[Mimedefang] Filtering usernames
I've got a wildcard entry in my virtusertable to deal with the braindead websites that can't handle plussed addresses. I want to be able to put shiva+yourwebsitehere as my username but most reject that. So I've got a mismash of adhoc usernames that either use a dot instead of a plus, or omit my username and just use the sitename. (Sometimes the braindeath is a too-short email field.) The result is that I also get a lot of spam directed to random addresses. SpamAssassin deals with most of it, but I'd still like to be able to SMTP reject more of it that's directed at nonsensical usernames. So I'm asking for advice on how to escape my initial predicament (I guess I need to log all usernames arriving in my account for awhile and see if I can capture all the legitimate ones) and meantime what I can do to reject as much of the chaff as I can. One rule that comes to mind is to reject all usernames with no vowels in them. The names I choose always have vowels. Does anyone see any obvious problems with that? I can't do that with a sendmail table, but it's easy to do with MD. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering usernames
Kenneth Porter [EMAIL PROTECTED]wrote on 12/15/2006 07:43:46 AM: One rule that comes to mind is to reject all usernames with no vowels in them. The names I choose always have vowels. Does anyone see any obvious problems with that? I can't do that with a sendmail table, but it's easy to do with MD. I'm not sure how much you would catch with that. Why not always include a special string in all email addresses you use, such as KP-SW and test for that. Reject any message that does not include it in the recipient address. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering usernames
--On Friday, December 15, 2006 8:39 AM -0500 [EMAIL PROTECTED] wrote: Why not always include a special string in all email addresses you use, such as KP-SW and test for that. Reject any message that does not include it in the recipient address. Simply testing for ^shiva would accomplish that, for addresses I use in the future. BTW, is there a straightforward way to read the sendmail aliases and virtusertable maps from MD? I can quickly exclude all addresses that match non-wildcard entries, and then just focus on those that hit the wildcard one. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering usernames
BTW, is there a straightforward way to read the sendmail aliases and virtusertable maps from MD? I can quickly exclude all addresses that match non-wildcard entries, and then just focus on those that hit the wildcard one. I would say no. The ways of sendmail.mc's working are impressively complex and not for the external analysis IMO. However, my thought (probably suggested by DFS if memory serves) has been to use sendmail -bv sendmail -bv kmcgrail kmcgrail... deliverable: mailer local, user kmcgrail sendmail -bv kevin.mcgrail kevin.mcgrail... User unknown sendmail -bv [EMAIL PROTECTED] [EMAIL PROTECTED] deliverable: mailer local, user kmcgrail sendmail -bv [EMAIL PROTECTED] [EMAIL PROTECTED] deliverable: mailer local, user kmcgrail Regards, KAM ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Return-Path help
I know this isn't the right list for this, but I thought maybe I could use MimeDefang to fix a real minor issue I'm having. I'm using Cyrus IMAP server and sieve for filtering. If someone set's up a vacation message, sieve autoresponds but sets Return-Path: . I'm noticing that many other autoresponders do the exact same thing, but more and more often, I'm noticing that customers mail servers are not accepting those messages with this: - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 556 Mail from nullsender not allowed (#5.7.1)) I can't figure out how to make sieve add the correct name in the return path, so is there a way to make Mimedefang do it on the way out? Set the return-path to whatever the from has in it? And should I even attempt this? I've been reading and it looks to me like this was maybe done on purpose to prevent mail loops, and mail servers are supposed to accept messages with null Return-Paths. Anyone have any ideas on this? Thanks for the input!! Mark ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Return-Path help
Mark Johnson wrote: I know this isn't the right list for this, but I thought maybe I could use MimeDefang to fix a real minor issue I'm having. I'm using Cyrus IMAP server and sieve for filtering. If someone set's up a vacation message, sieve autoresponds but sets Return-Path: . Return-Path is nothing more than the SMTP Envelope Sender. - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 556 Mail from nullsender not allowed (#5.7.1)) That machine is broken. See http://www.rfc-ignorant.org/policy-dsn.php Basically, machines that reject mail from are ignorant of the RFCs and deserve to be blacklisted. I would file a bug report with [EMAIL PROTECTED] and [EMAIL PROTECTED], pointing them to the rfc-ignorant.org site. I can't figure out how to make sieve add the correct name in the return path, so is there a way to make Mimedefang do it on the way out? Not easily, at least until Sendmail 8.14 is out. It will allow milters to change the envelope sender (not that MIMEDefang supports that yet!) Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Return-Path help
I can't figure out how to make sieve add the correct name in the return path, so is there a way to make Mimedefang do it on the way out? Automatic replies like vacation should ALWAYS come from . The envelope sender means do not reply. The purpose is to prevent automatic replies from replying to each other indefinitely. - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 556 Mail from nullsender not allowed (#5.7.1)) As David said, this host's configuration is broken. The users on it will not get any delivery status notifications. No bounces, no vacation replies, and so forth. Let it go. You can't help them. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Return-Path help
David F. Skoll wrote: That machine is broken. See http://www.rfc-ignorant.org/policy-dsn.php Basically, machines that reject mail from are ignorant of the RFCs and deserve to be blacklisted. I would file a bug report with [EMAIL PROTECTED] and [EMAIL PROTECTED], pointing them to the rfc-ignorant.org site. Good news!! What do you make of what sieve is doing, though? Should it be putting the correct name in the return-path? Or is it doing what it is supposed to? Thanks! Mark ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Return-Path help
Mark Johnson wrote: Good news!! What do you make of what sieve is doing, though? Should it be putting the correct name in the return-path? The Return-Path header is supposed to be generated when the message is finally delivered. Sieve doesn't generate a Return-Path header; all it does is ensure that the mail is delivered with an Envelope Sender of , and that's exactly what it should do. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Outlook Calendar invitations and Mimedefang
Hi, We are running mimedefang 2.57 together with Sendmail 8.12.11 to add a disclaimer to outgoing e-mail. /etc/mail/mimedefang-filter: ### sub filter_end { my($entity) = @_; if ($Sender =~ /[EMAIL PROTECTED]/i) { append_text_boilerplate($entity,--\n.text.--\n,0); append_html_boilerplate($entity,hr\n.text.hr\n,0); …… .. ### Everything works fine, except for Outlook appointments. Mimedefang adds the text disclaimer to the text/plain MIME part and the HTML disclaimer to the text/html MIME part. The text/calender MIME part, containing the actual appointment, does not get a disclaimer in it. So all is working fine. But because all MIME parts get a Content-Disposition: inline line, the appointment gets mangled. When opened in Outlook, it's not possible to Accept/Decline the meeting. The only sollution I found in the mailinglists was to skip the action_rebuild(); action. But in the /etc/mail/mimedefang-filter configuration file, this option is hased(#) out already. Within /usr/bin/mimedefang.pl it is still used, because a part is added to the e-mail, resulting in a rebuild of the e-mail. Is there a simple and neat sollution not to add the Content-Dispostion: line to the /text/calendar part? Thanks for an Answer, Marcel Kolkman _ Search from any Web page with powerful protection. Get the FREE Windows Live Toolbar Today! http://www.toolbar.live.com ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Return-Path help
On Fri, Dec 15, 2006 at 10:20:50AM -0500, David F. Skoll wrote: - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 556 Mail from nullsender not allowed (#5.7.1)) That machine is broken. See http://www.rfc-ignorant.org/policy-dsn.php Indeed. Note, however, that this is usually done because the user is being joejobbed. In fact, you are doing him a service sending vacation message as a bounce, because the vacation could have been triggered by the joejob too, so it is then (rightfully) being ignored. Also: lots of _other_ sites are doing sender verification, by connecting back to the mailserver of the (claimed) sender, and doing MAIL From: RCPT To:[EMAIL PROTECTED]. Now, the merit of this check is a whole debate in and of itself, but the fact is that it exists. Those users are going to find they cannot email to those sites. Most likely, the email just magically disappears (because it gets rejected for a sender callout verification failure, bounces, and then the bounce itself is rejected by the null sender blocking). I'd just ignore this issue, if I were you. The above [EMAIL PROTECTED] has problems enough already. Basically, machines that reject mail from are ignorant of the RFCs and deserve to be blacklisted. I would file a bug report with [EMAIL PROTECTED] and [EMAIL PROTECTED], pointing them to the rfc-ignorant.org site. Hmm, David, since when did you change your opinion on rfc-ignorant? :) I can't figure out how to make sieve add the correct name in the return path, so is there a way to make Mimedefang do it on the way out? Not easily, at least until Sendmail 8.14 is out. It will allow milters to change the envelope sender (not that MIMEDefang supports that yet!) It can be done with mimedefang, just not very easy. In fact, it's ugly. You'll have to tell sendmail to discard the message, and then resubmit it to sendmail with another envelope sender. -- Jan-Pieter Cornet [EMAIL PROTECTED] !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
