Jeffrey Goldberg wrote: [snip...]
To mimedefang-filter I've added the following two functions
sub filter_sender { my ($sender, $ip, $hostname, $helo) = @_; return('ACCEPT_AND_NO_MORE_FILTERING', "Sender whitelisted") if is_whitelisted($sender, $ip);
return ('CONTINUE', "ok"); }
sub is_whitelisted { my ($sender, $ip) = @_; my ($whitelistfile) = '/var/spool/MIMEDefang/whitelist.txt' ;
return true if ($ip =~ /^192\.168/ );
if(open (WHITELIST, "< $whitelistfile" )) { @whitelist = <WHITELIST> ; return true if grep { /\b$sender$/i } @whitelist ; }
return false; }
[snip...]
I have a couple of questions.
(1) Other than my forgetting to chomp are there other errors in the code that people notice.
One thing I noticed is that you are storing your file in /var/spool/MIMEDefang. if you have your system configured as recommended with /var/spool/MIMEDefang being on a tmpfs or RAMdisk, then you'll obviously need to have some sort of external way to make sure this information isn't hosed if you lose power or reboot the machine (etc.)
also, although the file handle should be closed once the script exits, it's usually good practice (in my opinion) to close your file handles when you're done with them.
so, in sub is_whitelisted, just before you return you may want to close(WHITELIST);
if you're only going to whitelist based on senders who publish SPF, you should (if you haven't already) look into using Mail::SPF::Query. if your intention is to whitelist any sender who's publishing SPF records, then you could probably save yourself a lot of trouble by just "whitelisting" based on the results of Mail::SPF::Query as opposed to keeping a local flat-file. otherwise you could use the results of Mail::SPF::Query in conjunction with your flat-file read to determine if the mail should be scanned or not.
(2) Will the whitelist file be opened anew with every incoming mail? or will it only be opened when the mutliplexor starts a slave?
the way you have it configured here, everytime filter_sender is called your whitelist file will be opened.
(3) If the answer to (2) is "every time" is there something I can to fix that while still keeping the whitelist in an external file?
you may want to consider using embedded perl. then you could setup your filehandles in filter_initialize and just reference them as approprite in filter_sender.
(4) I'm using bayes autolearn for spamassassin, if I by-pass spamassassin with this whitelisting am I depriving the autolearn system with important information?
obviously, any information you don't pass thru the bayes autolearn facility is depriving it from information. whether or not it's important information is dependant on the contents of the mail and your auto-learn criteria.
I also have a few policy questions.
(4) What I'm doing will exempt whitelisted mail not only from defanging, bad extention checks and SpamAssassin, but also from virus scanning. Is that stupid? Note that at the site in question almost all (but not all) email users are on Linux. Of the few MS-Windows users, almost everyone (but not everyone) is using a Mozilla based MUA. (But I know that there is at least one Outhouse user still, and that is not going to change).
Firstly, I personally am a little uneasy with setting up whitelisting facilities based on fields that could potentially be exploited or forged. You may want to keep that in mind when setting up your whitelisting. I prefer to do my sender whitelisting (per se) based on SMTP AUTH. My mail server doesn't have any "local" senders (i.e. from the box itself) and is located in a co-lo so there's no local network to authenticate against. since all of my users are remote (and world-wide) the only useful way for me to determine if scanning should be done is by checking SMTP AUTH.
My policy decisions are such that I scan every piece of mail thru my server for viruses. even outgoing mail that has been SMTP AUTH'd. the overhead is minimal and it only takes ONE virus mail to cause a problem so, if you even only have 1 machine that could possibly send a virus, you're better off scanning than not (in my opinion).
I do, however, skip spam scanning from my authenticated users as i know my users don't send spam. YMMV
hope this is useful information.
alan
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
