283a2wSQA7FTag4xyu9ZXgL9YCUFoisVGwPjs/AcyterUb71nG 8VCQI7nw88cGGRcUoSvLJb71mDZ+/wQxw/4uQLalp+2zfMscDyotLUfH+III42cG oLTF9xvNMvOOXcGfaVBsBn3K2X5s7CLnED3BoFF7VIM1jdg6eaqUnQ== =kpUK -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MAX_RCPTS_PER_MESSAGE replaced by Milter?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 24 Sep 2012, Kevin A. McGrail wrote: My thoughts are to have the standard limit but raise it for authenticated users and/or perhaps give them more of a rate or per day limit? I store the number of recipients of messages of authentificated users in a SQL database and query it, both in filter_begin(). If the limit is reached, the whole message is tempfailed. There are hourly, daily and weekly limits calculated using the interval operator of SQL. Kind regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBUG6Oq/41+pMevzVSAQIyMwf+PUOxOE6lomH1YXAl50JdBAkWeRPpwDSB O9rQvMsLBgtr1HuqNspurPOD/lUKfjQUkjbC1aXFYEzgUVjovzEv3t0LmBcuNwr4 Oq3HB3+riSLmBfGBsmPtIWwr72ff3kW7QbudJ69x9ZrmjEFAq2K0jLuH/Fkh5Vmn iGmxagZbY7zvEZmYD15eqjB8S8s7DZ0klt9r/co8o7TJQcw77ZG1af9YudyCqlU3 20E5/NUSn9L4aNEVP6RKO1PiT0Janf/Fp5o2fmufhLv6NBsjmAb2CqNZKW/U7XEL WUVWuqmIiXZFTcwjQvfaPa2Y0PujnrSxzaTBCQVIr0FTkSI6jzPh1A== =5TXQ -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Is it working ??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 12 Sep 2012, bverst...@borsele.nl wrote: Spam is getting through and seeing this message in the log file Milter delete (noop): header: X-Spam-Score Milter add: header: X-Scanned-By: MIMEDefang 2.73 What does this mean ??? that MIMEDefang had scanned the message and that your version of MIMEDefang is 2.73. But because MIMEDefang is a highly user-customized system, we need to see your filter, which is plain Perl-code, to tell anything else. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBUFAz7v41+pMevzVSAQKbrwf/SYpz9aWPYoEZ3qWwZZ7Nc/b2Jl5qLQiO en5Z9YpQC8UmuNJtI0ursyC+Whn+cXXLOt4jTzKam+3lbMuW2MNev4yoHoLZd5Lx lJ32BayyuF5Qcjv15nVBMIcUvjhG6MSAbG+rHvrFYxbvD8aNts8fK5C8EJNod/Fy lLPrPU8EtVW9J8L5q7MZZ2+8kjXPUQ3hvP0r/2FuFS9eSf3BBI10g7OdSsIkN7IT ZT6SJIix64cL6RVx3A/0Q7c0Peh1527+s/rem367g/xpuBqKMwh05CWxNMi0wF3t R/ee8ZPV9sbsiZErOYB2SyV7DfRLXa5spHaSgqBPpqZuE8Q7Id5lJw== =EH9t -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] name= and filename= different
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 9 Jul 2012, Joseph Brennan wrote: Mismatch noticed in Chinese-language spam: Content-Type: application/vnd.ms-excel; name=nfy.xls Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=vmdgjctvi.xls I wonder whether name= and filename= being different are diagnostic of fakery or are just something one can expect in mail from normal software. I never paid attention. Before I figure how to parse them out and log them to check-- has anyone gone down this path already? I did not checked the implications of this mismatch, but I'm running a filename cleanup routine in MIMEDefang and had to adjust it to cope with this problem. I have seen legit mails, where one name is rubbish (consiting of two UTF-8 characters most of the time) and the other looks good. They are forwarded by Exchange servers, then a colleque sees rubbish, but I see a valid filename - Thunderbird and Pine seem to use different headers to determine the filename ... . My routine (see above), picks the name with an extension \.[[:alnum:]]+\z and the least non-Latin1-characters, if there are more than one name; sanitizes it and writes it back into the header for both names. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBUAQQsv41+pMevzVSAQJiIgf9H04Owh7GgAUiHc2j5o7xnn+b7EB8/qsg MjA0R5UZLM8/GTVSXbH1GIJ6gsWV2CKNk8XpySF1rLlinA7L6uMBDNiLk58lkwTI iw7Y/l8L1JsWE5Va01kq2JrRqmXNIaGf0AWqC19LrbvEJ+9zwWu/X0DpENjiqbWh lkmWsujwuWRkABu1lUmTNVHmRhxMQexAsGRGBcsbhwUCR0SqqcJEL4X19hPhQa+i MNr6q124cjRCTcLBrx1d/7yXL2ry0MPiSBkQn/kkdmCC0/1y5N4I6iWVbBEkfqv/ DE3aKsTTKJymcjwGCLmH7++YnEOoPLE7mdJbK8qi+C4vv0GjAboPIQ== =K/8Z -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Rejecting e-mails with blank CC: and Reply-To:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 13 Apr 2012, michal.jankow...@fuw.edu.pl wrote: This looks like a cisco router/firewall/asa/whatever intercepting smtp traffic and doing own 'fixups'. Switch it off. http://blogs.oucs.ox.ac.uk/networks/2009/11/26/cisco-firewall-smtp-fixup-considered-harmful/ http://www.binarywar.com/2009/11/cisco-pixasa-causes-smtp-banner-corruption/ Most irritating was a Cisco between our mail server and the internet that removed STARTTLS from our server's SMTP greeting ... . Back to the OP: If a Cisco terminates the connection, the receiving sendmail would log EOM and the transmitting server would get the SMTP code from Cisco. Insofar, it could fit. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBT5EPG/41+pMevzVSAQK4uQf/Q/vjR9ndRB57MO9OdemAjBmB76Faa4ui Th3MbFD3LuoSc9D6qlIMCbao5oc3r0oaMl8kgoomi3jNpRqk0bDeaca1fYmSE3nf 6bQbF972iqOmP6nYLAWeqIN5CzY1YMbFRf66FqujPTSStbo2HsxkevhddxNirWF7 ODg7yXd1wb6cUvVzwfr27A/Mgeo5/bZWMxfe2WyUb8gFPDh4E/N73PN9E9f4mIuw wz93/P/iMwQGwAGhETLuuqOtSr4/LrDREtUDcB3RdWjjZ86uYGckRf8vnXy/JJi4 K8YwQwCwcFmQ5DvNnBoRvu6QuZQbQvyh4GQ/E6JVdDkYAf4XXeQSGA== =aCkJ -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] all_spam_to abuse
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 21 Feb 2012, Chris Flav wrote: Hmm. I added this block to filter_end and it only rejects email sent if none of the recipients are listed in all_spam_to; #if score 15 reject smtp connection if ($hits = 15) { md_syslog('info',REJECTED $QueueID - score: ($hits) - RULES: $names, $RelayAddr); action_bounce(Message rejected for policy reasons); } since one of the recipients is listed in all_spam_to, the returned SA score is -80. This is why I want to check for the existence of USER_IN_ALL_SPAM_TO in the scoring rules, and then strip out anyone who is not listed in local.cf. you could implement all spam to in MIMEDefang rather SpamAssassin: my %all_spam_to_addr = ( lc('spam...@example.com'} = 1, lc('mr.obser...@host.example.net'} = 1, ); if($hits = 15) { my @spam_to = ( ); for(@Recipients) { # your condition, example to use hash push @spam_to, $_ if exists $all_spam_to_addr{lc $_}; } md_syslog('info',REJECTED $QueueID - score: ($hits) - RULES: $names, $RelayAddr); if(@spam_to) { md_syslog('info',$QueueID send SPAM to: .join(', ', @spam_to)); resend_message(@spam_to); } action_bounce(Message rejected for policy reasons); } The implementation of the condition with the %all_spam_to_addr hash is just an example, use what seems fit best. And drop all_spam_to in SA. BTW: Read man page about side effects of resend_message(). Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBT0YC0f41+pMevzVSAQL4kwgAjj1XdHsuwQoywjlzNpGOMMvGNlLXhYH0 mzNY9qHBhq8oXo0AnIKWWrorSIvicxnOPmEwRkNrh/yU/DvTHgEGxLWBKKJTxE1r cCuugtkhPccZbqjdRGoYVlBjW3qq1tNjS0p3l2p3SpoxYX8qSYyuv+LMjxtuWkJX 9PjvInWuV7wxihYLAvUMc5bsGOcVvTaJKffEF5sy8Z2XParbWC0uXqsEDDbqtA4I jUbeHiOTOjiMa8wNB9uE16Z38rsASyBJOXaY6ExnJ9BvxwlQXQwBDTvKfn9RF+Iv VlIS6z0DBxYzVLQPitHCpih7Rs+a3FqF+dv7pgtBokUqWJD9bQeqpg== =gZGQ -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] tagging and redistributing selected messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 4 Feb 2012, Fred Bacon wrote: for our employees. She can't maintain separate mailing lists for each journal, so everyone gets everything. So here's my plan to solve this Some sort of mailing list seems to be appropriate, IMHO. I'm setting up a GNU Mailman mailing list (internal to the company) that uses topics to allow individuals to select which tables of This is the important part: each user can (un-)subscribe self. Once accepted by the user base, you have less administrative tasks. However, a mailing list manager allows more things to do, usually people tend to request to use those new features, such as archiving the posts and searching through it. contents they want to receive. To do this, we need to identify and tag all incoming messages which are tables of content alerts. To do this, I'm writing a set of rules for SpamAssassin that will identify the TOC alerts using a set of rules for each journal. So the Journal of Physical Chemistry will have a SpamAssassin rule with the name JPhysChem and a score that is either neutral or negative. In my eyes, it doesn't matter, if you solve this with SpamAssassin or perl code. Use that what you can maintain better. When I call SA from within my MIMEDefang filter, I'll split the return list of matched rules and check them against a hash table of known journal tags. If one of the tags on a message is in the table, then mimedefang will add two new headers to the message: X-TOC: true and Keywords: JPhysChem (for example). The actual keyword will be the You will have to remove those headers for other messages, so that X-TOC: true cannot be injected from the outside. We run a cyrus imap system with server side filtering performed by sieve. The librarian's sieve script will detect messages with the X-TOC header and redirect them to the GNU Mailman mailing list. Mailman will then use the Keywords field to determine who wants that TOC alert based on its topics list. I don't know if Mailman can act upon keywords as you describe, maybe you need to redirect the messages to the particular list, e.g. directly to jphysc...