rfc-ignorant (was Re: [Mimedefang] Return-Path help)
Jan-Pieter Cornet wrote: [...] Hmm, David, since when did you change your opinion on rfc-ignorant? :) Since they de-blacklisted roaringpenguin.com :-) For those not in the know: roaringpenguin.com rejects mail from to [EMAIL PROTECTED] We do this because: a) We never *send* mail as [EMAIL PROTECTED], so we never expect DSNs or vacation replies to that address, and b) We have a real person reading postmaster's mail. I don't want that person (aka me) to be sent mail that doesn't have a valid return path, because it wastes my time. RFC-Ignorant's owner contended that I was violating RFCs, and I contended I was not. We had a big debate and the result was that he added the third bullet point at http://www.rfc-ignorant.org/policy-postmaster.php Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering usernames
--On Friday, December 15, 2006 10:08 AM -0500 Kevin A. McGrail [EMAIL PROTECTED] wrote: sendmail -bv kevin.mcgrail kevin.mcgrail... User unknown That reminds me: Is there a way to change the character used for plussed addressing, perhaps to add . so that either + or . can be used? That way I can just always use . in web forms. Most seem to accept that. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering usernames
Kenneth Porter wrote: That reminds me: Is there a way to change the character used for plussed addressing, perhaps to add . so that either + or . can be used? It would require deep hacking of the sendmail.cf file. (I don't think you can do it at the .mc level, unfortunately. You'd need to look at the prototype .cf fragments that Sendmail ships with the m4 building system.) That way I can just always use . in web forms. Most seem to accept that. Not to blow our own horn too much :-), but you need http://news.thomasnet.com/fullstory/469271/2585 Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Outlook Calendar invitations and Mimedefang
Marcel Kolkman wrote: But because all MIME parts get a Content-Disposition: inline line, the appointment gets mangled. They only get a Content-Disposition: inline header if they didn't have a Content-Disposition: header to begin with. Since the lack of a header is equivalent to inline, Outlook is wrong. It should add a Content-Disposition: attachment header to the text/calendar part. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Outlook Calendar invitations and Mimedefang
You should pitch that product to this guy: http://www.sueaspammer.com This could be another handy tool for an individual or organization who wants to gather evidence for the purpose of suing spammers. -Ben David F. Skoll wrote: Marcel Kolkman wrote: But because all MIME parts get a Content-Disposition: inline line, the appointment gets mangled. They only get a Content-Disposition: inline header if they didn't have a Content-Disposition: header to begin with. Since the lack of a header is equivalent to inline, Outlook is wrong. It should add a Content-Disposition: attachment header to the text/calendar part. Regards, David. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Ben Kamen = Email: bkamen AT benjammin DOT net Web: http://www.benjammin.net She missed an invaluable opportunity to give him a look that you could have poured on a waffle ... ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering usernames
--On Friday, December 15, 2006 8:48 AM -0800 Kenneth Porter [EMAIL PROTECTED] wrote: That reminds me: Is there a way to change the character used for plussed addressing, perhaps to add . so that either + or . can be used? That way I can just always use . in web forms. Most seem to accept that. I found a couple of comp.mail.sendmail threads that suggest using the regex feature for this: http://groups.google.com/group/comp.mail.sendmail/browse_frm/thread/44288aacc1f20126/ http://groups.google.com/group/comp.mail.sendmail/browse_frm/thread/1bd76c0eb8a4cd55/ ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Previous relay information
On Wed, Dec 13, 2006 at 06:43:37PM +0900, Mark van Proctor wrote: Has anyone implemented some form of parsing of the received headers to determine who the previous relay was? When is the earliest time that these headers are available? filter_begin? Are these easily accessible through mimedefang's variables or will we need to build some kind of script that will parse the actual mail files? Here's a way to get ahold of the Received headers. I haven't figured out the earliest place it can go in the script. It certainly works if put just above the call to SpamAssassin. $HDRS = $CWD . /HEADERS; open (HDRS) or md_syslog('warning', 'Cannot open the ' . $CWD . ' HEADERS file!'); @header = HDRS; close(HDRS); $headcount = @header; $n = 0; $r = 0; while ($n $headcount) { if ($header[$n] =~ /Received:/) { $received[$r] = $header[$n]; $r++; } $n++; } Then here's how I'm getting rid of spam with a faked first Received by transpect.com - since transpect.com isn't even the MX for transpect.com. $reccount = @received; $reccount--; if ($received[$reccount] =~ /by transpect\.com/) { md_syslog('warning','$MsgID: bytrans: ' . $received[$reccount]); action_discard(); } The previous relay you were after would be in $received[1] with this script. Whit ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering usernames
On Fri, 15 Dec 2006, Kenneth Porter wrote: I've got a wildcard entry in my virtusertable to deal with the braindead websites that can't handle plussed addresses. I want to be able to put shiva+yourwebsitehere as my username but most reject that. So I've got a mismash of adhoc usernames that either use a dot instead of a plus, or omit my username and just use the sitename. (Sometimes the braindeath is a too-short email field.) You can use a few sendmail rewriting rules instead of the wildcard entry in your virtusertable. Put something like this at the bottom of your sendmail.mc file and generate a new sendmail.cf Be aware that the LHS and the RHS of the rules are separated by tabs. Don't replace the tabs with spaces. LOCAL_RULE_0 # Rewrite shiva.whatever to shiva+whatever R shiva . $*$@ shiva + $1 R shiva . $* @$=w.$@ shiva + $1 @ $2 . # If the local.part of an address contains dots then do a # nameserver lookup to test if the local.part is a valid domain # name and replace with shiva+local.part if so. # But don't do a nameserver lookup if the address contains a + R $* + $* $@ $1 + $2 R $+ . $- $: $1.$2 @@ $[ $1.$2 $] R $+ . $- @$=w. $1.$2@$3. @@ $[ $1.$2 $] R $* @@ $* .shiva + $1 R $* @@ $* $1 This code will do a namesever lookup for every local username that contains dots. You might not like that if you frequently use names or aliasses with dots. Mail will be delivered to the wrong person if a local.part resolves to a valid domain name for any of your users/aliases. I wouldn't use this on a mailserver that has many accounts. But it might be usefull on a personal workstation or a system with ony a few mail accounts. Regards, Kees. -- Kees Theunissen F.O.M.-Institute for Plasma Physics Rijnhuizen, Nieuwegein, Netherlands E-mail: [EMAIL PROTECTED], Tel: (+31|0)306096724, Fax: (+31|0)306031204 ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] OT: RBL checking in Sendmail
Currently, we check a couple of RBLs right away in filter_sender(). I've been thinking that it'd be nice to move those checks from MIMEDefang into Sendmail, for the following two reasons: 1) If the message ends up being blocked, we avoid a milter call and all of MIMEDefang's setup overhead. 2) If the message is not blocked, we save some time by having a Sendmail child waiting on the DNS query instead of a MIMEDefang child. The amount of time here may be so small as to be irrelevant, though. I know I could just use the dnsbl rule in my sendmail.mc, but this has some problems. First, we need to exclude local and authenticated senders from the RBL tests. Excluding local senders saves useless lookups and excluding authenticated senders is necessary because users roaming on other networks may get an IP that was previously being abused. The only easy way I've found to do this so far is to turn on Sendmail's delay_checks. However, I think this will cause the following issues: 1. Milter calls are not delayed, so Sendmail will call MIMEDefang (i.e. for filter_sender) *BEFORE* the RBL checks, completely defeating the point. 2. Even if I were to re-arrange my filter and make MIMEDefang not call filter_sender, I think I'd run into a situation where the RBL tests would be called multiple times, once for each RCPT. I may be wrong, though. Ideally, I just want to call the RBL from Sendmail at the MAIL command stage, before milters are called. Does anyone know how to do that? It seems I need to add something to do the call from Local_check_mail if and only if the sender is not local or authenticated. Thanks, Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Filtering usernames
--On Friday, December 15, 2006 8:23 PM +0100 Kees Theunissen [EMAIL PROTECTED] wrote: This code will do a namesever lookup for every local username that contains dots. You might not like that if you frequently use names or aliasses with dots. Mail will be delivered to the wrong person if a local.part resolves to a valid domain name for any of your users/aliases. That's interesting-looking, but I'd tweak it to do the lookup in a specific domain, and swap the order of the dotted names, so shiva.list1 becomes list1.shiva.sendmail-aliases.sewingwitch.com. I could even put a wildcard DNS record in there. :P ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Previous relay information
On Fri, Dec 15, 2006 at 01:44:01PM -0500, Whit Blauvelt wrote: Has anyone implemented some form of parsing of the received headers to determine who the previous relay was? When is the earliest time that these headers are available? filter_begin? Are these easily accessible through mimedefang's variables or will we need to build some kind of script that will parse the actual mail files? Here's a way to get ahold of the Received headers. I haven't figured out the earliest place it can go in the script. It certainly works if put just above the call to SpamAssassin. $HDRS = $CWD . /HEADERS; [...] You can put this as early as the filter_begin() function, since that's the first time the message is parsed. But it's a lot easier than this, since the message has already been parsed, and put into a MIME::Entity object. You just have to save the object that is passed to filter_begin, and extract the header object, and then any header you like from that. sub filter_begin { my($entity) = @_; # ... other code goes here, optionally my $header_object = $entity-head; my $first_received = $header_object-get('Received', 0); ### $first_received is actually the first Received: header ### that is received from the remote host, so it contains ### the previous relay. if ( $RelayHostname eq 'my.backupmx.server.domain.tld' ) { ### extract previous relay if ( $first_received =~ m{ from\s+(\S+)# match HELO name \s+\( # literal '(' (?: # start optional hostname... ([A-Za-z0-9.-]+\.[a-z]+)# match hostname \s+ )? \[ # literal '[' (\d+(?:\.\d+){3}) # match an IP address \] # literal ']' (?:\s+\([^)]*\))? # optional (may be forged) \s*\) # literal ')' }x ) { $previousHelo = $1; $previousRelayHostname = $2; $previousRelayAddr = $3; } } ### get last received header my $last_received = $header_object-get('Received', -1); ... Note: the above code is untested. The regular expression matches a sendmail-style Received line: Received: from HELO (reverse.dns [i.p.ad.dr] (may be forged)) Have fun, -- Jan-Pieter Cornet [EMAIL PROTECTED] !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: RBL checking in Sendmail
On Fri, Dec 15, 2006 at 02:50:32PM -0600, Richard Laager wrote: Currently, we check a couple of RBLs right away in filter_sender(). I've been thinking that it'd be nice to move those checks from MIMEDefang into Sendmail, for the following two reasons: 1) If the message ends up being blocked, we avoid a milter call and all of MIMEDefang's setup overhead. Setup overhead? There hardly is any, if you already have mimedefang running. 2) If the message is not blocked, we save some time by having a Sendmail child waiting on the DNS query instead of a MIMEDefang child. The amount of time here may be so small as to be irrelevant, though. It's going to be WAY longer than the setup time you worry about above, by the way, but still on the order of 50ms average probably. I don't really understand why you save time, though. Sendmail isn't getting a faster response from the DNS server than mimedefang is. You might save some memory that way, true... but that's normally only an issue when you start to spend several seconds in the mimedefang code. [...] Ideally, I just want to call the RBL from Sendmail at the MAIL command stage, before milters are called. Does anyone know how to do that? It seems I need to add something to do the call from Local_check_mail if and only if the sender is not local or authenticated. It can be done. Note, by the way, that you really want to test this at RCPT To time, so you can exempt addresses like abuse@ and postmaster@ from the DNS blacklists, so users who are incorrectly placed on those blacklists can still contact you. And you can even cache those lookups, from within sendmail.cf rules, if you like, to prevent duplicate lookups due to multiple recipients. I know - because I tried, at one point in the past, and succeeded. After getting a splitting headache for wrapping my head around the terribly arcane sendmail.cf ruleset language, and having to implement some basic building blocks in that language -- like hash lookups. I quickly junked that attempt and implemented it all in nice, clean perl in MIMEDefang, where it's a breeze to code in any exception you like, and where you can just build yourself a comfortable environment. So -- to summarize -- save yourself a heap of trouble, and do not try to squeeze out a few microseconds of optimization for a complex monstrosity that is very hard to produce, impossible to maintain, and will likely remain buggy in unforseen ways (like - there are all sorts of sendmail compiled-in limits that you run into if you really push the borders of the cf language). -- Jan-Pieter Cornet [EMAIL PROTECTED] !! Disclamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: RBL checking in Sendmail
On 16 Dec 2006 at 0:08, Jan-Pieter Cornet wrote: Note, by the way, that you really want to test this at RCPT To time, so you can exempt addresses like abuse@ and postmaster@ from the DNS blacklists, so users who are incorrectly placed on those blacklists can still contact you. This brings up another question that's somewhat related to David's not accepting e-mail for postmaster from . What's the thought about rejecting an e-mail to postmaster, abuse, etc., if there are other recipients that aren't in the required to exist RFC list? Basically, what I do now is look for those key addresses in filter_recipient and don't reject at that stage if it is one of those, and then in filter_begin I scan the @Recipients list for any of them, and also don't reject (except for viruses). But, some spam creeps through that is addressed to at least one of them and some other address. -- Jeff Rife | | http://www.nabs.net/Cartoons/RhymesWithOrange/ObedienceFinal.jpg ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang