Hello list,
I used to patch amavis to use custom ldap attributes. I figured it
would be a better idea in the long run to allow these to be overiden in
the configuration file, and contribute the changes to the project in the
attached patch.
patch feature 1: specify ldap attribute in configuration file
----------------------------------------------------------------
The patch applies to amavisd, and updates RELEASE_NOTES + README.ldap
for usage specifics.
patch feature 2: add map virus_subject_tag2_maps
------------------------------------------------
the patch also exposes $subject_tag_maps_by_ccat{+CC_VIRUS} as new map
virus_subject_tag2_maps for consistency with spam_subject_tag2_maps.
LDAP.schema is updated to match.
RELEASE_NOTES changes:
NEW FEATURES SUMMARY
- LDAP attributes can be overriden from the default amavis schema. Avoids
having to make major changes to an existing LDAP directory if different
attribute names already contain required policy information.
See README.ldap for usage details.
- new map for specifying a subject tag on virus infected messages
virus_subject_tag2_maps. amavisVirusSubjectTag2 attribute added to
LDAP schema. Equivalent to: $subject_tag_maps_by_ccat{+CC_VIRUS}
I have placed a warning in the release notes regarding the original
documentation on specifying different ldap attributes, which hasn't been valid
for a while (amavisd-new
2.4.x or so?):
$virus_lovers_ldap = {res_attr => 'amavisVirusLover'}; # don't do this, no
effect
README.ldap changes:
Using custom LDAP attributes
----------------------------
This readme uses the default amavis attribute names, from the default amavis
LDAP schema. In order to facilitate integrating amavis into
environments where
required policy information is already be stored in a directory, but under
different attribute names, a facility is provided to specify a custom
attribute
name for a given amavis map.
The attributes used for a given map lookup are overriden by setting the
%ldap_attr (single-valued attributes) and %ldap_attr_mv (multi-valued
attributes) hashes in the configuration file.
Again take note that it is not the default attribute name that is specified,
but the amavis map name. (below: spam_tag2_level_maps, not
amavisSpamTag2Level)
examples:
single-valued example, specify in configuration file after enabling ldap.
use "spamThreshold" attribute instead of default "amavisSpamTag2Level":
$ldap_attr_maps{spam_tag2_level_maps} = "spamThreshold";
multi-valued example,
use "senderWhitelist" attribute instead of default "amavisWhitelistSender":
$ldap_attr_maps_mv{whitelist_sender_maps} = "senderWhitelist";
Amavis maps, LDAP attribute field type, default LDAP attribute name
-------------------------------------------------------------------
A helper table of all amavis maps that can be looked up per-use in LDAP,
the attribute field type for these maps, and the default LDAP attribute name
used in the lookup.
attribute field types, from amavis source:
B=boolean, N=numeric, S=string, L=list
B-, N-, S-, L- returns undef if field does not exist
B0: boolean, nonexistent field treated as false,
B1: boolean, nonexistent field treated as true
amavis map, single value default LDAP attribute field type
--------------------------------- ------------------------------- ----------
archive_quarantine_to_maps amavisArchiveQuarantineTo S-
bad_header_admin_maps amavisBadHeaderAdmin S-
bad_header_lovers_maps amavisBadHeaderLover B-
bad_header_quarantine_to_maps amavisBadHeaderQuarantineTo S-
banned_admin_maps amavisBannedAdmin S-
banned_filename_maps amavisBannedRuleNames S-
banned_files_lovers_maps amavisBannedFilesLover B-
banned_quarantine_to_maps amavisBannedQuarantineTo S-
bypass_banned_checks_maps amavisBypassBannedChecks B-
bypass_header_checks_maps amavisBypassHeaderChecks B-
bypass_spam_checks_maps amavisBypassSpamChecks B-
bypass_virus_checks_maps amavisBypassVirusChecks B-
clean_quarantine_to_maps amavisCleanQuarantineTo S-
local_domains_maps amavisLocal B1
message_size_limit_maps amavisMessageSizeLimit N-
newvirus_admin_maps amavisNewVirusAdmin S-
spam_admin_maps amavisSpamAdmin S-
spam_dsn_cutoff_level_maps amavisSpamDsnCutoffLevel N-
spam_kill_level_maps amavisSpamKillLevel N-
spam_lovers_maps amavisSpamLover B-
spam_modifies_subj_maps amavisSpamModifiesSubj B-
spam_quarantine_cutoff_level_maps amavisSpamQuarantineCutoffLevel N-
spam_quarantine_to_maps amavisSpamQuarantineTo S-
spam_subject_tag2_maps amavisSpamSubjectTag2 S-
spam_subject_tag_maps amavisSpamSubjectTag S-
spam_tag2_level_maps amavisSpamTag2Level N-
spam_tag_level_maps amavisSpamTagLevel N-
virus_admin_maps amavisVirusAdmin S-
virus_lovers_maps amavisVirusLover B-
virus_quarantine_to_maps amavisVirusQuarantineTo S-
virus_subject_tag2_maps amavisVirusSubjectTag2 S-
warnbadhrecip_maps amavisWarnBadHeaderRecip B-
warnbannedrecip_maps amavisWarnBannedRecip B-
warnvirusrecip_maps amavisWarnVirusRecip B-
amavis map, multiple values default LDAP attribute field type
--------------------------------- ------------------------------- ----------
blacklist_sender_maps amavisBlacklistSender L-
whitelist_sender_maps amavisWhitelistSender L-
Feedback welcome, of course.