@mailman.host If cyrus allows to access messages in one mail folder through a script and your users accept some latency, I would use another method: 1) Sieve files all tagged messages into one mail folder, say articles. 2) via cron a script scans articles, extracts and removes each message from there. 3) each message is injected into Mailman via command line, maybe you can mangle each message before, e.g. with: /usr/lib/mailman/bin/inject or /var/lib/mailman/mail/mailman post list_name If you setup a complete new mailbox for these messages or can use sub-addressing (librarian+maillist@...) you could drop the tagging completely and perform the check after accepting the messages. Now, does this sound reasonable, or is it too complex? What is the best way to import the necessary hash tables into my mimedefang-filter? Is there a simpler way to achieve the same effect? Do you use some external database / service already? Otherwise, replacing the filer and reloading it works well. It occurs to me that each of these messages will pass through the system twice with my current technique. I could bypass the analysis with previously tagged message, or perhaps I should have mimedefang change the recipient of the tagged messages? About changing the recipient: Technically you can do this, you would need to configure Mailman to accept mails not to the list, because the mailing list is not part of the to header and maybe the recipient list is larger than the threshold configured in the list, and you cannot strip personal / administrative data from the messages. For instance, maybe the messages contain unsubscribe links and you might want to make sure, that replies - either by human or DSNs - are not returned to the article origin. = In short, I would suggest to setup a mail folder (or INBOX of another mailbox) for these messages only, parse them via cron script, remove most headers and patch return and recipient addresses, and inject them to mailman via command line. The librarian should check this folder for unhandlable messages now and then. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTy+aj/41+pMevzVSAQKBQggAg3vkcOCKUULyq2QcTU9Go4PmypawlI6R wy9g8fUBVdgSraHSY17xerHvKHQVf6Flp1XWknKHdr7gMB/QXOuUw5M0BrZQ7pMe wOhXJnVFMfmMdn4S/Jz1fx+H0bhU1uspUBTP31DQOtQpr+9G113zcUrJJm9zDVQ1 NW2kPxcluCFRlSuST6jBMOojVdWrvF36Ikbp9Opm0ESyZ2zKdph/vrDppiFbQMv5 U0AixOhZ6GbdN3KKRC98LEW8gvVWL3T2X/bhZGaLPfkU+a5IaaEUEM98yM3ABhN2 RAKSC3WrWLRfZRVqPCLxKmuQuw3fT2y4W0CvdcHA846Z5B2lQdaTkQ== =t6X4 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http
Re: [Mimedefang] Filter options
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 1 Nov 2011, Roman Pretory wrote: I get all rules in the sub filter_recipient, by sqlquery, that' s fine because I could accept, reject, make filter definition on rbl,spf,greylist? but have anybody an idea how to transport these to the other filter only per mail for virus, relay, spam? all rules for a mail are in one array. I don't understand you. If you want to preserve the information for sub filter_begin() and friends, see MAINTAINING STATE in man mimedefang-filter . Regards, ska - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTrLHZv41+pMevzVSAQIy/ggApfzNHZLoFokpA8VnBaVy4TOjOS+xTv9U pv+rpV2ZEuhTtAjVMP8hOz7yt+1WI0UlpVgAZd52qW2hs2cfSmJr8FTrltQz9J50 CmF+3kNYfCxb4y12o60it4FGKfSwSxw2oAz/G8jJPlD6C+aDgDBfq4NvDf3bu/QC CdCB90QM4ZOccMHo06jYr/imHj+kRWwqejdFGCcx7+1YOoKNx8oOSdg3WBUAkB8+ OooFom+WpgpuZnw0Foe3XDuuKODdNkwjt7qLCtTUNWaUtvWXS5CjCoJfUIt3G6pY TZW5guI+zdUjf9AqhYbjMLAe6ycTlvaDXXpN8Ya9n4sZAp8X72wkgw== =kt0V -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mailman Footer in MS Outlook Link
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 24 Oct 2011, Serving Soon wrote: By the way, the footer now is not an attachment but the unsubscribe link in the footer is not clickable. _I wonder if there is a solution for the link?_ Well, in the text-part the MUA must do it itself. In the HTML-part you do not generate A tags. In the section below my $html_footer = $footer; and mangling the characters add something like: (all in one line, not tested much) s~(http://[^\s]+)~$url=$1; $url=~s/([,;.:?!]*)\z//; A HREF=\$url\$url/A$1~ge The $url=$1; $url=~s/([,;.]*)\z//; is to strip puncation characters from the end of the URL, e.g.: To unsubscribe click http://example.com/unsub?me=dkdkdk. To have more info ... and put them behind the /A tag. I'm pretty sure, one can write the pattern somehow, that those characters are not matched at all ... Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTqZSZP41+pMevzVSAQLXlwf/Q2I13DNRkLfG0jilJXAHcsPP6HbxTBlh w618l3Tqj9TXBaDXAZkqKlMV8JjbaH29zxJtVw0achzABpsagloD6P0NHQ9PorCp RrT9wpM7a4eLVj65EYpgff2fSafb0jMj69Nmps5c6voQmb0yGvxzncK88vjdrjDq gqxV5gAHJ1ezJ5b1C0N4k4rzOn7LW9K6JcAhYbN1+tpPKnjUcI+nqCfAk/DFrRUL btlbMb5CofD1IZfbm4UiyGvo+IZdnvP7EZh3irVlvijBurf0IFbN0CLvxDqVUUhW tF7SHCKHtpyy5wcH/Tx8XyrfRgmtSHvaq19DPdPHRtOJfsBBIqJuYQ== =ih5p -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Domain canonifying and RFCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 13 Oct 2011, Ernst du Plooy wrote: Bind v9.7.3 does bark as well, if a MX points to a CNAME, bind v9.3.4 does not. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTp7SQP41+pMevzVSAQKAyggAjmvcASmo4b3EpetxtnWtmG5OHixqX9RE IJqQNXBtlU7iNqYMQeTSMYnw41c2fAHDoTAsTkgk3GFTuFq0OQ8RRGoNI0EA7nSV sUB/JRbKI0h6/+45veMR2KoLy2urGfam8gdtgMmakOb7eLfUU4HFIYFX6mvElExZ sLm2r0F2z1ZMNUWtd/pbfgfjZ4PkNm+7lakxifEIz2zAuXZre19/W+lpvLGdzgsv l6oREjCsaJPQpolhk+pNVpJ7R7h+ZQAFvsTg9Abbuy+FyTCVGwh5Kd2JyF9MomlD IyeyT64AzUe/8ND2q8xfZ/gdl6Bv87ul267CQyGhgjUc/1WV6kgdfQ== =7asr -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Does MIMEdefang 'remember' variable values between successive invocations?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 7 Sep 2011, Jan-Pieter Cornet wrote: The only disadvantage that I can see is that with globals, you get a protection against typo's if you declare all your globals, so $SlightlyMispeledVariableName will trigger an error, where $Conf{SlightleyMispeldVariabelName} won't trigger a warning, except possibly for use of undefined value. actually I find this a very disadvantage, although I use a hash myself. regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBToMDfv41+pMevzVSAQLA7AgAtNjmIRDlqQPKKuzJgX9MrccyP0iEvfAS vONu25b43CqNvV/27vOT6N64wPbHjset7aeC0AZ4fwJ9JFLotz1xacfurRmJx2rF QMuLYnIY3aNAWwKziZUJ/eGaYKWmlW56CRE499WRoMznbUOoUpRx8khMsWxtKSfC 4eJAm/nKp5cblrE4hDt9Vy0BVSaTfBHkgH/2A2Lp0rj1GhKxkip3zWOeSnHhaxcQ sY5LaOQdj2cnF2T+i24d4Zuk+lzmgYori/WAxewTzVHsK3A/hoimloPlSq3KB7tF Ch3FCDRZO/zpVJCIktZfekAgbZvuboWU4mEaCGzIDI/V3YQ9qlpCuQ== =Hlwb -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] set_reply returned MI_FAILURE (was Re: Multiplexor trouble)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 19 Oct 2010, Steffen Kaiser wrote: for the archives and in order to document the other trouble, here it is: the problem: I've seen the following entries in the log, before this first line, there are only errors no response from slave: Oct 15 00:10:47 ux-2s14 mimedefang[27529]: Error from multiplexor: .10.2010%2021:XX:%20IP%2087.230.54.44%20with%20name%20d [cut] Oct 15 00:19:27 ux-2s14 mimedefang[27529]: Error from multiplexor: ok 1 ok 250 2.1.0 0 Oct 15 01:20:51 ux-2s14 mimedefang[27529]: Error from multiplexor: 10.2010%2020:XX:%20IP%2087.230.54.44%20with%20name%20ds87-230-54-44. [cut] There were yet another error, which almost always preceeded the ones mentioned above: mimedefang[32204]: set_reply returned MI_FAILURE After I traced back every message that the particular slave had handled, beginning with the one producing such error, I found that filter_sender() returned a huge message back, about 1.5KB. Checking sendmail v8.13's source, I found in libmilter/smfi.c: /* for smfi_set{ml}reply, let's be generous. 