Hi qmailers, I noticed quite a few discussions about CHECKATTACH last week. Here is the updated script which address some of the issues. I hope this is useful... cheers, -- Noel G. Mistula Network & Systems Administrator Meriton Apartments Pty Ltd
#!/bin/bash # ####################################################################### # qmail -- checkattach # Author: Noel G. Mistula <[EMAIL PROTECTED]> # URL: http://www.meriton.com.au # URL: http://www.karimbla.com.au # URL: http://www.karimbla.com.au/mistronix # Date: 28 June 1999 Version: 0.1 # Modified: 7 July 1999 Version: 0.3 # Modified: 7 May 2000 Version: 0.4 # Modified: 15 March 2001 Version: 0.4.5 # I appreciate any comment to this quick and dirty way of filtering attachment. ####################################################################### ################################### # This is release under GNU/GPL. ################################### ############################################################# # For info on Filtering Attachments in qmail # goto http://www.fehcom.de/qmail/filter.html # I would like to thank Dr. Erwin Hoffmann for documenting this # and his efforts to write CHECKSUBJ based on this script. ############################################################# # NOTE: # This is a very crude (but working) script. Use at your own risk. # This will bounce (or forward) incoming email with EXEcutable, # video, VBS, and other attachments. Just add/remove # whichever filetype (e.g. EXE, AVI, COM, VBS, etc) is required # in the checktype(). # USAGE: # 1) Save this script as; /usr/local/bin/checkattach # 2) Make sure that there are _no_ ^M characters in the script. # I use gvim to check this. Or search for dedos.pl in the qmail # mailing list and use that to strip the ^M characters. # 3) Then; chmod 755 /usr/local/bin/checkattach # 4) Then; chown root:qmail /usr/local/bin/checkattach # 5) Then edit the user's .qmail file by adding the line; # |/usr/local/bin/checkattach # This must be _before_ the ./Maildir/ # REASONS: # There are a few reasons why I implemented 0.4.5; # 1). There are whinger in the mailing list that they should # be able to forward the quarantined email before bouncing it. # 2). The problem in 1) above finally catch up with me. One # of the lawyers/sales_exec here whinge a lot that he cannot # receive important (i.e. jokes, sports news, etc) emails. # He said that we should be able to forward the email to a quarantine # account and let someone read _all_ suspect/bounce emails in there. # 3). Go back to 1) and read it again @;-) # Start program here ver 0.4.5. # Bounce message printmsg () { echo "Hi $SENDER," echo " " echo "We received the email you sent to <$RECIPIENT> ." echo "However, your email has been held for quarantine and evaluation". echo "Because the attachment you sent may contain virus or is against" echo "our company's policy. Please notify <$RECIPIENT> by phone." echo " --- Filetype of the attachment you sent is $ATTYPE" echo " " echo "Please call us (5555-5555) or email to [EMAIL PROTECTED]," echo "if you require clarification. Thank you." echo " " } # Add/Remove filetype you wanted to bounce. # Check for _not_ allowed attachment. checktype () { case $ATTYPE in VBS | VB | ASF | HSQ | GEN | ADE | ADP | BAS | CHM | CPL | CRT | INF | INS | ISP | MDB | MDE | MSC | MSI | MSP | MST | LNK | PCD | PIF | POT | PWZ | REG | SCR | SHS | HQX | JS | VBE | RTF | JSE | CSS | WSH | WSC | WSF | SCT | HTA | VXD | EXE | URL | HTM | DOT | HLP | PAK | DAT | PCX | COM | BAT | CMD | AVI | MOV | RAM | OCX | CAB | CLA | RA | MPE | MPG | MP3 | MP4 | WAV | AUD | AU | DLL) # Read about qmail-inject to customize this line. /var/qmail/bin/qmail-inject [EMAIL PROTECTED] [EMAIL PROTECTED] < $tmpfile # This will clean up the temporary file. rm -f $tmpfile # If you want to add this message to the original # email, then uncomment the # printmsg below. # This is normally use when you bounce the email # by using exit 100. # printmsg # Use exit 100, to bounce email (use printmsg above). # Use exit 99, if you don't want to bounce the email. # exit 100;; # exit 99;; ###### Being NICE to the Sender use this ##### ###### because the Sender is too STUPID ##### ###### s/he doesn't understand the bounced ##### ###### message and gobbledigok attachment ##### # Another way to customize the bounce message without # sending back the original (and attachment) is to # use exit 99. The problem with this is, some # consider this a spam because the From in the # envelope and the header are not the same. # Any suggestion? printmsg | /var/qmail/bin/qmail-inject [EMAIL PROTECTED] "$SENDER" # You can do it like this as well # printmsg | /var/qmail/bin/qmail-inject "$SENDER" # Or like this # printmsg | /var/qmail/bin/qmail-inject -f"$RECIPIENT" "$SENDER" exit 99;; *) # This will clean up the temporary file. rm -f $tmpfile exit 0;; esac } # MAIN part of the script. # I had to do the next two lines of code to have forwarding options. # Because the "egrep -e" will not work well if a line starts with "-". # (Read more about egrep/grep to understand what I'm talking about.) # I know this will create temporary file and this will become # a __security__ problem.... I hope not...;) # However, if you have a better idea than this, just let me know. ;) # NB: you cannot use (or can you?) tmpfile=$HOME/tmpmail$$ because if # the recipient is an alias then it will create the temp file in there. tmpfile=/tmp/tmpmail$$ cat - > $tmpfile # The good old grep and gawk combo is right here. ATTACHTYPE=`grep "name=" $tmpfile | gawk 'BEGIN {FS="."}; {print toupper($NF)}' | cut -c -3` # After sucking-in all the attachment type above, start checking it... for ATTYPE in $ATTACHTYPE do checktype $ATTYPE done #### End of ver. 0.4.5 # This will clean up the temporary file rm -f $tmpfile exit 0