-Martin Foster
martin_fos...@netlog.net
diff -urN amavisd-new-2.6.4.ORIG/amavisd amavisd-new-2.6.4/amavisd
--- amavisd-new-2.6.4.ORIG/amavisd 2009-06-25 22:39:01.000000000 +1000
+++ amavisd-new-2.6.4/amavisd 2010-03-03 12:42:56.000000000 +1100
@@ -219,7 +219,7 @@
fetch_modules('REQUIRED BASIC MODULES', 1, qw(
Exporter POSIX Fcntl Socket Errno Carp Time::HiRes
IO::Handle IO::File IO::Socket IO::Socket::UNIX IO::Socket::INET
- IO::Stringy Digest::MD5 Unix::Syslog File::Basename
+ IO::Stringy Digest::MD5 Unix::Syslog File::Basename Hash::Util
Compress::Zlib MIME::Base64 MIME::QuotedPrint MIME::Words
MIME::Head MIME::Body MIME::Entity MIME::Parser MIME::Decoder
MIME::Decoder::Base64 MIME::Decoder::Binary MIME::Decoder::QuotedPrint
@@ -332,6 +332,7 @@
@bypass_virus_checks_maps @bypass_spam_checks_maps
@bypass_banned_checks_maps @bypass_header_checks_maps
@viruses_that_fake_sender_maps @virus_name_to_spam_score_maps
+ @virus_subject_tag2_maps
@remove_existing_spam_headers_maps
%final_destiny_by_ccat %lovers_maps_by_ccat
@@ -378,7 +379,7 @@
$virus_check_negative_ttl $virus_check_positive_ttl
$spam_check_negative_ttl $spam_check_positive_ttl
$trim_trailing_space_in_lookup_result_fields
- $enable_ldap $default_ldap
+ $enable_ldap $default_ldap %ldap_attr_maps %ldap_attr_maps_mv
@keep_decoded_original_maps @map_full_type_to_short_type_maps
%banned_rules $penpals_threshold_low $penpals_threshold_high
$enable_dkim_verification $enable_dkim_signing
@@ -1481,6 +1482,7 @@
@addr_extension_bad_header_maps = (\$addr_extension_bad_header);
@debug_sender_maps = (\...@debug_sender_acl);
@remove_existing_spam_headers_maps = (\$remove_existing_spam_headers);
+ @virus_subject_tag2_maps = ( '***INFECTED*** ' ); # backwards compatibility
# new variables, no backwards compatibility needed
# @score_sender_maps, @author_to_policy_bank_maps, @signer_reputation_maps,
@@ -1538,7 +1540,7 @@
CC_BADH, sub { c('defang_bad_header') },
);
%subject_tag_maps_by_ccat = (
- CC_VIRUS, [ '***INFECTED*** ' ],
+ CC_VIRUS, sub { ca('virus_subject_tag2_maps') },
CC_BANNED, undef,
CC_UNCHECKED, sub { [ c('undecipherable_subject_tag') ] }, # not by-recip
CC_SPAM, undef,
@@ -1642,6 +1644,51 @@
);
%addr_rewrite_maps_by_ccat = ( );
+ # LDAP attribute default values for maps
+ %ldap_attr_maps = (
+ archive_quarantine_to_maps => 'amavisArchiveQuarantineTo',
+ bad_header_admin_maps => 'amavisBadHeaderAdmin',
+ bad_header_lovers_maps => 'amavisBadHeaderLover',
+ bad_header_quarantine_to_maps => 'amavisBadHeaderQuarantineTo',
+ banned_admin_maps => 'amavisBannedAdmin',
+ banned_filename_maps => 'amavisBannedRuleNames',
+ banned_files_lovers_maps => 'amavisBannedFilesLover',
+ banned_quarantine_to_maps => 'amavisBannedQuarantineTo',
+ bypass_banned_checks_maps => 'amavisBypassBannedChecks',
+ bypass_header_checks_maps => 'amavisBypassHeaderChecks',
+ bypass_spam_checks_maps => 'amavisBypassSpamChecks',
+ bypass_virus_checks_maps => 'amavisBypassVirusChecks',
+ clean_quarantine_to_maps => 'amavisCleanQuarantineTo',
+ local_domains_maps => 'amavisLocal',
+ message_size_limit_maps => 'amavisMessageSizeLimit',