256/16 should be sufficient */ #define MAXREPLYLEN 980 /* max. length of a reply string */ #define MAXREPLIES 32 /* max. number of reply strings */ [cut] if (message != NULL) { size_t ml; /* XXX check also for unprintable chars? */ if (strpbrk(message, \r\n) != NULL) return MI_FAILURE; ml = strlen(message); if (ml MAXREPLYLEN) return MI_FAILURE; len += ml + 1; } The problem with [\r\n], is already documented here: http://lists.roaringpenguin.com/pipermail/mimedefang/2006-January/029020.html I sanitize all message texts returned to MIMEDefang like this now: s/[\x00-\x1f\x7f]/ /g; s/\s+/ /g; substr($_, 256) = '' if length($_) 256; Looks like that did the trick. = Once such overlong reply poisons the connection, all next communication of that MIMEDefang slave fails, until it terminates (reasches its max number of requests or hits the idle timeout). This is mimedefang v2.71 with sendmail v8.13.8, so more current implementations might not have this problem anymore. Further error messages in log were: Cannot chdir(/var/spool/MIMEDefang/...): No such file or directory Cannot open COMMANDS file from mimedefang: No such file or directory Cannot mkdir(Work): No such file or directory couldn't open INPUTMSG: No such file or directory Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTf773f41+pMevzVSAQIfiQf/Z5KkibY78EtXDBdoXyvLQzHiOBHeQy/r nBjchw594tlmKgm8JcARKhcKo3NV44bzBb/Opp/+X4LiOCLJwBWxQBGvF7KIjzhT 9C+Bg0OF25Wz31DAGzmoEd02GrRQhN7yRYFBi0Z4P5lG8ZhxQ1mllwlbvCHb1a4P dcABTMKq1fWvfR3PWPzEhGCHKKdQYuwRkx9x0tgJ10BJzQTZJ74NvzfnQdIFMYYc Q7SPvZ4Ufsi3e8afakRzqP5R1+xXWRM6F7dOOHKYDwC1VVtSgfs02GQatlWYy3Wm 0sS5UhUXHThlEj+M2CLNEnM1At5ts/GvafO5zozQlr9O2TJwSZM4zw== =tCs9 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Multiplexor trouble
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 19 Oct 2010, Steffen Kaiser wrote: If the error would tempfail the message, well, it's low volume; but the most problem is that the milter returns results of different queries to the sendmail process: sm-mta-ext[31396]: o9FB1Ls1031396: Milter: to=[existant-internal-user], reject=550 5.1.1 [non-existant-one]: SMTP VRFY: 550 5.1.1 [non-existant-one]... User unknown sorry, that I did not reported back, I was triggered by a request for a follow up, so here it is: My problem went forth some months. The number of erroreous replies did not increase, but were not be seen for a week once in a while. However, the log entry indicates that an existing user was rejected, pretending to be a non-existing user. The other way round, that a non-existing user was accepted because an existing user was looked up instead, was never logged, hence, this number is unknown. I restarted all services and even the whole machine at least once, nothing helped. I checked the data of the queried users and also made some general tests, e.g. I dumped the whole user DB and made a check some records by glancing at them. I sent duplicates of the messages, even interleaved sendings dups of a series of three or four messages. At one point the local copy of OpenLDAP running as a cache and automatically replicated by the central OpenLDAP via the syncprov overlay went awry _detectably_, I mean ldapsearch returned clearly incorrect results often and finally the slapd process died, when I poked it hard. So I removed the local copy of the OpenLDAP database, restarted the demon and about 15 minutes later the mail server was stable again. I do not know why sendmail got the result of a previous query of MIMEDefang, I also dunno why rebuilding the user DB helped. - - I'm not sure that rebuilding the user DB fixed the cause of my problem or if really a hardware failure is the source. But the server is working several months now without errors. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTfcG2P41+pMevzVSAQLqkQf+P9JsNCWPm9l9G1FGqu4H8uBh1dc9zWkI U59Kw9vXIJTzeEnHRjKE07t1/VolekcnFIXL4FgqyWhaFOeoLKyKmf7/Js8A7lP4 nhQ9BoccKiXV3hcjrNhMq0wl8ZxzOZdN7Up/2XlgEvY6AXUiMBpUEsIXYI3fWbma W/cvEpBLwM7L58vBTpjX8nQ2a7nXJADQ2+o7zrTJ0hACDpnPIu25zsZ9maRXs4aG UkIDONjM8Ql/edPnCQAzioDRFa5nbm5BOMyO7TKVhdKq/V4NpAOInVVorWjkaUsH IhtyOh4Ug7YctItbHO5vj3xnMDLDsC8tYzweBgmWAeWDu3qARcadxQ== =z0nl -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] what are the different headers possible?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 21 Apr 2011, fakessh wrote: Hi fakessh, please keep in mind that MIMEDefang bases on a complete programming language with plenty of modules. You need to learn this language in order to get the configuration work in a production environment properly. changes made without any result: here is my code my $gi = Geo::IP-open(/usr/share/GeoIP/GeoIP.dat, GEOIP_STANDARD); my ($country, $region) = $gi-region_by_name($RelayAddr); action_add_header(X-Header-Country, $country); action_add_header(X-Header-Region, $region); I don't use Geo::IP either (as Joseph Brennan), but I refer to the doc on http://search.cpan.org/~borisz/Geo-IP-1.38/lib/Geo/IP.pm citate: ( $country, $region ) = $gi-region_by_addr('24.24.24.24'); Returns a list containing country and region. If region and/or country is unknown, undef is returned. Sure this works only for region databases. ( $country, $region ) = $gi-region_by_name('www.xyz.com'); Returns a list containing country and region. If region and/or country is unknown, undef is returned. Sure this works only for region databases. Things to consider to get the code going: 1) MIMEDefang only knows the numerical IP the connection comes from, the symbolical name stems from reverse DNS lookups, hence, I would never use region_by_name() personally, but stick to region_by_addr(). Otherwise you need to know how region_by_name() behaves, if you pass it [a.b.c.d] symbolical names for IPs, that does not resolve. 2) region and country may be undef, hence, you ought to handle the case the function does not return defined values. 3) open() may fail, too, you ought to handle that case as well. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTa/YUf41+pMevzVSAQKgJQgAiSkCzlF05CJK3SgmpYP3/PyrYoMTSRKv OirQwWPTFx/u5etPLls1zytUf4qM9k/NA47xgD4dVWgBH2UNhQQrqPti6MFA25Ro OLEUdXbF0opnV1rL9FEhmHMKU0KkuXIOHdVKX6J1YVLPRRWIM+dMTEIFEt2MpRHf YIbVhZ9k91sjrckrZalhXEvvv1JuQyoFseUhITA2SgCXpc/X13fLoRxmKKGJTDk0 Y15ynk4QKygMPeS/RmVUfhiH83zgPcJjMbE8PzGlIGKj559EmnJ2u/cAaFnAPDtV 7Xr7ryh4BAxyiwQ8QEGE5R9WcymxeiayCMbt6A5gBhQYN03T8k4jfw== =wfc1 -END PGP SIGNATURE-___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Rejecting in filter_relay()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 17 Feb 2011, Jason Bertoch wrote: I want to reject RBL-listed relays, but I also want to notify any genuine RBL-listed senders that they are listed, e.g: I do it in filter_sender(). Why not use the rejection built into your MTA? For Sendmail: I had the trouble that people could not authentificate, if their IP is on such list. And some devices are not able to use the submission port. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTV4tT/41+pMevzVSAQKxxAf/XI/dXqqxjdvSi3vYTxWPF0vBkh07O4FN 6YASdVtgOCBR+fuASWOTO2WDdcgbnK6iVoN6oksNM1ZiDgDukULZpadm3yknFJs5 HpKP0ztdwOgimk9BMM8uA23PXpIcyhXIuXns9IDCxK8C2/jVkFs7wHBM/pP85+hG K2vRvXIq+lpWj9AOgJfiw0qZd7o0Ps5Y1hArvOKOijX/WFRoFqt7I9916fiDn9IN xQVCShAfNg7q+1cn2qKo2HzLU1Qf3/u03NXrQeAUs8R5C7hYp6UO7iN57+e8KnBg qasRYr0lpbaDhEwUUBgqPM+kLqwOWEjnC+rQ9YU4lzIeJU9eT2+r2A== =GdLb -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Heads up: MIME::tools 5.500 has problems...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 7 Feb 2011, David F. Skoll wrote: I'm working on a fix; you can follow the progress at https://rt.cpan.org/Public/Bug/Display.html?id=65162 Hmm: Content-Type: text/plain; name*0*=ISO-8859-1''%61%74%74 name*1*=UTF-8''Something_else name*2*=BIG5''%FE%45 I thought the charset'' syntax is allowed in the first line only? Well, I agree with your comments to switch to (internal) UTF8 completely nowadays. I was trying to do something about it 2 years ago (I have a mail in the postpond folder from that days), but failed to combine UTF8 with the current toolset, because it is so heavily tied to the Mail:: packages, which are strict ASCII. Maybe a complete split towards MIME::Tools::UTF8 would solve the problem and MIME::Tools returns encoded names only. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTVD9lv41+pMevzVSAQKYUggAo54gnf/UGDcjVIqOglHGXuE3Rbk4qk4O 7MQqQz4k+FmU1NiBRbjU82HXVJX3/HQMV8ULSN+9FXpEv6z7U+Te962CCJGWpsU3 SHWLqtmnAZ0KInkdSsmXVCL0EJd90m9RPrNB3OrD3RwQG9cAKhXOS6Rnw00EWxCI qzIgo23780EXQI2IsEImLfBBR1EAtWud34G9IUjtmwSCZ4Xr1LWzJQwd22oPotMB xpKjcbXrCaV/qWOuTx1QCeyM51fQwjwZpg0WDsthsrtz1eLx2EtfkOgjpocRCRkx OoNK+O3xIgc3IRvAyxjgCOQwGLQ6imQxRgzq8i95q+CFxTaXndYibg== =mra6 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Multiplexor trouble
