Hi,
recently I started to quarantine spam while I was
testing the SA BotNet plugin.
I needed to get a quick report on the quarantined email in order
to visually confirm that the email was a spam,
so I modified the function send_quarantine_notifications
and created the function send_quarantine_notifications_quick($$)
The most importan info I need was:
Quarentine dir : in order to get the original email
Relay host : in order to see if it was a DUL client
Sender : in order to detect auto-generated emails
The quarentine email report looks like this:
--------------------------------------------
Quarentine host : mail.example.com
Quarentine dir : /var/spool/MD-Quarantine/qdir-2007-01-23-15.15.57-001
Quarentine parts: 0
Relay host : 83-131-72-252.adsl.net.t-com.hr (83.131.72.252)
MessageID : l0NIFkkx022594
Sender : '<[EMAIL PROTECTED]>'
Recipient : [EMAIL PROTECTED]
Recipient : [EMAIL PROTECTED]
Messages :
This is an email with hits over 15:
hits: 46.796
SA Tests:
BAYES_99,BOTNET,BOTNET_CLIENT,BOTNET_CLIENTWORDS,BOTNET_IPINHOSTNAME,DNS_FROM_RFC_ABUSE,FORGED_RCVD_HELO,INVALID_DATE,MORE_SEX,RCVD_IN_SORBS_DUL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,WHY_WAIT
--------------------------------------------
After the "Messages" word, all users comments added with:
action_quarantine_entire_message()
are printed
I attach the patch and maybe it can help someone else too.
HTH
Oliver
--
Oliver Schulze L. | Get my e-mail after a captcha in:
Asuncion - Paraguay | http://tinymailto.com/oliver
--- mimedefang.pl 2007-01-23 15:24:21.000000000 -0300
+++ mimedefang.pl.ori 2007-01-23 15:23:15.000000000 -0300
@@ -1842,96 +1842,6 @@
}
#***********************************************************************
-# %PROCEDURE: send_quarantine_notifications_quick
-# %ARGUMENTS:
-# send_headers -- print the original headers in the notification
-# send_warnings -- print the warnings in the notification
-# %RETURNS:
-# Nothing
-# %DESCRIPTION:
-# Sends a quick quarantine notification message,
-# if anything was quarantined. The format is formated for easy reading
-#***********************************************************************
-sub send_quarantine_notifications_quick ($$) {
- my($send_headers, $send_warnings) = @_;
- $send_headers=0 if (!defined($send_headers));
- $send_warnings=0 if (!defined($send_warnings));
-
- # If there are not quarantined parts, return
- # else, e-mail a report
- if (($QuarantineCount <= 0) && ($EntireMessageQuarantined = 0)) {
- return;
- }
-
- my($body);
- $body = "From: $DaemonName <$DaemonAddress>\n";
- $body .= "To: \"$AdminName\" <$AdminAddress>\n";
- $body .= gen_date_msgid_headers();
- $body .= "Auto-Submitted: auto-generated\n";
- $body .= "MIME-Version: 1.0\nContent-Type: text/plain\n";
- $body .= "Precedence: bulk\n";
- $body .= "Subject: $QuarantineSubject\n\n";
-
- $body .= "Quarentine host : " . get_host_name() . "\n";
- $body .= "Quarentine dir : $QuarantineSubdir\n";
- $body .= "Quarentine parts: $QuarantineCount\n";
- $body .= "Relay host : $RelayHostname ($RelayAddr)\n";
- $body .= "MessageID : $QueueID\n" if ($QueueID ne "NOQUEUE");
- $body .= "Sender : '$Sender'\n" if defined($Sender);
- if ($EntireMessageQuarantined) {
- $body .= "Entire email : $QuarantineSubdir/ENTIRE_MESSAGE\n";
- }
-
- my($recip);
- foreach $recip (@Recipients) {
- $body .= "Recipient : $recip\n";
- }
- my $donemsg = 0;
- my $i;
- for ($i=0; $i<=$QuarantineCount; $i++) {
- if (open(IN, "<$QuarantineSubdir/MSG.$i")) {
- if (!$donemsg) {
- $body .= "Messages :\n";
- $donemsg = 1;
- }
- while(<IN>) {
- $body .= $_;
- }
- close(IN);
- }
- }
- if ($donemsg) {
- $body .= "\n";
- }
-
- if($send_headers) {
- if (open(IN, "<$QuarantineSubdir/HEADERS")) {
- $body .= "\n----------\nHere are the message
headers:\n";
- while(<IN>) {
- $body .= $_;
- }
- close(IN);
- }
- for ($i=1; $i<=$QuarantineCount; $i++) {
- if (open(IN, "<$QuarantineSubdir/PART.$i.HEADERS")) {
- $body .= "\n----------\nHere are the headers
for quarantined part $i:\n";
- while(<IN>) {
- $body .= $_;
- }
- close(IN);
- }
- }
- }
- if($send_warnings) {
- if ($#Warnings >= 0) {
- $body .= "\n----------\nHere are the warning
details:\n\n";
- $body .= "@Warnings";
- }
- }
- send_mail($DaemonAddress, $DaemonName, $AdminAddress, $body);
-}
-
-#***********************************************************************
# %PROCEDURE: signal_complete
# %ARGUMENTS:
# None
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