+ newvirus_admin_maps => 'amavisNewVirusAdmin',
+ spam_admin_maps => 'amavisSpamAdmin',
+ spam_dsn_cutoff_level_maps => 'amavisSpamDsnCutoffLevel',
+ spam_kill_level_maps => 'amavisSpamKillLevel',
+ spam_lovers_maps => 'amavisSpamLover',
+ spam_modifies_subj_maps => 'amavisSpamModifiesSubj',
+ spam_quarantine_cutoff_level_maps =>
'amavisSpamQuarantineCutoffLevel',
+ spam_quarantine_to_maps => 'amavisSpamQuarantineTo',
+ spam_subject_tag2_maps => 'amavisSpamSubjectTag2',
+ spam_subject_tag_maps => 'amavisSpamSubjectTag',
+ spam_tag2_level_maps => 'amavisSpamTag2Level',
+ spam_tag_level_maps => 'amavisSpamTagLevel',
+ virus_admin_maps => 'amavisVirusAdmin',
+ virus_lovers_maps => 'amavisVirusLover',
+ virus_subject_tag2_maps => 'amavisVirusSubjectTag2',
+ virus_quarantine_to_maps => 'amavisVirusQuarantineTo',
+ warnbadhrecip_maps => 'amavisWarnBadHeaderRecip',
+ warnbannedrecip_maps => 'amavisWarnBannedRecip',
+ warnvirusrecip_maps => 'amavisWarnVirusRecip',
+ );
+ %ldap_attr_maps_mv = (
+ blacklist_sender_maps => 'amavisBlacklistSender',
+ whitelist_sender_maps => 'amavisWhitelistSender',
+ );
+ # Lock the keys to reduce the chance of a configuration file override error
+ Hash::Util::lock_keys(%ldap_attr_maps);
+ Hash::Util::lock_keys(%ldap_attr_maps_mv);
+
} # end BEGIN - init_tertiary
@@ -1756,6 +1803,7 @@
@spam_dsn_cutoff_level_maps @spam_dsn_cutoff_level_bysender_maps
@spam_quarantine_cutoff_level_maps @spam_notifyadmin_cutoff_level_maps
@spam_subject_tag_maps @spam_subject_tag2_maps @spam_subject_tag3_maps
+ @virus_subject_tag2_maps
@whitelist_sender_maps @blacklist_sender_maps @score_sender_maps
@author_to_policy_bank_maps @signer_reputation_maps
@message_size_limit_maps
@@ -9549,41 +9597,41 @@
# B0: boolean, nonexistent field treated as false,
# B1: boolean, nonexistent field treated as true
my $lf = sub{Amavis::Lookup::LDAPattr->new($ldap_policy,@_)};
- unshift(@Amavis::Conf::virus_lovers_maps,
$lf->('amavisVirusLover', 'B-'));
- unshift(@Amavis::Conf::spam_lovers_maps,
$lf->('amavisSpamLover', 'B-'));
- unshift(@Amavis::Conf::banned_files_lovers_maps,
$lf->('amavisBannedFilesLover', 'B-'));
- unshift(@Amavis::Conf::bad_header_lovers_maps,
$lf->('amavisBadHeaderLover', 'B-'));
- unshift(@Amavis::Conf::bypass_virus_checks_maps,
$lf->('amavisBypassVirusChecks', 'B-'));
- unshift(@Amavis::Conf::bypass_spam_checks_maps,
$lf->('amavisBypassSpamChecks', 'B-'));
-
unshift(@Amavis::Conf::bypass_banned_checks_maps,$lf->('amavisBypassBannedChecks',
'B-'));
-
unshift(@Amavis::Conf::bypass_header_checks_maps,$lf->('amavisBypassHeaderChecks',
'B-'));
- unshift(@Amavis::Conf::spam_tag_level_maps,
$lf->('amavisSpamTagLevel', 'N-'));
- unshift(@Amavis::Conf::spam_tag2_level_maps,
$lf->('amavisSpamTag2Level', 'N-'));
- unshift(@Amavis::Conf::spam_kill_level_maps,
$lf->('amavisSpamKillLevel', 'N-'));
-
unshift(@Amavis::Conf::spam_dsn_cutoff_level_maps,$lf->('amavisSpamDsnCutoffLevel','N-'));
-
unshift(@Amavis::Conf::spam_quarantine_cutoff_level_maps,$lf->('amavisSpamQuarantineCutoffLevel','N-'));
- unshift(@Amavis::Conf::spam_subject_tag_maps,