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, my problem has probably happen before to someone else: http://lists.roaringpenguin.com/pipermail/mimedefang/2002-March/009506.html If the error would tempfail the message, well, it's low volume; but the most problem is that the milter returns results of different queries to the sendmail process: sm-mta-ext[31396]: o9FB1Ls1031396: Milter: to=[existant-internal-user], reject=550 5.1.1 [non-existant-one]: SMTP VRFY: 550 5.1.1 [non-existant-one]... User unknown The error description is generated by my filter_recipient() lookahead test, that the addresses of to= and the description differ means that sendmail got the result of _another_ _query_ from the Milter, because the address in the error description is the address tested! I can also verify this by the log entries of the MIMEDefang filter, because the [non-existant-one] mail address has been checked only once in the last week and this had been an external mail, whereas the failed message was an internal one, _and_ that pariticular message immediately preceeds message o9FB1Ls1031396 in the logs. In the above mentioned thread there is the reply Do you run two multiplexors? My system consists of two identical sendmail-MIMEDefang instances, in order to reserve a certain number of slots for internal communication. Each sendmail instance has its own socket with multiplexor / mimedefang chain. Messages from external sources are remapped to another port by the firewall, the internal communication uses the standard 25 587 ports. This setup runs for years now. I use MIMEDefang v2.64 on sendmail 8.13.8-3 / Linux Etch. (I know both are old, but I do not see anything in MIMEDefang's Changelog, which effect may problem, maybe: v2.68-BETA4 * Fix a really stupid segmentation fault when handling multilinereplies.) To reload the filter did not changed anything. A restart of the MIMEDefang stuff helped for some time only. I now did a reboot of the whole machine and did not see the problem again for about 1.5days. I do see the possibility that the reboot did not helped, but that the problematic message simply did not returned since then. I also do see the possibility that I have bad hardware, e.g. a RAM failure or so. === Howerever: I'm reminded of the problem with the socket map implementation: http://lists.roaringpenguin.com/pipermail/mimedefang/2007-June/032936.html esp. I wonder about the first line in the logs below. Can the buffer limit hit in different situations as well? This line looks like a part of another one, as described in the post. I've seen the following entries in the log, before this first line, there are only errors no response from slave: Oct 15 00:10:47 ux-2s14 mimedefang[27529]: Error from multiplexor: .10.2010%2021:XX:%20IP%2087.230.54.44%20with%20name%20d [cut] Oct 15 00:19:27 ux-2s14 mimedefang[27529]: Error from multiplexor: ok 1 ok 250 2.1.0 0 Oct 15 01:20:51 ux-2s14 mimedefang[27529]: Error from multiplexor: 10.2010%2020:XX:%20IP%2087.230.54.44%20with%20name%20ds87-230-54-44. [cut] Oct 15 03:04:13 ux-2s14 mimedefang[27529]: Error from multiplexor: ok 1 ok 250 2.1.0 0 Oct 15 03:04:23 ux-2s14 mimedefang[27529]: Error from multiplexor: error: o9F14CPl015650: Cannot mkdir(Work): No such file or directory Oct 15 03:05:49 ux-2s14 mimedefang[27529]: Error from multiplexor: ok 1 ok 250 2.1.0 0 Oct 15 03:22:00 ux-2s14 mimedefang[27529]: Error from multiplexor: error: o9F1L5Vj016810: couldn't open INPUTMSG: No such file or directory ct 15 10:45:45 ux-2s14 mimedefang[27529]: Error from multiplexor: error: Cannot chdir(/var/spool/MIMEDefang/mdefang-o9F8jCIw017949): No such file or There are corresponding errors from mimedefang.pl processes, which process IDs never overlap, meaning, they change over time, but are never interleaved. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTL1UDUgddVksjRnHAQKUfAf+MUps99Xr0wmF1TH1bWf8iZcHXZ0wec02 moYhUPD8xF1Zg2/oP9qwYYF3/Jl468IoBxZEDJJkRiJVURfRCtR2kuUJ0F1Sl4i/ v6TzNL1KIaOW/POs8/8kygNRURpk0cW5lZiDgjVk0TzTSYUkCsOE3p6gP+2hr1xe pvOCfwFTZqEq/qYV/8NFbfQx5Iq7ukKd/pWgEH+IFtVBzjU+ETmguOzHeqjgS2Zu btfLukE7bDjOqoMjzikM8+wBZLD5s5FnYy3eZtWjAb4t4uWy+MeUM7G98jfupb2j V1H/WQXKJrhV4Wp9X0uylXzkNUvlSzz1LxXyaiaWs+nfY78IWzOdGA== =tjLg -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Good morning to the MIMEDefang
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 16 Sep 2010, Stefan Schoeman wrote: Starting mimedefang-multiplexor: /usr/local/bin/mimedefang-multiplexor: Unable to chdir(/var/spool/MIMEDefang): Permission denied [FAILED] What about: + extended policies of SELinux / AppArmor and the likes? + permissions of /var and /var/spool ? /var/spool/MIMEDefang is owned by defang.defang and has mode 0700 ? If I su to become the defang user, I cannot change to the /var/spool/MIMEDefang I realise that this is probably an issue with the updated sudo package, but does anyone have any recommendations ? su is not sudo. Maybe there is some problem in your startup script, did you traced it with set -evx ? - -e = stop on exit code != 0 - -v = verbose (print before expansions) - -x = extended (print before execution, after expasion) Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTJHlr0gddVksjRnHAQLAKwgAlmf7jtFeGDJzOWQ5ydi72Dana2YLk0WS Kvl/B12v5SemvWOkSqNiwfF+0mqB0whHeDcfo3mBvg2zfBv4356g2Q59w2bPC2hI NMTb8nAXkXnZyUYja1kVWOmtmzhUA13RsLj26w79nzN7cEURngKuU/hDKagV96/S /Ap8BVk+uWXV3A0YdQNr5uXvCg4hAtC4WSyXN/sv9i++45Mq2/o0wyXqIA06JV8o x6cpiyXdAXxV7fxS+KH55Gr5kIPsrbKVhPuJ9P2CasSiQZ/NSXIwL1RN25h9EeH2 gRNUdgA4/Yv2OCtsdmvQ/OYKuRU/82JZ1Da/TILkxO+NDpUYdhFEuw== =Gz4v -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 31 Aug 2010, Jobst Schmalenbach wrote: How can I make sure I stop EMPTY envelope addresses but don't kill return receipts? I know just one: BATV Bounce Address Tag Validation there are probably more than this particular implementation, but I mean the idea behind. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTJHqFUgddVksjRnHAQKcfQgAwSViRPKUbGviSVz7R9Loh1NszmDPlcJj qDEDcBGMBKX33LR1gacrp/3Q2h4KwrVqKThyY1T0q01KREyif1fSmtOJrTi5BQ+P DIPV5qEDHUH12o55LOWJOZ8pD49rCuGDc2fl+Igu1yvP9FDeBDb5rrSZByKmXX2f ZFTDAwHgWvN6qu7w/rCtpRgUbRmvpycA7h4Wg32SJcTk76QNiDnj2CSFDcJ2lE9i JKGzxut9Hr5Yxe0Q9IpY9LdH/Fx5e7L44DcSLLe7cbthdN5BPjpgqc6YPbAJiouJ Og2WqG2Ieg/8nh07AKJ+9jRm15c4PuSR3NYRBe50Lwz1ErGQYQB9hg== =h4Hq -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] suspicious characters in headers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 12 Aug 2010, Fred Bacon wrote: of Allergy and Infectious Diseases. I can't see anything which I would consider suspicious in the headers listed in the quarantine message. Could someone explain what constitutes suspicious characters and how this might be circumvented for these messages? Is there any control over the algorithm, or is this a case where I have to turn off this feature completely to avoid the problem? See mimedefang.c safe_append_header(). Suspicious characters are CR ('\r'), which are not followed by LF ('\n'). You see that the function does replace those lone CRs by a single space. Others might interprete this RFC-violating fact as LF, hence, there would be another header that the MUAs would parse, with many implications. You could try: 1) tell the sender that the message is malformed and point them where, 2) rebuilt the messages from the gov and reject the others. I suppose MIMEDefang uses safe headers then, but I never tried that myself. I had the same problem with a CVS check-in announcement list, where the Subject header line had embedded CRs taken from the checkin comment, because the software interpreted the comment in Unix-style, but some clients uploaded Windows-style text. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTGTyGUgddVksjRnHAQLqSggAhbK72NaYX/4IOjPr+fGiVh0iTzaSJcsW 4hNa0UEI1tP6skTYN4LEw/6Ike+yC/YeEe4Dwat1Jhi/PkOL9FxdIzrwe18LdHvf ztsnfBATpH2Hp5iPa+xTsfuIVgCSexOmbA61H6yMq50WjZdhim7TqWCwgFE4yJwp i7GGCHwI5pP6O9q6rjVNI9xSv32Mepz7ewXYd6TTgCZFn9kp5N37JJWK/OWFjKXc GuKOwZvHvB6dAizBYcNrVVM98l20OQ5Iqo6V235v0XpIbIWfumnlbZW4jNjayIy/ 2jDsmr9/lTS7CbFylsZ1CkFIRJHZy2QdnUtt00RqNFf2tGtRNXJq8A== =QFLZ -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Bug at SA website: SA 3.3.1 - Is local.cf read in TWICE when loading configuration files?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 9 Aug 2010, - wrote: URL: https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6481 Could we make certain that MIMEDefang isn't the cause of this? Thanks. How do you invoke SpamAssassin in your filter? Do you have these settings in /etc/mail/sa-mimedefang.cf, too? Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTGENBkgddVksjRnHAQJ4zAf/VLSVMOR6HH0psztfjZ5ZEfq004QOVRDm +qkQcOpx0sa7TabUUsm9WPZoWSCeHpocXG5IZzpTEDhIHJyOaiWcZ2xvlnQsy6f/ a795WgbrFzEvPcKCuwXqrVfKmY0I9W+e18RDVR7Z8En3TMR0KOiqwveISAt2tI/e fr6OY0xFK1TkWHmrENTu+KgIHX2eqsdJ/1gWmCX3B6gYMhi0Yzcf7FumgXGVDa5u CdYjEd/p0royHd/2Wertl0G8iRPZtQ43h6nfeJf4nupQZdYJvxpIejbhTKpeicYR ionjWHy1WK5KwLq4uKaxlPGrW9tmQ4XbFZNIqAIxFf9UWbyF5bXR1g== =Xmuu -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] CLAMAV: pid files, sockets, and init scripts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 2 Aug 2010, Gary Funck wrote: 2) How does MimeDefang deal with the situation that clamd socket file is deleted by either clamd when it shuts down, or the init script when it executes a stop operation? If you look at entity_contains_virus_clamd() in mimedefang.pl, you'll see that the socket is opened for each request. 3) Per the bug report above, the clamav developer states: clamdscan --reload will reload the DB, and so will SIGUSR2. There is no command to reload the config file, which is probably what the initscript wants to do with reload. Is there a Linux/Unix guideline that states something along the lines that a init.d controlled service must interpret reload narrowly to only reload the config. file, or is it acceptable to also clear caches, reload databases, etc.? http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/iniscrptact.html reload cause the configuration of the service to be reloaded without actually stopping and restarting the service you are free to argue, whether its databases are configuration, IMHO. Same for to clear cache. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTFe8sUgddVksjRnHAQKtFgf/fHoOUBvra9dA864FEjLms/0bOgyKHqJV HFSiVUJfrtPn60bvWtnDZXkx8rxQhMR5iC7iH//4cKa1Wl3U6tzXAwPlwl5DaLkd f98jeVssvIOg1mMBYhS8yythEOKz78k60CcWH76q/BYvbpYdYZJUGX1UHHvGnuB2 fxTPNjf5bPc9rM0wbGFtRECUXtsTbE9ET/gO7ENaMkLwgNnUuusXrujZn60nDt4j s+wWzw2QTlulgfVMaLXfcWck92kon+4ZjU1/Wecl6scP2nxLglgmA0QSc7IpPmFN h35MUDio50uEdZL+QPLH1byLbXt2KuMT4vvM+Iui6/+m1FN2Pvn4og== =aaLc -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD and ClamAV
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 21 Jul 2010, Jon Rowlan wrote: What would be the preferred and recommended way to use ClamAV with MD? None, I guess, because it all depends on your situation. They both need to use or have access to a .sock Not only that, they need to have access to the same files to scan, namely the spool directory of Mimedefang, where the Work dirs are located. So should I run Clam as defang or change perms so that both Clam and MD If you use ClamAV for Mimedefang only, I would recommend the defang method. It also does not hurt to relocate the ClamAV socket into the Mimedefang dir. I would really like to know others ideas of how to make these two hang together. I guess chmod 777 is not a good idea :-) It won't help scanning files. IMHO, you can also think about running ClamAV as root, esp. if it is a dedicated server. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTEfxGEgddVksjRnHAQKdrwgAo5QmE8tlmTBtU2PV5emF3rrjgjEA9Br8 4rlIFrVl36HaRUMZbNrZY6ARFPHttSii1xo3w4+vvrVwDQsAK6947hJLQWyCQdrt zaHhruwPrpz4e9dzKgjpiShRMQHMxTJKpaszidoibWnyms7ijhYijd0z7IVTiS25 UEVnG9siSaE2wZRQjXKi/sFgSpYiU2xfpHcERjCq3HitiM6izdYiDfk8aDU1TLhU 0VFsbWh/glPlt3jUestyt95UkWFhH2y9PPU6qsMpwLq+bP5izE8CNd2ee62d7EoE f2O3IP7KXyci3TbpjK46WRpRWuXwyCW6DuDo3mA8L6bfEspJnb3vYQ== =KGK6 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fw: whitelisting in mimedefang-filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 17 Jul 2010, tonj wrote: 'appears' to be working (for incoming mail) but all mail outward bound is reporting socket error. In etc/sysconfig/mimedefang I did MD_EXTRA=-t and this is a snippet of my current md-filter: What is the error message? And what has been logged before after it, because this info is related probably? What does outward mean: originating from localhost via sendmail binary or via SMTP? sub filter_recipient { ... { return ('ACCEPT_AND_NO_MORE_FILTERING', ok); } } The sample code in the man page includes a default return value. I'm not certain, whether or not that is required, but I would add it. sub filter { my($entity, $name, $ext, $type) = @_; if ($type =~ /text.html/i) { This test is quite open, although it is less likely for false hits. I would use a strong test e.g. lc($type) eq 'text/html' or anchor the beginning of the pattern. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTEaaeUgddVksjRnHAQIZhQgA05GJIqhNhjJ8YBKVMREznWEkzAp/mjUx jrjGgUaTg8o9GFKZmfFAu3woKi+X1XCquGPPylvAckh+c7kfH8lCthWSfTGAh/Uj wc6MKRHBUJRNuB7pySiR0NtmfvTSa7d8edJcojl4uOQ+/4GYNioSmSfQT14//25R U+coyeb/GmOqhnjDgeM3ZNyphTAPtc1UBlnU+49bmWm9HPlkVYg1HtNG/iaKDOv6 gTEaVR1FCgkSgMcIrMTxn6iD+zWxjfMVBLUVJ8GIgV9ddecI53Eafj03eTCtyT6B BEXwaRkruU8KeIpgSZ5421lEIvsbFgy/A7F/OgWoxEX3qH6zvAWHMA== =t4/C -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] whitelisting in mimedefang-filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 15 Jul 2010, tonj wrote: sub filter_recipient { my @senderparts = split(/@/, $sender); If this is a snippet of your filter, your are missing the function arguments as explained in man mimedefang-filter sec. FILTERING BY RECIPIENT. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTEAGekgddVksjRnHAQIeWAf9FiGwll2RclpHsw8lXAK2igcFSojEZFPo fpDj8KFRPXIydti57AOoseCONvp6RDFV+eH0K8owAgXwHM5VDcy48MB3lQKkCtr+ TzZ05n/9IDoZVeM9cxVnkmSR9PRh4WiKwCRRuREGzjyWYjWdVEDjxDNow34UFdD4 0t4fgN6iF26nhPamP+wAPNqVKO4q7ux7O0iQE8Q3Z7gcMDpDFm3cq8CToF76ce5r Z1siI6y34LX0Rc7fZZnV3NDVw0a74h/4aBD5IOb3HnbQkNK0sEo1GFmWJ14r7Fom FIe2FqjBu5czt8g7iCaCzTTjQGdmTACE/EKSH3j4JAbPDAJVN49KZg== =vLQr -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] whitelisting in mimedefang-filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 16 Jul 2010, tonj wrote: If this is a snippet of your filter, your are missing the function arguments as explained in man mimedefang-filter sec. FILTERING BY RECIPIENT. I went through the md (pdf) manual both before my original query and again now but I could find no reference to 'FILTERING BY RECIPIENT. Maybe I'm looking at a different manual to you. What page of the manual did you see this on? Er, mimedefang comes with traditional style Unix man(ual) pages to be accessed with the man command. They are more current than other stuff, maybe someone generated a PDF from them. Also maybe, you are referring to something different. The example of your post: http://lists.roaringpenguin.com/pipermail/mimedefang/2010-July/035846.html leads to a PDF: http://www.mimedefang.org/static/mimedefang-lisa04.pdf which contains certain slides of a speech of LISA'04 (http://lisa04.conference.usenix.org/cgi-bin/lisa04.pl). Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTEB900gddVksjRnHAQJf7gf5AUBjD0r7lRBS9uyezpEiIINrhT2U9HP2 KBVd/YZe4TjttOkUgoqUfKgNtKnAAfYAKhXDWV/GPfhreHZB/Klbz/a5fWN2UH0Q An95NRl8N4SeI08g1V71ytO1vANQIF5sV4xGTMunsEfz0+pLZhxCTSN0VZtzJjOt ZUotAZY1bSSMuIKNHVd+KG88vLxKGHbU3F3vwZMWCiakmshCHWpYUYPsoLYu1VV9 6jC8AXwrLg/OrWH6oJ3rpaQDST63kc9rL8IGO/VEMbQgo2wvNyaBTRAT3+pDs7/c MkoPmSG/KQW8KgrXiJh5UXhHTAShxtkPMrXbA69XZqeY3nrox6L/WQ== =CsEE -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] whitelisting in mimedefang-filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 16 Jul 2010, tonj wrote: Remember to enable use of filter_recipient in your startup files and/or ! config file - it isn't enabled by default. ok thanks, the only config file I'm aware of is mimedefang-filter, is that the config file you mean? Paul means the startup files, usually /etc/init.d/mimedefang. However, some installations separate startup script from startup configuration, maybe /etc/default/mimedefang /etc/sysconfig/.../mimedefang. Actually, he means to take care reading man mimedefang and make sure you configure your startup script calls mimedefang with the correct options. Regards,. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTEB+3kgddVksjRnHAQLW7gf7B4iTB2qbxNnOQDI/s0Rx3HTtdxXp+8Tp wFTSXi1tHQsaATr3hg85rI2EIMKZV9Oru8UTG4T6njSXNWn2Ftnik0dOYhKtWnq/ JjbSJaZeptwjTPzkPZEb0Yy8GhGvqVgN4WVr1S11fjngg4qI3OMdXEDRf+RwyQBt WXZudtWOE18C2E7ap6y3Cygt7+lMr6IgLk5HOyjdkmgHE1fFndd0RDi32++8dqI3 UI+u4ojY3PC1tIcirJgIfRouZeDQql8m2geOKar+iK2FIrzJSPNw98YuItNmoMPx jKLORdoaX4qqGODWyTjG2qKJYouGXVEOfuDzXx8O8m826ITQ9aXxXA== =vBC+ -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Scanning for objects embedded within M$ Office attachments
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 6 Jun 2010, s...@yacc.co.uk wrote: My first reaction was that it was simpler to let host-based Anti-Virus deal with this threat, but then got to thinking about all the other I let the server-based AV deal with it first. The host-based in second. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTBjgekgddVksjRnHAQKlPwf/W8TeDyRa6dI/666nBIZzRWAo2ZPmQ3Or DqbqrTna83yX+dqkoADOg6ucj3BN/Vi88F0tMWgpIBqSmjXYU6F86PM390PuoK3U oyY4uCyQF/vZe2KvbCsWcivWh5ItEtXFvKp/DM4hUduRJGZtsLu0e2RtZAAd+NOo 9OU4YEw/lLJ4ogUvPmFWvWgjWhuuZ2zx+hG2UEctOjYkoTshhIzeqd0StTBIbMLc ptp9O0aAz3fzU9UdzvkgCeYqqvFWQWTCmsYOQo0NNgSRgm75JRHfJn5EGNF3Lo32 o61txL8h88uGKp60TqgWGQ0FLZfeuYdC6N/ROnsOq+tv2z+7lA7BIQ== =egTj -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_drop_with_warning error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 16 Jun 2010, Shridhar wrote: The message it throws in the maillogs is Jun 16 18:35:39 mail105 mimedefang-multiplexor[9973]: Slave 1 stderr: open body: Invalid argument at /usr/local/lib/perl5/site_perl/5.8.8/MIME/Entity.pm line 1863. Jun 16 18:35:39 mail105 mimedefang-multiplexor[9973]: Slave 1 died prematurely -- check your filter rules I use action_drop_with_warning function to drop the attachment. I also tried upgrading the MIME-tools version to 5.428 but with no success. Well, check your filter rules is the advice in the log. show them. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTBjhHUgddVksjRnHAQJntAgA2zNRyqf5uiSQrt9OFKiZUsIXCHtzuX1w ptS6quyQI4zznSZ8so8y7dVNhcPnbJDTGKPfYzBFnQS2KbmGG38mYQ7o0EwFB9Dt 7nId6BIhNyf2weG6A2ARBbPq4zVi7hUq5WL7KzarD34bi6rSJpuNV9GXsqb7gjR2 6si6mALtwQWym0kXtn4Jq0KVWqN2/fONWv5uEJtjjqxdAgg8LP7gvyjTo8u5Hydb jLhHuxEsFvXs1m6YRrRZSdIH3v6tU16MHbx0dyMUnWkOSY44AvLNQmb0WCdQHdYY I6RecLNdlzpCIdU6Lh+vprxUGAYdQrnT/MBvKRz65OtUdoOYKhLvJw== =ZkWG -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mailing lists, ham, and broken MUA's
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 4 May 2010, David F. Skoll wrote: If you run a mailing list and you want everything to be in English, just outright reject messages with bad encodings. (The MIMEDefang list rejects HTML and I haven't had many complaints about that.) Well, I do understand Philip partly. I operated a list with internal members as well, where the character set were scored high by _some_ recipients. Although the message text was plain English, but the signature, the sender's name, organisation header a.s.o. sometimes not. There had been training on both sides of the list to get the messages through smoothly. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS+EgG0gddVksjRnHAQL8gQf/WhGBTSjl/T35vbmLtOHvwnbNU5pRi7r0 z8La4KuoF8JAYfP1amNRJsOAgUTd3unVcFJIgtwnPRmzwUq3nps9P8Sonw2WrFcC 3OBdcnaw/WDJzpsFmgW0Eiv4tRHoTtKxTBy78B0Yz/hj+8w9qSTf327eBfHU9DgB d7mWL01bE7+IsOoofmvfOKI4SONna7HFIOiUe4+se/VniehRzHpRTvjGWttrHti3 YV/r2JhekvQ7A1eO9Hr5tqMxYOZWUVzkn/pesuaQkAb6H4vLFEkTBkSyIGb13BvZ B6h0OR7hE9lT8tdXvsCfx4MHXI2i4aAyYbU+g6E0UnetQ5/RwXS3Aw== =0vde -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mailing lists, ham, and broken MUA's
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 3 May 2010, Philip Prindeville wrote: The problem is this: the message will be intelligible to English language readers, but it will generate a lot of false positives for mailing list recipients who aren't expecting to get non-English messages (or English messages encoded in anything other than USASCII, ISO-8895-1, or UTF-8). :-) If the message body is Content-Type: text/plain; charset= should it be squashed down in the case of mailing list traffic for English language mailing lists? Nice idea. To make it really work, you should exempt the signature. Meaning, there are people using their native spelling as name. use Encode::First qw(encode_first); my $encodings = join('ascii', 'latin1', 'utf-8', $oldcharset); my $encodings = join(',', 'ascii', 'latin1', 'utf-8'); utf8 matches always, IMHO, but first you have to decode() the content, which BTW I found problematic in its own, that's why I'm using a decode_first-like function: try decode with supplied charset, then check if it is good utf8, then decode as latin1, which matches always. That's the same with your sequence: $oldcharset will never reached because you can always encode to 'utf-8'. my ($newcharset, $newlen) = encode_first($encodings, $string); if ($newlen= length($string)) { # use $newstr instead } This check does not fit, IMHO: If you have a real, 7bit clean ASCII message, it should be the same in any other multi-byte or 8bit encodings, because they use ASCII as bases, don't they? Your goal is to hide the Asian charset for English messages, therefore I would use: my %goodCharset = ( qw/ascii latin1 iso-8856-1/ ); if(!$goodCharset{lc $oldcharset} $goodCharset{lc $newcharset}) { # replace body } UTF-8 does not do any good, but hides the Asian font :-) Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS+AmW0gddVksjRnHAQJftAf/a2SNUOSJgVn8vGn19WTvNO4EwdCvOkSG zHEVFr0oegd+/URgGcS/Sl4lZhIx2vuXXLZQu4bnMTFHcpZiJLTqd1xQupMGsgP6 V3TVNQ2mzUdz755Eh+QAxuMgAtxvlMzQSobOe89X8VfVr1pEukau02HXYZfUPNs1 zA77B0FGQfcCcPK4VwiHNT2nImgCySvVTLRR9LFM+sx1Jz7/aw0TwJb7Youm1ejd +hfi5F6PosQHSVxz0CALSg2Do6zvQR64+KFrpBvXdgXar9g28eVjnu3disdp6w49 Z1x9tg2Fc4PskY7/uthbeH05OGmj89hPzVSbQbkTwuXNYyt50+CB4w== =XADR -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] AWL and local.cf - cannot create lockfile
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 5 Apr 2010, Gary Funck wrote: Both /var/spool/MD-Quarantine and /var/spool/MD-Quarantine/.spamassassin are owned by the defang user. So is the autowhitelist DB. But the pid file is owned by root: $ ls -l /var/spool/MD-Quarantine/.spamassassin -rw--- 1 defang defang 12288 Apr 5 13:41 auto-whitelist -rw--- 1 root root 6 Apr 5 14:14 auto-whitelist.mutex is it possible that you run a cron job for maintainance and this is a left-over file? Or do you run spamassassin for different purposes as well? maybe the server? /var/spool/MD-Quarantine. On this mail server, we don't want to run AWL under mimedefang any way, so I'd like some tips on how to do that. Disable AWL settings in your settings, maybe the global ones in /etc/spamassassin/*.pre Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS8QuCEgddVksjRnHAQIVxwf/QjJc9cr2MF1eJW4H6xn8WCzkbdnUjZrK ejh6HYmkWMqy53H/Zc1E7t8CApg5SBTJODUKYfKjnHz8XNR/vqgj1l8wQIz7fHvq OqJQG0EFqYDja9ZvcKya5DFysh6b9hBjK3QCHGyBkkf9rDroh0DNYjZTovwyOd8O o428OlJmZ8qBbRk0vw+lkF6gqhhjEicIHfoBya1JV0bYiqj2jpRhl8lpz4RyaQdD /VwZZUdJO7x150wCoLg62GMExPM9xZpRXcQKhVbNvhqzYHVbVGklxA2SCrGodO0B piffNIiiFxw8nD6FKgjfqosOTvHzvvpjqjfBrCzTn5ldr79LffdFvg== =4RQZ -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with backscatter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 22 Mar 2010, Jakub Wasielewski wrote: It only occurs on backup MX server (sendmail 8.14.0) who checks for valid recipients using md_check_against_smtp_server(). Why does the mail hit your backup MX in the first place? Is the primary server offline? The problem is that a DSN message is generated and sent to vic...@email.com about message Did you verified that the DSN is from one of _your_ hosts at all? IMHO there should be a: sendmail[pid]: queueid1: queueid2: DSN: reason log entry. Can you verify that queueid1 is the queueid of the message that entered your host from outside. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS6noQUgddVksjRnHAQKMzQgA02u0r6tV1UKvINnBu7ZNwF6FhmX4T67p 2sKjz6YCF9My9S9I0TGuDG2dEd1XbprKwv8/O6I8eHYMFEDIjQUpOjk/aoGuGCEs M6Ukf3Gm1d0aq0Bra8KVONPJ3IwwsTo8htQ7t6vFzDw3eGoOQAo7JwLssYPxb2tc ZUUrkXjC77cs+pw7/PH/c+4N+ugOnvp1lFKIiJzx2V7VMS+SdajLy8YGr9X6V8/q ppYVvp5fpzFuWsssugaAqp/2fD63Pv/Rnv/dukKDFOLFjznOAYamtAkvJTobVEvx ikk6v9T6jpmVk/9gtrJ/ynkzt9yY6MTHGFT5n5wPxcbAjlNl45374g== =DAPY -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with backscatter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 24 Mar 2010, Jakub Wasielewski wrote: Why does the mail hit your backup MX in the first place? Is the primary server offline? Well, we are talking about backscatter done - in purpose - by spammers. Why do they connect So, do you need a backup MX at all, if the primary is online? sendmail[pid]: queueid1: queueid2: DSN: reason Yes it is. The reason is : User unknown: Mar 20 04:54:18 [sm-mta] o2K3sEnS001039: o2K3sInS001048: DSN: User unknown log entry. Can you verify that queueid1 is the queueid of the message that entered your host from outside. What does the other log entries of o2K3sEnS001039 say? Where it is from, which relay, ... Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS6oq5UgddVksjRnHAQKNUwf/TFt1lPe28vMJ3L68gOCExLeHl04pFtBv cjKIU5F+1ofH59mwwjVOZappQ/mqvhBo6EQoyWCR2WilaaQRfO0y6EaLsdY2hH93 WxWn1XE/36aP2pjcoE8u2+L7dOV+SUmsxixhVEVtJxlzSruSOycalE3bYBz7d99V 3VxGt7mSg1/M2fS6QkXscVl4FuSbOwmSn4Xop042b0mXLwKusqa7QG8m1c9ziSEe iIyEXpgn3KUc1w1ODkSJf5nbFayGg9tAbYpcn/ZUiNYZR0099U5M6lBEGe8ysnJg jvUd02IUxxIoReAljptIVX7zAFIIoaqUkAA9LsmMBJ4Z+byyZ3xqlw== =41P+ -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] blocking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 26 Feb 2010, Salem, Hadi (Hadi)** CTR ** wrote: I would like mailter to block .exe mention in the msg body. Look after filter_bad_filename() in the sample filter Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS4ebSUgddVksjRnHAQK2vQgAtD63JoQJvj8JfiFdl6q87CGXh/1Fss5N OLk5vAYFhF1e5YLWLm+szbunycffTLKUHuhoalpsdjsZcfYcyY4HMZHN6d6nrCfj NoY6PZxp5gFuJCe2++83Q2MO0VDVHqKnj2qmerf/Eol7yBO+JxxZORg4RIZvp0nQ nZSkuvh0lAKS+5aDN1kjXVmDiH9+NwN6QoWr5hJi+aURCsEAuzk3BAocHg31ZJes GAU4O355i60A0IVteVb2NOCcsSxqna+AT8MqFvVeVfizrcU1gjdXxjXcxbcnnwrj kMF/ATRQhrm1AXekoxQ2aFmxSq6E7lJ2gLm64kX3KEQcooDjnnWpLg== =ojRr -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] check for null SPF entries only
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 24 Feb 2010, - wrote: Why are you using Mail::SPF::Query? That package was depreciated 3 years ago in favor of the newer Mail:SPF, the latter which handles other cases such as IPv6 entries that ::Query didn't understand. Because it looked easier than Mail::SPF, when I checked CPAN for SPF modules, and works for my needs. You need a SPF server object, query the result, but the record is in the original request. It also looks heavier in regards of ressources. http://search.cpan.org/~jmehnle/Mail-SPF-v2.007/lib/Mail/SPF.pm This is the fully RFC 4408 compliant version. This is actually a point to consider, because I'm also interested in Does somebody know of a SPF implementation that only checks for null SPF entries, aka v=spf1 -all? But does support, probably, TXT/SPF RRs and v=spf2.0 as well? Anyway, can I simplify Mail::SPF's checks to just take a look after null entries? Probably the max_* settings, let's see, ... . Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS4adL0gddVksjRnHAQKfnAf5AfbL8pXfQmUxY0qSZpwjEKO8vy2KKr5A FEwnc3cWIhbza980MsdNhwEJLVRy5ud/Wp602szEqgQR4oNHW+j4ORKszs8wdeT4 XVxxf3IGR95vyX5ECXbYjNUbQARVLYJw6Hp5ydAEjvGt/bYagzX9MsnkItmllqkD aggwrgscrmbRSMgEZ/F183X+NkMSTNFup5HohGZ8zEP5Pz/yexKPe2HarmAkZzwi 8b/xvMh5feQp1mP12MnV29v6iJS0q9k41CMnVMkCBBnuDc9vkM1z/TAs4VYWydoM 0fFLAi9UBxSt2DpLV2k1um+4aNE8VIarq29b+r1hmsFoA14IT5Vo8A== =+T6V -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] check for null SPF entries only
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I was logging SPF results, basically made by: my $q = new Mail::SPF::Query ( sender = $lcSender, ip = $relay, helo = $Helo, myhostname = $me, ); my $r = ($q-result())[4]; I noticed that lots of users have forwarded mail resulting the query to return fail. So I got the idea to not act on fail, but on null SPF entries only. E.g. to bounce the mail only if $r-{spf_record} =~ /\Av=spf\S+\s+-all\z/ $r-{result} eq 'fail' Does somebody know of a SPF implementation that only checks for null SPF entries, aka v=spf1 -all? But does support, probably, TXT/SPF RRs and v=spf2.0 as well? The idea simply is to avoid unnecessary DNS requests, recursions and matching, because there is none, except the SPF / TXT retrieval. Maybe somebody has some statistics about the impact of complex SPF rules, how many are there etc.pp. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS4UypEgddVksjRnHAQIPZAgAzEHiV09p93Ggh2dgWYAn483Guv85jRFg rZTrVjH+tv1+RX4+UzvVwhbqdZGlJN9nW0X+GriwqgTfjLmEqnw85QU+gTXG6d/q kfXxC1RALhovK3959pPKziszGyAC+JeNrCrpzVbu6Jh+Vy0SV2Hv2YzNc8AeK7gl RkQiJ4Wma6nD17IMLEH9i71aQHZw8nVab7pVfYnUjeCHuXNC2yT+ybdMXIPKcTXE mNp8eEU03d1FneHz68b0mM3yCOzRfv2elLKZd7Wl6cGxYB5n/+Eo2xLkiiJg8f/+ PaszzOXLKZaiqvqBsA2XFCiVGHIdSRaPNMl5Q5sM0k+gPJMdaBGM0A== =NORM -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Recipients after aliasing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 18 Feb 2010, Joseph Brennan wrote: @Recipients has the envelope recipients. Do we also have access to the recipient list after aliasing? I had experimented with the EXPN command of sendmail and cache the result, in order to speed up future queries. It worked, but the processing time of large aliases was too large, because - although the final delivery indirectly profits from the first EXPN - the recipients are checked twice. I did prefer using EXPN over sendmail -bv, because you do not need to run sendmail from command line and I had the subjective impression, that EXPN is faster. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS35F6kgddVksjRnHAQLK/gf8DFqOFM0elhZ0NupM5uhzVOCEncTsxKl2 mbBcc43VgiMxfO1OiljDJMtohXSAF/xoJkA7IshMEZacitZdWrJG/1yORuCLswcU onCq9cmJUYZA2QFAHt2No7K4xAQS/Z3KY6aa+XhwZkhOjDQxf47hiI7vNq2rcjkW s5HnmlQIgqsI5u0P51of2+Gv/CP5nRdoSRWzNXFQg2ey5D3HFyu+2HlQWCiHI+WN Y9eUhoGnOSfUizHw5FTl8w0uxca+ROL4UJTr/HMpgrS9KooEY6s8MyzkVAc768NM EYYeUnp0pl+PekOLdg1tY83Y3TAcMltfT/lXeNNudxB+nhMXbuPO0g== =5xyn -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] attachment alteration question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 15 Feb 2010, Reg Tepmongkol wrote: I don't see a duplicate function or action, what i see is resend_message(@recips). Can you elaborate on the duplicate function? Or maybe i can change the recips address to junkmail, sent it, then remove the attachment and resend to original user? resend_message() sends the original unaltered message, hence, that what you want to send to attachment. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS3wNW0gddVksjRnHAQIrqwf/VdQgIujTlGhtFTlJ1gdV4Swlg6+QDFuD Ikq3idtXMjH4zs7iWVJrA68e++XtzUJigfzFHht2082gq7lnc9GtSCLupaI/+S7p Xfhzb73CmDgRmQX55DJarCEAgi7WwqWSRyewN/bqczyLkdMDXfpQjSUJ2A0gMwVf IkXl7DUzBVqkFZsgLSTrXCBIwoctw+nOz30/TUtDSc34nA0WH54B4NUqck7V8qNw XqDhn+smY9ttiBdu4q3IvaAQsyoQJwv/YpRr6SjPgJI9c9LjCNAQ3xRMgpFKmyYI JHw/WK0SHqt7bYYd06Qzj4nRsp6BLujD7TdXUQihYFCCHIDDtRuwhw== =2jtA -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Enumerate Email Address parts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 3 Feb 2010, Brian Shallenberger wrote: Sender email address: j...@abc.com Need to get 'Joe' and make the recipient's email address: j...@abc.local The abc.com and abc.local will not change. The purpose is to archive email for each user to an individual user account on our local server. The only way I can see to do it (with my current my $rcp = $Sender; if($rcp =~ s/\...@example\.net(?)$/\...@example.local$1/i) { add_recipient($rcpt); } - -or- if($Sender =~ /^?(.+?)\...@example\.net?$/i) { add_recipient($1 . '@example.local'); } - -or- ... (You know, there is always more than one way to skin a cat ) regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS2mLF0gddVksjRnHAQLvaQf/XbOS9e33R7S7T1fL+zmyYMSfsSlBe0UQ BkDQcE9an1ZvNBrfKo2+admURNrkntvsSmNmcwbwgpQ3vqRvRfxDMp0XRQ/DENWL EBBqCX9NRwyF5GkWX94GIX0RtSX68ioDtB1DxBHEK2Cb7uWG/+UusYmpOaQfzI93 1L2gD/ddHJxgDxbkUXuptNTBNRwwizhqFJg8VQhv8KjxxW/OMcfzmrcor1zpiAuL 6EA1/dAA0kcJ0AJF3o/1t814Xbn6I4QzCJgdxQaI7i66unUDqHCPSid6V42Yv20Z KscrzhZF9eWo1berrGa9Y3r1/1bVwnLjQYlNGRHTYPkWsTDRYv/ZYQ== =QAZ6 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Change subject according to string match in body
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 20 Jan 2010, Johan Lundberg wrote: I have revised my code and moved it in to the filter subroutine as suggested. Everything seems to work as intended. Time to test it on the Looks good to me. if ($Sender =~ /\A(\examp...@example\.com\)\z/) { The ()'s are only needed, if you want to match multiple senders. I added the parenthesises, because I thought you are going to check for more than one address. If I recall correctly, it is not required that the sender address has around it, hence, you should use ?example...? Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS1m2N0gddVksjRnHAQJEkQf/UxMp9FnV+rpkfRnkT8UEdXgX60Cpc1qU eZFdvzimSWe65xva5OTSr47jQslZFIB69Lc7fXusoBk7Gl6iB8aK57Fp+PZSMSi1 DL6wtBmhM9SGiNKvbiO1B+SzGZxskDOXmqOdxDRBLcUTx4xWHCXwppO9GP47tMZK AoYA+ZYkzbmXReTyhh+vA2l6GGVXArz7ANJ4J1QyYPXAmceMFMOTWp4V6B3KY1d7 Xvrv5Z66jAzbPlLD1MWc8ClOntum9wjZ7m2aCMKm8X90ZMf2KiA6bW7egw6Vn1wq qqL2tKeknJi5IGkdGf9u3X/o5he8DGHRLln2+ZYBhEB4zL85Kiku3Q== =nr7A -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Change subject according to string match in body
