This weekend I've spent a lot of time working out how to use the Maildrop embedded mode, mainly because of the SWEN.A virus that has been annoying people all around.
I now have a working setup, which blocks most of the SWEN "Microsoft security update" attempts, plus which blocks all Windows executables that are sent using a BCC to the recipient. I avoided the issue I mentioned yesterday (trying to identify the address of the recipient) by using a simple file lookup of valid recipient addresses (e.g. [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] etc.) The difficulty with setting this up was that it appears virtually impossible to debug embedded-mode filters as embedded mode, since the "log" command is forbidden in embedded mode and the "echo" command goes nowhere (Courier runs maildrop with maildrop's stdout attached to a pipe). I would *love* a "special debugging mode" which enables the "log" command even with the issues involved. Now, because the filters are content filters, they require that the message be transmitted to your host before they can run. So they don't save anything in terms of external bandwidth, but do short-circuit the delivery mechanisms (e.g. SpamAssassin and its ilk). And personally I like not even having to see that virus' droppings! There is a small amount of logic in the rcptfilter, because otherwise my own outbound traffic seemed to be getting screened (I was getting messages that I was either whitelisted or not, and the connection was refused). The rcptfilter checks to see if the "MAIL FROM:" domain is listed in the "etc/locals" file. This is imperfect in that authorized senders who are *not* using a locally-hosted address will get snarled up, but it will work for me. And, of course, with any luck this is a temporary fix while the virus is being annoying. All that said, I have placed a file at http://www.gelteye.org/embedfilt.tgz (2272 bytes). Use at your own risk, check your logs to look for inappropriate rejections, etc. etc.... Hope this is of some use to someone, Regards, Malc. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