$lf->('amavisSpamSubjectTag', 'S-'));
- unshift(@Amavis::Conf::spam_subject_tag2_maps,
$lf->('amavisSpamSubjectTag2', 'S-'));
- unshift(@Amavis::Conf::spam_modifies_subj_maps,
$lf->('amavisSpamModifiesSubj', 'B-'));
- unshift(@Amavis::Conf::message_size_limit_maps,
$lf->('amavisMessageSizeLimit', 'N-'));
- unshift(@Amavis::Conf::virus_quarantine_to_maps,
$lf->('amavisVirusQuarantineTo', 'S-'));
- unshift(@Amavis::Conf::banned_quarantine_to_maps,
$lf->('amavisBannedQuarantineTo','S-'));
- unshift(@Amavis::Conf::spam_quarantine_to_maps,
$lf->('amavisSpamQuarantineTo', 'S-'));
- unshift(@Amavis::Conf::bad_header_quarantine_to_maps,
$lf->('amavisBadHeaderQuarantineTo', 'S-'));
- unshift(@Amavis::Conf::clean_quarantine_to_maps,
$lf->('amavisCleanQuarantineTo', 'S-'));
- unshift(@Amavis::Conf::archive_quarantine_to_maps,
$lf->('amavisArchiveQuarantineTo', 'S-'));
- unshift(@Amavis::Conf::local_domains_maps, $lf->('amavisLocal',
'B1'));
- unshift(@Amavis::Conf::warnvirusrecip_maps,
$lf->('amavisWarnVirusRecip', 'B-'));
- unshift(@Amavis::Conf::warnbannedrecip_maps,
$lf->('amavisWarnBannedRecip', 'B-'));
- unshift(@Amavis::Conf::warnbadhrecip_maps,
$lf->('amavisWarnBadHeaderRecip', 'B-'));
- unshift(@Amavis::Conf::virus_admin_maps,
$lf->('amavisVirusAdmin', 'S-'));
- unshift(@Amavis::Conf::newvirus_admin_maps,
$lf->('amavisNewVirusAdmin', 'S-'));
- unshift(@Amavis::Conf::spam_admin_maps,
$lf->('amavisSpamAdmin', 'S-'));
- unshift(@Amavis::Conf::banned_admin_maps,
$lf->('amavisBannedAdmin', 'S-'));
- unshift(@Amavis::Conf::bad_header_admin_maps,
$lf->('amavisBadHeaderAdmin', 'S-'));
- unshift(@Amavis::Conf::banned_filename_maps,
$lf->('amavisBannedRuleNames', 'S-'));
-# unshift(@Amavis::Conf::disclaimer_options_bysender_maps,
-#
$lf->('amavisDisclaimerOptions', 'S-'));
+ unshift(@Amavis::Conf::archive_quarantine_to_maps,
$lf->($Amavis::Conf::ldap_attr_maps{archive_quarantine_to_maps}, 'S-'));
+ unshift(@Amavis::Conf::bad_header_admin_maps,
$lf->($Amavis::Conf::ldap_attr_maps{bad_header_admin_maps}, 'S-'));
+ unshift(@Amavis::Conf::bad_header_lovers_maps,
$lf->($Amavis::Conf::ldap_attr_maps{bad_header_lovers_maps}, 'B-'));
+ unshift(@Amavis::Conf::bad_header_quarantine_to_maps,
$lf->($Amavis::Conf::ldap_attr_maps{bad_header_quarantine_to_maps}, 'S-'));
+ unshift(@Amavis::Conf::banned_admin_maps,
$lf->($Amavis::Conf::ldap_attr_maps{banned_admin_maps}, 'S-'));
+ unshift(@Amavis::Conf::banned_filename_maps,
$lf->($Amavis::Conf::ldap_attr_maps{banned_filename_maps}, 'S-'));
+ unshift(@Amavis::Conf::banned_files_lovers_maps,
$lf->($Amavis::Conf::ldap_attr_maps{banned_files_lovers_maps}, 'B-'));
+ unshift(@Amavis::Conf::banned_quarantine_to_maps,
$lf->($Amavis::Conf::ldap_attr_maps{banned_quarantine_to_maps}, 'S-'));
+ unshift(@Amavis::Conf::bypass_banned_checks_maps,
$lf->($Amavis::Conf::ldap_attr_maps{bypass_banned_checks_maps}, 'B-'));
+ unshift(@Amavis::Conf::bypass_header_checks_maps,
$lf->($Amavis::Conf::ldap_attr_maps{bypass_header_checks_maps}, 'B-'));
+ unshift(@Amavis::Conf::bypass_spam_checks_maps,
$lf->($Amavis::Conf::ldap_attr_maps{bypass_spam_checks_maps}, 'B-'));
+ unshift(@Amavis::Conf::bypass_virus_checks_maps,
$lf->($Amavis::Conf::ldap_attr_maps{bypass_virus_checks_maps}, 'B-'));
+ unshift(@Amavis::Conf::clean_quarantine_to_maps,
$lf->($Amavis::Conf::ldap_attr_maps{clean_quarantine_to_maps}, 'S-'));
+ unshift(@Amavis::Conf::local_domains_maps,
$lf->($Amavis::Conf::ldap_attr_maps{local_domains_maps}, 'B1'));
+ unshift(@Amavis::Conf::message_size_limit_maps,
$lf->($Amavis::Conf::ldap_attr_maps{message_size_limit_maps}, 'N-'));
+ unshift(@Amavis::Conf::newvirus_admin_maps,
$lf->($Amavis::Conf::ldap_attr_maps{newvirus_admin_maps}, 'S-'));
+ unshift(@Amavis::Conf::spam_admin_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_admin_maps}, 'S-'));
+ unshift(@Amavis::Conf::spam_dsn_cutoff_level_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_dsn_cutoff_level_maps}, 'N-'));
+ unshift(@Amavis::Conf::spam_kill_level_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_kill_level_maps}, 'N-'));
+ unshift(@Amavis::Conf::spam_lovers_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_lovers_maps}, 'B-'));
+ unshift(@Amavis::Conf::spam_modifies_subj_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_modifies_subj_maps}, 'B-'));
+ unshift(@Amavis::Conf::spam_quarantine_cutoff_level_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_quarantine_cutoff_level_maps}, 'N-'));
+ unshift(@Amavis::Conf::spam_quarantine_to_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_quarantine_to_maps}, 'S-'));
+ unshift(@Amavis::Conf::spam_subject_tag2_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_subject_tag2_maps}, 'S-'));
+ unshift(@Amavis::Conf::spam_subject_tag_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_subject_tag_maps}, 'S-'));
+ unshift(@Amavis::Conf::spam_tag2_level_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_tag2_level_maps}, 'N-'));
+ unshift(@Amavis::Conf::spam_tag_level_maps,
$lf->($Amavis::Conf::ldap_attr_maps{spam_tag_level_maps}, 'N-'));
+ unshift(@Amavis::Conf::virus_admin_maps,
$lf->($Amavis::Conf::ldap_attr_maps{virus_admin_maps}, 'S-'));
+ unshift(@Amavis::Conf::virus_lovers_maps,
$lf->($Amavis::Conf::ldap_attr_maps{virus_lovers_maps}, 'B-'));
+ unshift(@Amavis::Conf::virus_quarantine_to_maps,
$lf->($Amavis::Conf::ldap_attr_maps{virus_quarantine_to_maps}, 'S-'));
+ unshift(@Amavis::Conf::virus_subject_tag2_maps,
$lf->($Amavis::Conf::ldap_attr_maps{virus_subject_tag2_maps}, 'S-'));
+ unshift(@Amavis::Conf::warnbadhrecip_maps,
$lf->($Amavis::Conf::ldap_attr_maps{warnbadhrecip_maps}, 'B-'));
+ unshift(@Amavis::Conf::warnbannedrecip_maps,
$lf->($Amavis::Conf::ldap_attr_maps{warnbannedrecip_maps}, 'B-'));
+ unshift(@Amavis::Conf::warnvirusrecip_maps,
$lf->($Amavis::Conf::ldap_attr_maps{warnvirusrecip_maps}, 'B-'));
+# unshift(@Amavis::Conf::disclaimer_options_bysender_maps,
$lf->($Amavis::Conf::ldap_attr_maps{disclaimer_options_bysender_maps}, 'S-'));
section_time('ldap-prepare');
}
if (defined $sql_policy && !$implicit_maps_inserted) {
@@ -15161,7 +15209,7 @@
1;
-#�
+#
package Amavis::Lookup::LDAP;
use strict;
use re 'taint';
@@ -15169,7 +15217,7 @@
BEGIN {
require Exporter;
use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $VERSION
- $ldap_sys_default @ldap_attrs @mv_ldap_attrs);
+ $ldap_sys_default @ldap_attrs @mv_ldap_attrs $key);
$VERSION = '2.207';
@ISA = qw(Exporter);
import Amavis::Conf qw(:platform :confvars c cr ca);
@@ -15184,23 +15232,22 @@
query_filter => '(&(objectClass=amavisAccount)(mail=%m))',
};
- @ldap_attrs = qw(amavisVirusLover amavisSpamLover amavisBannedFilesLover
- amavisBadHeaderLover amavisBypassVirusChecks amavisBypassSpamChecks
- amavisBypassBannedChecks amavisBypassHeaderChecks amavisSpamTagLevel
- amavisSpamTag2Level amavisSpamKillLevel
- amavisSpamDsnCutoffLevel amavisSpamQuarantineCutoffLevel
- amavisSpamSubjectTag amavisSpamSubjectTag2 amavisSpamModifiesSubj
- amavisVirusQuarantineTo amavisSpamQuarantineTo amavisBannedQuarantineTo
- amavisBadHeaderQuarantineTo amavisArchiveQuarantineTo
- amavisBlacklistSender amavisWhitelistSender
- amavisLocal amavisMessageSizeLimit amavisWarnVirusRecip
- amavisWarnBannedRecip amavisWarnBadHeaderRecip amavisVirusAdmin
- amavisNewVirusAdmin amavisSpamAdmin amavisBannedAdmin
- amavisBadHeaderAdmin amavisBannedRuleNames
- );
-# amavisDisclaimerOptions
+ # single valued LDAP attribute, all future comparisons done lc()
+ @ldap_attrs = ();
+ foreach $key (sort keys %Amavis::Conf::ldap_attr_maps) {
+ $Amavis::Conf::ldap_attr_maps{$key} =
lc($Amavis::Conf::ldap_attr_maps{$key});
+ push(@ldap_attrs, $Amavis::Conf::ldap_attr_maps{$key});
+ }
- @mv_ldap_attrs = qw(amavisBlacklistSender amavisWhitelistSender);
+ # multi valued LDAP attributes, all future comparsions done lc()
+ # - separate array for MV attributes to quickly establish MV or SV
+ # - MV attrs need to be added to master list of attributes, ldap_attrs
+ @mv_ldap_attrs = ();
+ foreach $key (sort keys %Amavis::Conf::ldap_attr_maps_mv) {
+ $Amavis::Conf::ldap_attr_maps_mv{$key} =
lc($Amavis::Conf::ldap_attr_maps_mv{$key});
+ push(@mv_ldap_attrs, $Amavis::Conf::ldap_attr_maps_mv{$key});
+ push(@ldap_attrs, $Amavis::Conf::ldap_attr_maps_mv{$key});
+ }
}
sub new {
@@ -15311,11 +15358,12 @@
$match->{dn} = $entry->dn;
for my $attr (@ldap_attrs) {
my($value);
- do_log(9,'lookup_ldap: reading attribute "%s" from object', $attr);
$attr = lc($attr);
if ($mv_ldap_attrs{$attr}) { # multivalued
+ do_log(9,'lookup_ldap: reading multi-valued attribute "%s" from
object', $attr);
$value = $entry->get_value($attr, asref => 1);
} else {
+ do_log(9,'lookup_ldap: reading singlevalued attribute "%s" from
object', $attr);
$value = $entry->get_value($attr);
}
$match->{$attr} = $value if defined $value;
@@ -21234,7 +21282,7 @@
do_log(5,'wbl: (LDAP) query keys: %s', join(',
',map{"\"$_\""}...@keys));
$wblist = lookup(0,$recip,Amavis::Lookup::LDAPattr->new(
- $ldap_policy,'amavisBlacklistSender','L-'));
+
$ldap_policy,$Amavis::Conf::ldap_attr_maps_mv{blacklist_sender_maps},'L-'));
for my $key (@keys) {
if (grep {lc($_) eq lc($key)} @$wblist) {
$found=1; $wb = -1; $br = $recip; $any_b++;
@@ -21244,7 +21292,7 @@
}
}
$wblist = lookup(0,$recip,Amavis::Lookup::LDAPattr->new(
- $ldap_policy,'amavisWhitelistSender','L-'));
+
$ldap_policy,$Amavis::Conf::ldap_attr_maps_mv{whitelist_sender_maps},'L-'));
for my $key (@keys) {
if (grep {lc($_) eq lc($key)} @$wblist) {
$found=1; $wb = +1; $wr = $recip; $any_w++;
diff -urN amavisd-new-2.6.4.ORIG/LDAP.schema amavisd-new-2.6.4/LDAP.schema
--- amavisd-new-2.6.4.ORIG/LDAP.schema 2008-10-11 04:29:02.000000000 +1100
+++ amavisd-new-2.6.4/LDAP.schema 2010-03-03 16:11:46.000000000 +1100
@@ -388,6 +388,17 @@
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
+#dn: cn=schema
+#changetype: modify
+#add: attributetypes
+attributetype ( 1.3.6.1.4.1.15312.2.2.1.35
+ NAME 'amavisVirusSubjectTag2'
+ DESC 'Virus Subject Tag2'
+ EQUALITY caseExactIA5Match
+ SUBSTR caseExactSubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+
# Classes
#---------
@@ -419,7 +430,7 @@
amavisSpamAdmin $ amavisBannedAdmin $ amavisBadHeaderAdmin $
amavisBannedRuleNames $
amavisSpamDsnCutoffLevel $ amavisSpamQuarantineCutoffLevel $
- amavisSpamSubjectTag $ amavisSpamSubjectTag2 $
+ amavisSpamSubjectTag $ amavisSpamSubjectTag2 $ amavisVirusSubjectTag2 $
cn $ description ) )
#--------------------------------------------------------------------------
diff -urN amavisd-new-2.6.4.ORIG/README_FILES/README.ldap
amavisd-new-2.6.4/README_FILES/README.ldap
--- amavisd-new-2.6.4.ORIG/README_FILES/README.ldap 2006-01-27
11:46:18.000000000 +1100
+++ amavisd-new-2.6.4/README_FILES/README.ldap 2010-03-03 15:55:03.000000000
+1100
@@ -149,3 +149,88 @@
In general LDAP lookups are similar to SQL lookups except for the low level
LDAP/SQL specific code. The overall functionality, lookup rules, etc. are
identical.
+
+Using custom LDAP attributes
+----------------------------
+
+This readme uses the default amavis attribute names, from the default amavis
+LDAP schema. In order to facilitate integrating amavis into environments where
+required policy information is already be stored in a directory, but under
+different attribute names, a facility is provided to specify a custom attribute
+name for a given amavis map.
+
+The attributes used for a given map lookup are overriden by setting the
+%ldap_attr (single-valued attributes) and %ldap_attr_mv (multi-valued
+attributes) hashes in the configuration file.
+
+Again take note that it is not the default attribute name that is specified,
+but the amavis map name. (below: spam_tag2_level_maps, not amavisSpamTag2Level)
+
+examples:
+
+single-valued example, specify in configuration file after enabling ldap.
+use "spamThreshold" attribute instead of default "amavisSpamTag2Level":
+
+ $ldap_attr_maps{spam_tag2_level_maps} = "spamThreshold";
+
+multi-valued example,
+use "senderWhitelist" attribute instead of default "amavisWhitelistSender":
+
+ $ldap_attr_maps_mv{whitelist_sender_maps} = "senderWhitelist";
+
+Amavis maps, LDAP attribute field type, default LDAP attribute name
+-------------------------------------------------------------------
+
+A helper table of all amavis maps that can be looked up per-use in LDAP,
+the attribute field type for these maps, and the default LDAP attribute name
+used in the lookup.
+
+attribute field types, from amavis source:
+
+B=boolean, N=numeric, S=string, L=list
+B-, N-, S-, L- returns undef if field does not exist
+B0: boolean, nonexistent field treated as false,
+B1: boolean, nonexistent field treated as true
+
+amavis map, single value default LDAP attribute field type
+--------------------------------- ------------------------------- ----------
+archive_quarantine_to_maps amavisArchiveQuarantineTo S-
+bad_header_admin_maps amavisBadHeaderAdmin S-
+bad_header_lovers_maps amavisBadHeaderLover B-
+bad_header_quarantine_to_maps amavisBadHeaderQuarantineTo S-
+banned_admin_maps amavisBannedAdmin S-
+banned_filename_maps amavisBannedRuleNames S-
+banned_files_lovers_maps amavisBannedFilesLover B-
+banned_quarantine_to_maps amavisBannedQuarantineTo S-
+bypass_banned_checks_maps amavisBypassBannedChecks B-
+bypass_header_checks_maps amavisBypassHeaderChecks B-
+bypass_spam_checks_maps amavisBypassSpamChecks B-
+bypass_virus_checks_maps amavisBypassVirusChecks B-
+clean_quarantine_to_maps amavisCleanQuarantineTo S-
+local_domains_maps amavisLocal B1
+message_size_limit_maps amavisMessageSizeLimit N-
+newvirus_admin_maps amavisNewVirusAdmin S-
+spam_admin_maps amavisSpamAdmin S-
+spam_dsn_cutoff_level_maps amavisSpamDsnCutoffLevel N-
+spam_kill_level_maps amavisSpamKillLevel N-
+spam_lovers_maps amavisSpamLover B-
+spam_modifies_subj_maps amavisSpamModifiesSubj B-
+spam_quarantine_cutoff_level_maps amavisSpamQuarantineCutoffLevel N-
+spam_quarantine_to_maps amavisSpamQuarantineTo S-
+spam_subject_tag2_maps amavisSpamSubjectTag2 S-
+spam_subject_tag_maps amavisSpamSubjectTag S-
+spam_tag2_level_maps amavisSpamTag2Level N-
+spam_tag_level_maps amavisSpamTagLevel N-
+virus_admin_maps amavisVirusAdmin S-
+virus_lovers_maps amavisVirusLover B-
+virus_quarantine_to_maps amavisVirusQuarantineTo S-
+virus_subject_tag2_maps amavisVirusSubjectTag2 S-
+warnbadhrecip_maps amavisWarnBadHeaderRecip B-
+warnbannedrecip_maps amavisWarnBannedRecip B-
+warnvirusrecip_maps amavisWarnVirusRecip B-
+
+amavis map, multiple values default LDAP attribute field type
+--------------------------------- ------------------------------- ----------
+blacklist_sender_maps amavisBlacklistSender L-
+whitelist_sender_maps amavisWhitelistSender L-
+
diff -urN amavisd-new-2.6.4.ORIG/RELEASE_NOTES amavisd-new-2.6.4/RELEASE_NOTES
--- amavisd-new-2.6.4.ORIG/RELEASE_NOTES 2009-06-26 03:56:55.000000000
+1000
+++ amavisd-new-2.6.4/RELEASE_NOTES 2010-03-03 16:14:26.000000000 +1100
@@ -1,4 +1,17 @@
---------------------------------------------------------------------------
+amavisd-new-2.6.X release notes
+
+NEW FEATURES SUMMARY
+
+- LDAP attributes can be overriden from the default amavis schema. Avoids
+ having to make major changes to an existing LDAP directory if different
+ attribute names already contain required policy information.
+ See README.ldap for usage details.
+- new map for specifying a subject tag on virus infected messages
+ virus_subject_tag2_maps. amavisVirusSubjectTag2 attribute added to
+ LDAP schema. Equivalent to: $subject_tag_maps_by_ccat{+CC_VIRUS}
+
+---------------------------------------------------------------------------
June 25, 2009
amavisd-new-2.6.4 release notes
@@ -10281,6 +10294,9 @@
| query_filter => '(&(objectClass=amavisAccount)(mail=%m))'
| };
+ WARNING: the information below relating to overriding LDAP attributes
+ is no longer valid, see README.ldap for the new form.
+
And then the lookups themselves:
| $virus_lovers_ldap = {res_attr => 'amavisVirusLover'};
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