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 19 Jan 2010, Johan Lundberg wrote: Primary, follow the advice of Dave and move your check into filter(). During this phase the module variables (globally defined varables in mimedefang-filter) are shared, hence, you can prepare the check in filter_begin(), e.g. open log file, prepare the condition when to search for the pattern, do the subject check etc, and end it in filter_end(), e.g close the log file. If you read INPUTMSG directly, you have to deal with MIME encoding etc, hence, I would go the filter() route. BTW: because multiple MIMEDefang processes may run simultaneously, you might loose log info. You should use Syslog. sub filter_end { *snip* *snip* # Search for pattern in the mail body # and prepend subject with [See Me]. my $sender = $entity-head-get('From',0); Well, there is $Sender, which is the envelope MAIL FROM, which probably differs from the header. BTW: There is probably no From header. if ($sender =~ /examp...@example\.com/) { I guess, you want to check anchored regex: if ($sender =~ /\A(examp...@example\.com|..)\z/) { my $subject = $entity-head-get('Subject',0); Already in $Subject if ($subject =~ /pattern/i) { print INFO Subject hit: Subject changed!\n; action_change_header('Subject', [See Me]$subject); } else { my $body = $entity-bodyhandle; I'm not sure, if this works with multipart MIME messages, at least you would need some checks. my $IO = $body-open(r); while (defined($_ = $IO-getline)) { if (/pattern/i) { print INFO Body hit: Subject changed!\n; print INFO Body line: $_\n; action_change_header('Subject', [See Me]$subject); last; } BTW: If you use SpamAssassin, you can create your own rule, score it with 0.0 - so the SPAM score is not changed - and check the matched rules for your one. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS1a+7UgddVksjRnHAQLvMQf/QjJcAYJZ8nqGKDFW4G8h3n2kPmLyKDBY xSH84+oT/zXdtBtpfB1w6C9mw5aI6tperG16GcmkwMy1rLlVCiIzDuuPQD6PUCFf Wb+/lhuWvcEf63mlTWDtBJw8q5mmRrze6fhhK3Lvnpe7bnHU0ZS0q+YMAcNAlYWe G7qt7Lmy+hNvN6uAsxv32VVqAytGO6Ro7IHz5LfWL5RSOeGjZGplD3JdupI97kzu uamxAwvmfZ6ZPPI0MHlHpd7hPyOrx3w78RzKk8Y2vVciRnuiH3JtUpmi39hiiR30 rA1FZhmOM41FmeFDwbMTYxOF4wvhNhQh2z39ibTLT5iltajnpi5KoA== =iU51 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang and Anti-virus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 18 Jan 2010, Cliff Hayes wrote: I'm ready to bring mimedefang anti-virus capabilities online but don't know where to start. I've seen bits and pieces all over the place, but no documentation, instructions, or walk-throughs. Is there a doc out there The doc (wiki) was trashed by SPAMmers. somewhere with instructions on how to turn on the mimedefang anti-virus machinery? The beginning of mimedefang.pl contains lots of AV-related variables. Pick the ones suitable for you and override their values in your filter. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBS1VoMkgddVksjRnHAQJWbwgAtpRRopYMdT6wcYFRhP/GEbCWIRAPxmUm htBlQTPBqtF58jo3ggSbxNMRh8Z0OmE5EF3jm1sBm7EdZUBYFpCeQpps1qUd2GiS kaO+BrqV+4AyJUaWeTAC9qcTMqVk0zdJTyLY9pXfOpjGxbkqUVWRZnIoIpjUMpVK CTHiNY6d1fs7Kg/bG5/uqSoTizbdt4/zwA/JOYS1FbQTfDnJ4ZC/15VqkKxQ4Ub8 K18fHNCt5/ZJ9mq37G/eU1IZSuzMTCSMaFKcu6dBT+etujUHX6hk5/Zf91+BfAqr T9fP75fRZksfSJ37OvaeqSlMVnQo4l8mIJDNLF+MbtafvyIGILmpPQ== =AEdN -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email resend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 14 Dec 2009, Cliff Hayes wrote: The recommended 500M size killed my 2G server, so I'm using a 100M size now. Hmm, I would not expect that for the reason Michiel explains. But it depends on how much RAM is free actually. Maybe, you have lots of other processes allocating memory? I mean, when the server starts swapping with the normal load of messages, you should better not use a RAMdisk (or add more RAM). I still think that's too big ... seems to be using about 3% of it right now (df command). Do you have left-over files from previous runs? There is the -k option to not purge the working directory in case of error. How do I size the thing? I can't afford to waste memory (what's new). But Well, this is hard to answer. The RAMDisk limits the size of mails you can receive. The whole mail is storred there in temporary files. Then, when the message is processed, all MIME parts are unpacked, hence, you need twice as much. So, half the size, divide by the number of MIMEDefang slots you have configured and you have the worst case maximum. Every message larger than this number may not get through (in worst case). In best case, the maximal message size is the half of your RAMdisk. if I make it too small, won't mimedefang crash? No, you would not receive larger emails, esp. when more than one arrives simultaneously. They are tempfailed. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSydQm9lJzF6z/k3SAQIgDwgAtjh0UIf7DNvSvemBUK8FCfESq1/ZP6FQ A6E6R3IYGbwWfWHCnCBSs4zcvBQ+OW/etmvh1rCHuMONtrYU8MEOKWJ6ZXfXyvVU dFYc0Of6WHkWSdK7a1DT6P7F36kWDS2lMB5x0dE1fBbzr9GZshJMLaa3dRrfQJAk tqAUrHpSHa/jeeljMUgRfNhoStsNuaeeBpdbO/nmV2d0JxjSS5UU5o2YD4zsPmXw E3hakt9omHXvzk9stZs7YwwUL+qGpMTrD7K1yxi99HsRe7YkSGqjDaB8/0U1tUxP 6yDs2YlM+EyHgp5+x3gg+gHmxQ79RUPhcf/UxaYh/nh6ln6M53rs4g== =YW7x -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with filter_end
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 11 Dec 2009, Giovanni Romanenghi wrote: You can also add the disclaimer html file as an attachment? I guess you mean: action_add_part() see man mimedefang-filter Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSyIW5tlJzF6z/k3SAQKX2wgAiRO9/dxkxRQNygkO1SfsaTiZecdGdvwC W87m9pt7JKyaEqpn2iko0CFxDBbW7xnAknqvwk7ys8PbJEVCkboLQTDRad82b1xH fvSq0DmWUm7gFbVdOvdK61C+hsJG/bO5LbO6K3Lh2YrzBBAsFWhxgIpO4D3y3goJ QvPwG3KB9jLpWy4cQ5iaAIJTDyMh0ZmFfVpNgBZDhsRoz5igfDCUsjF6sEupFbNq PtrZSb+LRlcQD+cqlL9jafR30kz9SgpGOovPaIzhS0gc3hqZdCwpzb57CWdRbhuY 5prXxJMF8Z43NZYG21BADl8XgI74TQz0ZstZ1eg/qg2QpmutKS7cLw== =jNSN -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Problem with filter_end
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 11 Dec 2009, Giovanni Romanenghi wrote: action_add_part($entity, image/jpg, base64, /etc/mail/disclaimer/MAIL_html_40f16840.jpg , MAIL_html_40f16840.jp g, attachment); =_1260526527-8234-0 Content-Type: image/jpg; name=MAIL_html_40f16840.jpg Content-Disposition: attachment; filename=MAIL_html_40f16840.jpg Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) L2V0Yy9tYWlsL2Rpc2NsYWltZXIvTUFJTF9odG1sXzQwZjE2ODQwLmpwZw== =_1260526527-8234-0-- What is a problem ? You do not read the man page or do not decode the part's body. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSyJbTdlJzF6z/k3SAQI1JAf9E1gr1NGevL5xVb+Qp+v9dZEFMRquQOFT Xu3P4RyOmqpRXW81eWhxdXGF5gaBMJVyWX+1AoICaQb3YKT/cRZc3gHQeTXzA3eA p0TrAtfXJZKofMVCZZMdA1NZuxRjrAGjPEJmgPSp/r+oYmw9zObrKQDAbBLUeEBv nLg9W2LMqetTF8JsQxOdNYNiX5r2Ul7+WL9VG8MLoEuQzcD5pZOJIJNq8WKitVDa /BT/0BgyoOLdjeKVxCLDiOF23aE7ra8pSmQs6k4zpRWcEDxhBtZ3rM3OJ+0S6kV4 1xWGbMsv6HGQN4ylVo8UEoiMQjXCsR+44MgSpSUL7OuC2+J49KNrlA== =Fa+c -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email resend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 9 Dec 2009, Cliff Hayes wrote: can't find where mimedefang actually sends INPUTMSG so that I can duplicate that. Does anyone know how I can send a saved INPUTMSG using sendmail? See: http://lists.roaringpenguin.com/pipermail/mimedefang/2002-March/009479.html ENTIRE_MESSAGE of quarantine dir is the INPUTMSG file of the working dir in MIMEDefang filter. Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSx/DrtlJzF6z/k3SAQJpKQf8DpHIFW1J/snFgUkqjrydtaMaCBOu/HNd ijD8tSrIU7PqmJoynicXxncxyakW7bi31TZW7t0eKQsI+PCfFEKZH99/KNKiOAUW pLdv5gjIXLc45eImm0TIIrl3QKaN6FNaWStyfTNeryLJidzYc97TAGyL577aEzKL xVaNBba9LnxuhXJYVX9LWHWiJRSn1X5ED1STd34m+oTcm3pvW2BDssxZ4ptwD25T Qe6llUvO+L5WAzuy4AP55RBaMXt8VrufYiosmIMa4thfLTZS6pDnzGWAFlkOdbUv j/j1KAbvyrsOQ9JujFC09BTV6vPKpQVWKM/UezQVnRyFZTfVMXUMDw== =P1G3 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email resend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 9 Dec 2009, Cliff Hayes wrote: rename(./INPUTMSG, /savedEmail/$savedEmailID); Hmm: a) think about using the quarantine feature of MIMEDefang Kevin KAM mentioned b) you should move the MIMEDefang spool directory to a RAM disk - -or- c) you can use hard links instead of rename() b) / c) neither rename() nor link() work cross-filesystem. If you cross filesystem, you must copy the file anyway. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSx/QhNlJzF6z/k3SAQKiZwf/TknARz6d0TH7Ay+ek1dbCnFG0pcbW0Oz xJMg0ARcC62nnZ1+DwxD23d0SdMCHkjhzao0NbSw6kzjDd6oPr2OCI6GfmK0SSdp kK+v+daagdTnmC1G4BV8R1FBzuP/D9bA3K4o552YQlvhUAagmo3qtCD0wrdzAgCl +x/5caWnnLPgTQt4RigP5TFUa0DKUphBylW45cDGDH7xEk1PXFrQ5nGuhhcJDJX5 fOO7raA7iLL1G6XdsWnWFH81C7I3qzaigApil6c2DmNZY6kPltXzbe1+g4yk+HWM K8xRVUES7+QtRJHHdrikNs8EE01vZVsydqjM4ccHJPjmX9cn2bHO7Q== =R+22 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang