Re: [Mimedefang] Is this list still alive?

[Dianne Skoll via MIMEDefang]

On Thu, 1 Apr 2021 09:43:21 -0500
 wrote:

> My question also was what is going to happen to the data feeds we are
> getting.

I'm not sure what data feeds you're referring to.  If you are referring to
the Roaring Penguin IP blocklists and/or the CanIt Bayes data feeds, those
are controlled by AppRiver and if AppRiver decides to shut them down...
there's not much anyone can do because they are fed by CanIt installations.

> I don't see a good option for small ISPs that don't have a budget
> for spam filtering at scale.

It is a problem indeed. :(  Many ISPs are in the same boat.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Is this list still alive?

[Dianne Skoll via MIMEDefang]

On Thu, 01 Apr 2021 11:13:48 -0400
"Bill Cole"  wrote:

> There was an issue opened a month ago at
> https://github.com/The-McGrail-Foundation/MIMEDefang/issues/25
> stating that the list was down.

The list is still being run by AppRiver (Zix, now, I guess.)

> I attempted to post a test on March 3 which never showed up on the
> list.

Huh, weird.  It's unfortunately out of my hands now. :(

Regards,

Dianne.


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Is this list still alive?

[Dianne Skoll via MIMEDefang]

I haven't seen traffic since December 2020... just pinging the list...

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Help with header checking

[Dianne Skoll via MIMEDefang]

On Tue, 1 Dec 2020 13:10:43 -0500
Joseph Brennan  wrote:

> We used this to create an array of header information:

> if (open(IN, '<', './HEADERS')) {
> while() {
> chomp;
> if (/^(\S+):\s*(.*)/) {
> my $label = $1;
> my $data  = $2;
> $label = lc($label);
> $Header{$label} = $data;
> if ($label eq 'received') {
> push(@Received,$data);
> }
> }
> close(IN);
> }

Hmm.  Received: isn't the only header that can permit multiple instances.
You may lose some information here.

Why would you not just use the MIME::Head object that you can
get from $entity->head?  It has all the headers pre-parsed and has
decent accessors.

(I assume this is all academic (heh...) as Columbia looks to be
using Proofpoint now.)

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Help with header checking

[Dianne Skoll via MIMEDefang]

On Thu, 26 Nov 2020 12:47:56 -0500
"Bill Cole"  wrote:

[snip]
> That Received header is added by Sendmail *AFTER* all milters have
> done their end-of-data work. It is not present when MD sees the
> message.

So as per Bill Cole's analysis, it seems there were indeed no
Received: headers on the mail as seen by MIMEDefang.

As for why SpamAssassin is not running, Bill's guess (size limit) is a
pretty good one, but we can't know for sure without seeing your
filter code.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Help with header checking

[Dianne Skoll via MIMEDefang]

On Wed, 25 Nov 2020 11:45:11 +0100
Andrea Venturoli  wrote:

> > if (open(HF, "<./HEADERS")) {
> > my $head = Mail::Header->new([]);
> > close HF;
> > md_syslog('warning',"head = %$head");

You shouldn't really print "head = %$head" because you don't know the
implementation details of Mail::Header.  Treat it as an opaque object.

> The purpose is to extract Received fields, so to reconstruct the path
> a message underwent from server to server.
> It has worked 99.99% of the times for years; lately, however it fails
> on some very frequent spam messages and I have a hard time
> understanding why.

I suggest calling action_quarantine_entire_message() if you get no
received headers so you can preserve a copy of the original message for
analysis.

> I tried adding:
> > foreach $key (keys %$head)
> > {
> > md_syslog('warning',"$key is $head{$key}");
> > }  

It should be $head->{$key} and is unlikely to be useful; you're
printing instance variables on the Mail::Header object, which most
likely do not correspond to actual headers.

If you want to log @recheads, I would do it like this:

md_syslog('warning', 'recheads = ' . join(', ', @recheads));

Anyway... you need to capture the message (or at least the headers)
so we can analyze what's going on.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Future development

[Dianne Skoll via MIMEDefang]

On Mon, 23 Nov 2020 12:41:00 -0500
Anne Bennett  wrote:

> > The Perl code is atrocious.  

> Give yourself a break.  ;-)

Well, OK. :)

The code itself is not terrible.  I like to write clear code that any
newbie can understand (for "newbie", read "myself in 6 months time...")

What I mean is the *design* is atrocious, given that MIMEDefang is the
result of acretion rather than design.

(OTOH, I have worked on systems with beautiful designs but very tricky
and "clever" code where most of my time is spent reverse-engineering.
We don't want that either.)

>   - Initially (years ago), it was a bit hard to keep track of the bits
> and pieces, because mimedefang.pl calls my filter file, and my
> filter file calls various utilities provided by mimedefang.pl.
> Any code re-org that would make it easier to untangle this would
> help, even something as simple as putting the user-filter-called
> facilities into their own Perl module.

Right.  Tracking the flow of control when callbacks are involved is tricky.

>   - I like to run with Perl taint checks on, but mimedefang.pl
> doesn't cooperate well with that.

Oh, hmm. :)  That would be a lot of work.

>   - Picking up needed information (i.e., from the envelope and
> message, and QID) seems to be different in each filter_*
> subroutine.  I don't know how this would affect performance,
> but if there were a hash containing all available header,
> envelope, message status so far (e.g., did we mark as to
> be rejected?), and QID information, and maybe even headers
> in concatenated and decoded form, that would make writing
> filter_* subroutines easier.

Yes, some sort of context object that held all of this would be good.

> > I would start by writing a MD::Filter base class
> > and storing state in the MD::Filter object.  Callbacks could be
> > implemented as methods and users could subclass MD::Filter to
> > implement their behaviour.

> As another poster mentioned, that would indeed require more
> advanced Perl chops from the end user (postmaster), though
> well-chosen examples might go a long way toward alleviating
> that requirement.

In my ideal world, you would be able to take an existing mimedefang-filter
script, and add two lines to the top:

package MyFilter;
use base 'MD::Filter::Compat';

and then have it Just Work.  I don't know if this is realistic or a pipe-dream.

> Well, there's still potentially a fair amount of homegrown code that
> people can add.  I'm assuming that this would somehow fit into "users
> could subclass MD::Filter to implement their behaviour".

Yes, exactly.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Future development

[Dianne Skoll via MIMEDefang]

On Sun, 22 Nov 2020 15:21:04 -0500
"Bill Cole"  wrote:

[snipsnip...]

> Obviously OOPifying MD would be a v3 project, as it would break all 
> existing mimedefang-filter.pl scripts.

That is an issue.  Perhaps making an MD::Filter::Compat class that
lets old filter scripts keep working with minimal changes could be
a solution?

(It is a fair bit of work, of course...)

> A nearer-term step to clean up the code a bit would be to break out 
> existing code to distinct modules that may (or may not) be the basis
> for future object structures. This could result in supporting
> existing configurations with a code base that is easier to maintain
> and understand.

Yes, incremental cleanups could help too, but they would still likely
break existing filter scripts.

Regards,

Dianne.


___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Future development

[Dianne Skoll via MIMEDefang]

On Sun, 22 Nov 2020 13:24:24 -0500
Dianne Skoll  wrote:

> Anyway... I'd really like to see MIMEDefang development activity pick
> up again.  I'm hoping The McGrail Foundation will attract more
> interest in the project.

Specifically... these are things I would do differently if I were
starting MIMEDefang now instead of 20 years ago. :)

The C code is mostly fine; the milter and the multiplexor work
pretty well.

The Perl code is atrocious.  mimedefang.pl is over 7500 lines of
Perl in one ugly file with a ton of global variables.  It needs a major
overhaul.  I would start by writing a MD::Filter base class
and storing state in the MD::Filter object.  Callbacks could be implemented
as methods and users could subclass MD::Filter to implement their behaviour.

Functions like md_check_against_smtp_server, etc. should
be broken out into helper modules.

The actual filter file would be a very simple thing that simply
instantiates a (subclass of) MD::Filter and calls $filter->run() to
run the main mimedefang.pl loop.

Comments/thoughts/etc?

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Test

[Dianne Skoll via MIMEDefang]

On Sun, 22 Nov 2020 19:20:00 +0100
Benny Pedersen via MIMEDefang 
wrote:

> hope not to be enforced to use mimedefang, my simplest setup have
> being clamav-milter, spampd, and not more

That is a rather odd comment to post on the MIMEDefang mailing list, no?

Anyway... I'd really like to see MIMEDefang development activity pick
up again.  I'm hoping The McGrail Foundation will attract more interest
in the project.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Test

[Dianne Skoll via MIMEDefang]

On Thu, 19 Nov 2020 19:46:14 +0100
Benny Pedersen via MIMEDefang 
wrote:

> if mimedefang was writed in python i would have used it :=)

The multiplexor <-> filter protocol is simple and documented, so
have a go... :)

> hope for spamassassin writed in python is a long term dream, just
> like unifi wifi ax

No chance of that happening, I'd say.  There's only downside involved
in such a rewrite.

> beg for owner on maillist why is srs failing ?

Not sure, but it seems to be fixed now.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Test

[Dianne Skoll via MIMEDefang]

Hi,

> Maybe it's just you and me, Dianne, and I don't know why I'm still
> here after management moved us to Proofpoint.

I helped figure out the issue.  All the mail was quarantined and should
come flooding into the list.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Test

[Dianne Skoll via MIMEDefang]

Hey, Bill!  Long time no hear!

On Thu, 19 Nov 2020 12:11:00 +
"Brown, William"  wrote:

> Apparently!  Hope you and yours are staying safe and healthy.

We're all good.  Hope you and yours are too.

Anyway, the list seems a bit messed up... looks like only my posts
are making it through. :(  I've reached out to the new stewards of the
list to help sort this out.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Submit your Patches for MIMEDefang (Re: AppRiver donates MIMEDefang to The McGrail Foundation)

[Dianne Skoll via MIMEDefang]

Hi, all,

I'm posting this on behalf of Kevin A. McGrail, whose posts seem
to be disappearing...

Regards,

Dianne.

===
Afternoon everyone!

Sorry for the radio silence.  Many moons ago in the prepandemic times,
MIMEDefang was donated to The McGrail Foundation. As the new stewards,
we are accepting bug reports and especially patches.

You can run the latest version from the repo and here is the Changelog:
https://github.com/The-McGrail-Foundation/MIMEDefang/blob/master/Changelog
where we have been moving forward!

More info below and at http://www.mcgrail.com

Also getting ready to announce KAM.cf's update channel too. We
currently have it running in production and drafting the instructions
and announcement now.

Regards,
KAM


AppRiver donates MIMEDefang to The McGrail Foundation

Mar 05, 2020 Today, we are proud to announce that the MIMEDefang
project has been donated to The McGrail Foundation. This includes
source code, website, and domains.

However, due to the COVID-19 Pandemic, the integration of this project
is going to take some time! Please keep an eye out on the MIMEDefang
mailing list
https://lists.roaringpenguin.com/mailman/listinfo/mimedefang and our
GitHub https://github.com/The-McGrail-Foundation for more updates.

Thank you to everyone at AppRiver and Zix as well as Roaring Penguin
founder Dianne F. Skoll for their help in making this wonderful
donation a reality.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Test

[Dianne Skoll via MIMEDefang]

Is this list still alive?

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang and Postfix (was Re: Hi, and an update)

[Dianne Skoll via MIMEDefang]

On 2020-07-27 16:34, Joseph Brennan wrote:

> Hi Dianne I hope you're well. I'm saving your message just in case!

Heh. :)

> Only 20 years? Even so how well we know the satisfaction of spending
> a whole work day putting letters, numbers, and punctuation marks in
> just the right place in a line or two of sendmail.mc

Oh, for sure, Sendmail's an amazing piece of software and can be munged to
do all kinds of weird and wonderful things.  During the time I ran Roaring
Penguin, we ran into quite a few situations where Sendmail's flexibility
saved the day.

But still... it's showing its age, and Postfix is a really nice tool also.
Not quite as flexible as Sendmail, but close, and much more straightforward.

> The very last one I did was to use access.db to limit which valid users can do
> smtp auth. I need to migrate that to postfix pretty soon.

I wouldn't have a clue how to do that. :)  I'm still a Postfix newbie.

Regards,

Dianne.

PS: There is an official MIMEDefang git repo on github now:
https://github.com/The-McGrail-Foundation/MIMEDefang
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang and Postfix (was Re: Hi, and an update)

[Dianne Skoll via MIMEDefang]

> I've recently taken a position at Best Practical Solutions (the folks
> who make RT / Request Tracker.)  I actually have to integrate MIMEDefang
> with Postfix, which is not something I've done before, so I'm interested
> in hearing tips or pointers from people who have done this.

Well, it turned out to be super-easy.  The only minor wrinkle was that
I made the mimedefang socket an inet socket (127.0.0.1:8443) because Postfix
runs in a chroot environment, so it was just easier that way.
Then I just added this to /etc/postfix/master.cf:

smtpd_milters = inet:127.0.0.1:8443

and everything just worked!

Despite having used Sendmail for a long time (20 years?), I have to say I'm
a fan of Postfix.  Very easy to set up and quite well designed.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Hi, and an update

[Dianne Skoll via MIMEDefang]

Hi, everyone,

I've recently taken a position at Best Practical Solutions (the folks
who make RT / Request Tracker.)  I actually have to integrate MIMEDefang
with Postfix, which is not something I've done before, so I'm interested
in hearing tips or pointers from people who have done this.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Oyster (was Re: A rose by any other name... Renaming MIMEDefang. What's your idea for a name?)

[Dianne Skoll]

On 11/12/19 10:04 AM, Kenneth Irving wrote:
>  Maillusc

Haha, +1,  Puns are my weak spot.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] Oyster (was Re: A rose by any other name... Renaming MIMEDefang. What's your idea for a name?)

[Dianne Skoll]

Oyster is cute, but likely overloaded.  I know the London Underground
smartcard is called Oyster.

If you combine it with something else, it'd be better, I think.  MailOyster
or something (that doesn't exactly trip off the tongue, but I'm sure
someone can come up with something that does.)

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] KAM for MIMEDefang Leadership Role

[Dianne Skoll]

On 10/21/19 5:51 PM, Kevin A. McGrail wrote:
> Good Evening everyone,

> My name is Kevin A. McGrail.  I've been a long-time user of MIMEDefang
> and I'd like to put myself forward to take the mantle of leadership from
> DFS now that she has moved on to other work.  I don't envision it will
> be as amazing as under Dianne's leadership but I look to continue
> maintaining MD for the public good.

I would love to see MIMEDefang continue as an actively-developed
open-source project.  I know Kevin and think he'd be an excellent
person to lead the project, whether it continues under the MIMEDefang
name or changes to a new name.

I'm not in a position to support this project for the next 18 months or
so, unfortunately, other than to provide a vote of confidence for Kevin.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Carefully Crafted Recipient executes script?

[Dianne Skoll]

On 6/25/19 4:50 PM, Kevin A. McGrail wrote:

> It's an exim exploit CVE-2019-10149.  MIMEDefang won't be affected but
> you are correct what it is trying to do.

> In filter_recipient, add this to reject this exploit attempt:

>   #EXIM EXPLOIT 2019 June
>   if ($recip =~ /root\+\$\{run/i) {
> $explanation = "Invalid user";
> $answer = 'REJECT';
> 
> return ($answer, $explanation);
>   }

Thanks for the info; I was racking my brains figuring out how
MIMEDefang could have been tricked by that.

Unless you have odd email addresses, I'd simply reject and address
that contains "${".  Then you will catch variants such as
postmaster+${ etc.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] on the fly s/mime signing

[Dianne Skoll]

Hi,

Your starting point should be to look at https://metacpan.org/pod/Mail::GnuPG

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] The future of MIMEDefang

[Dianne Skoll]

Hi,

> What will happen to https://mimedefang.org/

Zix now owns that domain.  You'd have to ask them what they want to
do with it.

> Are you open to continue to operate it, or transfer it to a group of
> volunteers who will continue the project?  This current mailing list
> can also be migrated over to that domain so it doesn’t die with the
> new ownership.

I am willing to keep the site and mailing list going if nobody from
Zix wants to keep it going.  I did ask AppRiver what the plans were a
while back, but have not had a reply.

> I'd hate to see MD become abandonware… Been using it since 2003… 

I'd hate that also.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] The future of MIMEDefang

[Dianne Skoll]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi, everyone,

As many of you probably know, I sold Roaring Penguin Software about a
year ago.  The company was acquired by AppRiver, and AppRiver was
subsequently acquired by Zix.  I no longer work with the company
(or indeed in the anti-spam field... I've switched over to embedded
software development.)

As such, I don't have the time to maintain MIMEDefang.  It would be a
shame for all development to stop, however, as there are still many
things that could be done to improve MIMEDefang.  I'd encourage the
community to take over MIMEDefang and keep development happening.  I
will of course follow developments with interest and undoubtedly voice
my opinion from time to time :)

Regards,

Dianne.

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEc45NlUBSkCwUfQeyaFpaXlEdMOIFAlywkqAACgkQaFpaXlEd
MOIJPQ/+LCY9P+S1a7QGd57d77m1q5SOJMXYxs+M5JN38a2ZOewTm3sNxuhHA9Hf
shI+yx5Mo+B39b6qZy3S4MLXmyR9ua90FdqE4REgFMEdnlZIQzi/a8YOr8RfnjCU
MjsXrCGagAg+tLmM8DyAzJRfxzFaQKnPS/XFkuhqWanbGUb/2eq4AapIgNxU5LvO
fkauKqE7EOzVXNU7vrtF+3Aindd72x0duJqbwyaMdBxsxRFB1T9mggFUFQEbIC6g
eHQ8y7Ihws4UYkiJi4dO0XhvirdOhpJbBxCga0xdjmliVomqM5DfnMukqQffLQzn
k8zVT0sh9i/dmP5xEljaw/g01vrolFB6KJtbaNEPAglMkGmopqEw3uv6ZbV/tFg/
5cpKe5EtcmQK1Ywjpd3wA6HeHCrgKwGqHqlnsoNSOPlhUR9LESUWbaqOjGkQHwmc
H5HS0pBS/y8wGU+FRMVegzWuubDomgB2MQMYBKHZOy3E/W3df+m9XAPHNwpVDspr
RcRTMrgpUs4rshWGQw+q2NeTvv16zM1DHT9bePSAx2zqMaIgPJOq1UpW3n4cNw3g
dZqZklRK+RR4YHgkBQ8/YuF1vv4qUM7AvgE9+2WPa0uGI5jY/2JgZTDrpqXb++Hw
1zPZJHrYHWh7o970kYLBJDj+X3HI3eeVqZsmXbawTEDZqx32N2c=
=4y29
-END PGP SIGNATURE-
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] vcs extension

[Dianne Skoll]

On 4/7/19 5:09 AM, Kenneth Porter wrote:

> I just got a legitimate text vCard attachment in my quarantine with
> a .vcs extension. It's in the list of bad file extensions in the
> default filter. Why is that?

The default filter is really outdated and could use some revamping and
attention.  If anyone cares to volunteer... :)

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] DKIM body hash won't verify.

[Dianne Skoll]

Hi,

> I just put DKIM on my mail system, but gmail rejects with "body hash did not
> verify", so something is wrong with how I'm hashing.  Does this code look
> reasonable?

[snip]

The code looks fine.  Do services other than Gmail report a valid DKIM
signature?  I've observed occasional DKIM verification failures by
Gmail that I've yet to be able to explain, when all other verifiers
work correctly.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Migrating boilerplate signature fronte altermime

[Dianne Skoll]

On Fri, 11 Jan 2019 16:16:23 +0100
Riccardo Bicelli  wrote:

> 1. Images
> With altermime is nearly impossible to add images as attached/boundary
> so I have to insert them as base64 ecoded in img tag. With mimedefang
> Is there a way to add images boundary in boilerplate?

> 2. Base64 encoded messages
> Some mobile devices send messages encoded in base64. Is it possible
> adding a base64 boilerplate in Mimedefang?

Both of your questions have the same answer; you need to build up a
new MIME message in filter_end using the MIME::tools methods to
manipulate the message, and then call replace_entire_message to
replace the message with your newly-constructed message.  This lets
you do any sort of message-manipulation you can think of.

It's up to you to be careful and make sure you end up with something
sensible that doesn't cause failures in email clients that you care
about.  In particular, mobile clients may be very fussy about the
sorts of messages they display correctly.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] filter on header from display name

[Dianne Skoll]

On Mon, 26 Nov 2018 17:55:57 +0100
Marcus Schopen  wrote:

> is always the same, but I can't catch it with blacklist_from. Can I get
> that from $entity->head->get('From') or any better ideas?

That should work, or you can open and read the file ./HEADERS, which
contains the message headers (unwrapped, so exactly one header per line.)

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Question about resend_message() (Sendmail)

[Dianne Skoll]

On Thu, 18 Oct 2018 09:57:40 -0400
John Von Essen  wrote:

> If I call delete_recipient(); with no argument, does it act as a
> catch-all and delete ALL recipients?

Nope.

> Or do have do something like:
> foreach(@Recipients) { delete_recipient($_); }

Yup.  You could wrap it in a delete_all_recipients() function if you like.

> Or could I just null the @Recipients array (@Recipients = ();
> add_recipient($SpamBox);)

Nope.  Anything you do in your filter that only affects memory within
the Perl process has absolutely no effect on Sendmail.  You have to
call one of the functions that communicates with Sendmail to actually
affect anything.

If you look at the source, you'll see that delete_recipient and
add_recipient make notes in the RESULTS file that ask the C code to
call appropriate milter functions to *actually* make the changes.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Question about resend_message() (Sendmail)

[Dianne Skoll]

Hi,

> if ($hits >= $req) {
> action_change_header("X-Spam-Score", "$hits ($score) $names");
> resend_message($SpamBox);
> action_discard();
> } 

Rather than using resend_message to resend the message, if you have
a new-enough version of Sendmail you can use delete_recipient to delete all
of the original recipients and then add_recipient to add $SpamBox as
a recipient.  You have to loop over @Recipients to delete all the
original recipients.

Otherwise, you could add a magical header to the message and look for
it the next time around.  You have to be careful to (1) delete the
magical header before letting the mail go out if it's not being
redirected, and (2) only trust it if the mail does originate from
localhost.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] action_drop_with_warning and refuse to sender

[Dianne Skoll]

On Fri, 24 Aug 2018 23:35:54 +0200
Marcus Schopen  wrote:

> That might me right in most of the cases. But if you do a "silent"
> reject, this has to be communicated very clearly to the recipient, as
> well as rejecting at a spamassassin score of >= 5. This is nothing you
> can decide on your own as postmaster, just because it makes sense.

It's not silent.  The sender will get a delivery failure notification.

[...]

> I agree that most detected virus mails (I use clamav) are virus mails.
> But I myself got some valid emails from Amazon, which were marked as
> "Heuristics.Phishing.Email.SpoofedDomain" and therefore those emails
> were rejected.

Ah, well.  Don't use those dangerous signatures.  Were those official
ClamAV signatures or third-party signatures?  Also, I'd check the virus
name and maybe quarantine rather than bounce on "Heuristics" hits.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] OT: Bouncing *and* forwarding (was Re: action_drop_with_warning and refuse to sender)

[Dianne Skoll]

On Fri, 24 Aug 2018 08:37:21 -0700
Jeff Makey  wrote:

> If you are willing to risk the dangers of both bouncing and forwarding
> a message,

https://www.youtube.com/watch?v=koRRqOJcaHs

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] action_drop_with_warning and refuse to sender

[Dianne Skoll]

On Thu, 23 Aug 2018 19:50:44 +0200
Benny Pedersen via MIMEDefang  wrote:

> a REJECT is not a bounce, its a denied to accept it

A REJECT is potentially likely to cause a bounce, but yeah... it won't
be backscatter from your machine.

> i dont use mimedefang, its not very good examples of doing anything
> good with it :(

And yet you're on the list... Hmm...

MIMEDefang's a framework.  It can be used for clever things or stupid
things.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] REVISED: postfix/mimedefang socket

[Dianne Skoll]

On Mon, 23 Jul 2018 03:31:06 -0500
Richard Laager  wrote:

> I have attached updated systemd service files, with the PID file
> directly in /run, which I have tested with 2.84. This change also
> requires specifying a lock file in $SPOOLDIR.

Thanks!  I'll put these in the next release.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] OT: Re: Fwd: An open letter from Papa John's CEO, Steve Ritchie

[Dianne Skoll]

On Mon, 16 Jul 2018 11:01:27 -0400
Kris Deugau  wrote:

> >  document.write(' > src="https://2543611.fls.doubleclick.net/activityi;src=2543611;type=email011;cat=promo0;ord
> > =' + a + '?" width="1" height="1" frameborder="0"
> > style="display:none">');  

Have a glass of poisoned statistics:

for i in `seq 1 1000`; do wget -O /dev/null 
"https://2543611.fls.doubleclick.net/activityi;src=2543611;type=email011;cat=promo0;ord=$RANDOM;;
 echo $i; done

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] utf-8 issue?

[Dianne Skoll]

On Thu, 28 Jun 2018 10:57:06 +0300
Alexey Lobanov  wrote:

> It is default code with extended extension list. Trojan writers like 
> these file types novadays.

Ah, OK, the re_match routine in MIMEDefang won't handle wide characters
properly.  I'll look into fixing it for a future release.  I can't promise
a delivery date as I'm currently recovering from major surgery and don't
have the energy to do much work in a given day. :(

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] utf-8 issue?

[Dianne Skoll]

Hi,

Can you post the relevant part of your filter code that triggers
this problem?

Also, MIME::tools 5.009 doesn't exist; I assume it was a typo and
you meant 5.509?

Regards,

Dianne.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error in filter_begin

[Dianne Skoll]

On Mon, 14 May 2018 11:32:13 +
Thomas Kristensen  wrote:

> What happens with the email, if there is a error in filter_begin? Ex.
> A database server offline and there is a query in filter_begin ?

It's up to you to catch the error and call action_tempfail (or whatever
you deem appropriate for handling the error.)

You also need to remember that it happened and make filter and filter_end
do nothing.  Since filter_begin/filter/filter_end are all called in the
same process, it's safe to remember that an error happened in a global
variable.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] action_change_header

[Dianne Skoll]

On Mon, 7 May 2018 18:31:18 +
Thomas Kristensen  wrote:

> Then I dont understand the rebuild action. 

action_rebuild does nothing except set a flag telling MIMEDefang that
the message must be regenerated and passed back to the milter
body-replacement function.  The flag is checked when filter_end
returns,

> Should i then do the action_change_header and also add the header to
> the MIME::Entity? 

If it needs to be visible later on in your code, then yes.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] action_change_header

[Dianne Skoll]

On Mon, 7 May 2018 13:55:19 +
Thomas Kristensen  wrote:

> If I use action_change_header in the begining of the filter_begin,
> will the header I add/change be readable later on?

No, not in MIMEDefang.  MIMEDefang just makes a note to ask the
milter engine to add the header; Sendmail does the header addition
just before delivery.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang 2.84 is Released

[Dianne Skoll]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi, everyone,

A really minor release is available at https://mimedefang.org/download

Release notes are below,

Regards,

Dianne.

2018-03-21 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.84 RELEASED

* mimedefang.pl: Correctly use "$mon" rather than "$min" to generate
quarantine file names.

* mimedefang-multiplexor: Make "workerinfo nnn" show how long ago
the last state change was for a given worker.

2017-10-30 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.83 RELEASED
-BEGIN PGP SIGNATURE-

iFwEARECAB0WIQT8LptkVGhpj9eyFlXBhC4qEm9C4AUCWrJxnQAKCRDBhC4qEm9C
4OIaAKCy9T86dxwo9X94RkTbggMPrsuB4gCYxHub6gr/FfPtLVZLrLL7QOURKg==
=T+JI
-END PGP SIGNATURE-

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] DKIM and boilerplate conflict

[Dianne Skoll]

On Fri, 23 Feb 2018 04:16:40 +0100
"Randy Candy"  wrote:

> I have implemented the following subroutine dkim_sign (listed below)
> and call it from filter_end after I verify that specific criteria are
> met. Prior to calling dkim_sign I utilize append_text_boilerplate
> and then call action_rebuild. My question is how do I pass the email
> with boilerplate to dkim_sign?

You need to do the DKIM signing in filter_wrapup, a filter callback function
introduced in MIMEDefang version 2.76.  It gets passed the final MIME::Entity
with all your modifications.  You need to write this out to a temporary file
and use that file (not INPUTMSG) as the input for DKIM signing.
Use $entity->stringify() to get the message that you need to sign.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] cpanel whm centos 6.9 flag on header keywords?

[Dianne Skoll]

On Wed, 10 Jan 2018 11:20:50 -0500
Chip  wrote:

> Are you saying that you are not actually using .procmail except to
> offload the processing to mail-filter.pl?

Yes, exactly.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] cpanel whm centos 6.9 flag on header keywords?

[Dianne Skoll]

On Wed, 10 Jan 2018 09:50:18 -0500
Chip  wrote:

> Isn't procmail no longer maintained because of a vulneravblity?

I believe it's still maintained.  However, procmail sucks (that's a
technical term.)

My .procmailrc looks like this:

:0
| /usr/bin/perl /home/dfs/.mail-filter.pl >> /home/dfs/.mail-filter.log 2>&1

and .mail-filter.pl starts like this:

#!/usr/bin/perl
use strict;
use warnings;
use Email::Filter;

and then I write my filtering policies using the excellent and amazing
Email::Filter Perl module.  Check it out on CPAN.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] cpanel whm centos 6.9 flag on header keywords?

[Dianne Skoll]

Hi,

As far as I'm aware, cPanel *requires* you to use the Exim MTA, and
MIMEDefang is not compatible with Exim.  There is therefore no way to
install MIMEDefang on a machine running cPanel.

You need a different strategy.  Maybe a commercial spam-filtering service,
which we do offer. :)  sa...@roaringpenguin.com

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] typo in hour_str()?

[Dianne Skoll]

On Tue, 26 Dec 2017 00:59:23 +0100
Franz Schwartau  wrote:

> After upgrading to 2.83 of mimedefang I'm wondering if "$min+1" should
> read "$mon+1" in hour_str():

It should; I have it fixed in git, but haven't made a new release of
MIMEDefang with the fix in place yet.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] utf-8 issue?

[Dianne Skoll]

On Thu, 14 Dec 2017 17:26:38 -0500
"Bill Cole"  wrote:

> > This will cause other problems down the line.  I suggest you
> > study the section "Byte and Character Semantics" in the perlunicode
> > man page.  

> Thanks for the reference and for your patience with my confusion. I 
> understand much better now: anything expressed as a string has to
> make sense as a series of encoded characters, not a series of bytes.

Right.  We completely overhauled our commercial CanIt software to
handle Unicode and it took me about four weeks to completely grok
how Perl handles Unicode and how the Encode module should be used.
It was quite painful. :)

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Is calling action_rebuild() idempotent?

[Dianne Skoll]

On Thu, 14 Dec 2017 08:52:32 -0800
Amit Gupta  wrote:

> If I call action_rebuild() a couple times in my filter_end code, could
> it have different effects depending on when it's called?

Nope.  All it does is set a flag informing mimedefang.pl it should rebuild
the message when filter_end is done.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] utf-8 issue?

[Dianne Skoll]

On Wed, 13 Dec 2017 20:37:36 -0500
"Bill Cole"  wrote:

> -return IO::File->new(\ $self->{MBS_Data}, $mode);
> +return IO::Scalar->new(\ $self->{MBS_Data}, $mode);

This will cause other problems down the line.  I suggest you
study the section "Byte and Character Semantics" in the perlunicode
man page.

Modern Perl does let you open a "file" by passing a reference
to a scalar; it has built-in in-memory I/O.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] utf-8 issue?

[Dianne Skoll]

On Wed, 13 Dec 2017 21:03:27 -0500
"Bill Cole"  wrote:

> It is entirely possible (as stated explicitly in RFC2045) for a MIME 
> entity to contain unencoded binary data: any arbitrary stream of
> bytes.

Stream of *bytes* yes.  But Perl native characters > 0xFF are not bytes.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] utf-8 issue?

[Dianne Skoll]

On Wed, 13 Dec 2017 16:28:58 -0500
"Bill Cole"  wrote:

> Unfortunately, I tested a bit more and found that bug is still extant
> in 5.509, when tested with the one-liner in that bug report.

That "bug" is a WONTFIX.  You can NOT feed MIME::Entity->build()
data with raw characters > 0xFF.  It doesn't make sense because
MIME messages are alway 8-bit messages; you need to encode everything
as UTF-8 first before passing to MIME::Entity->build().  I should
comment on the ticket.  The correct way to build the entity
would be:

use Encode;
use MIME::Entity;

my $data = "\x{1f4a9}";
my $e = MIME::Entity->build(Data => Encode::encode('UTF-8', $data, 
Encode::FB_CROAK));
$e->print();

So the question is... how on Earth are characters > 0xFF getting passed
to MIME::Entity->build() from within mimedefang.pl?

I will close the bug on CPAN.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] utf-8 issue?

[Dianne Skoll]

On Tue, 12 Dec 2017 15:43:14 +0200
Mark Coetser  wrote:

> Error from multiplexor: ERR No response from slave
> Reap: slave 1 (pid 15022) exited normally with status 22 (SLAVE DIED 
> UNEXPECTEDLY)

I've never seen this before.  I'm also not convinced it's related
to the UTF-8 issue.  Could you post the exact filter you are using?

I'm also running on Stretch, btw.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] mailsploit prevention in MD

[Dianne Skoll]

On Wed, 6 Dec 2017 01:37:39 +0100
Jan-Pieter Cornet  wrote:

> Another bug with it's own logo and website has appeared:
> www.mailsploit.com.

Interesting.  The code-injection part is worrying, but IMO the spoofing
part is completely uninteresting.  There are so many ways to fool people
regarding DKIM/DMARC/SPF that you don't need malformed messages to do
it.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

[Dianne Skoll]

On Fri, 24 Nov 2017 15:53:44 +0200
"Info @ brainwash"  wrote:

> Hence, without the -d parameter, the issue is that the work folders
> are removed before clamd has a chance to scan them.

No, that is absolutely NOT the case.  Something else has changed on your
system in the interim.

Take out the -d option and restart.  It should still work.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

[Dianne Skoll]

Hi,

> Actually, user is clamscan..

Did you restart ClamAV after adding clamscan to the defang group?

And did you ensure that AllowSupplementaryGroups in clamd.conf is set
to "yes" ?

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

[Dianne Skoll]

On Thu, 23 Nov 2017 20:36:50 +0200
"Info @ brainwash"  wrote:

> Tried the commands you mention.. to no effect however.. :(

Please post the output of these commands:

id clamav
ls -ld / /var /var/spool /var/spool/MIMEDefang/

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

[Dianne Skoll]

On Thu, 23 Nov 2017 14:25:28 +0200
"Info @ brainwash"  wrote:

> mimedefang with the -G option and have the clamav user as member of
> the defang group. In particular, the startup parameters of both
[...]

> .. and I get the issues with the Work files creation as initially
> mentioned, even though clamav user is a member of the defang group.
> Unfortunately, I cannot run clamav under defang due to admin
> restricions/policies.

Try stopping MIMEDefang and running:

chgrp -R defang /var/spool/MIMEDefang
chmod 750 /var/spool/MIMEDefang
chmod g+s /var/spool/MIMEDefang

That will make /var/spool/MIMEDefang have group "defang" and set
the SGID bit on the directory, meaning any directories or files
created under /var/spool/MIMEDefang will also have group "defang"
(and recursively down the whole tree.)

Rgeards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Error with mimedefang + clamd

[Dianne Skoll]

Hi,

You should either add the ClamAV user to the "defang" group and
use the "-G" option to have mimedefang create group-accessible files, or
simply run clamd as the "defang" user directly.

Regards,

Dianne.

> Clam has been unable to scan for e-mails when received by MIMEDefang,
> producing the following error in the log:
> 
> WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UB1us0i/Work
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Quarantine directory name incorrect

[Dianne Skoll]

On Sun, 19 Nov 2017 10:39:56 +1100
Bill Maidment  wrote:

> In recent times I have noticed that the quarantine directory name has
> been generated incorrectly using the minute value instead of the
> month value. The problem appears to be in mimedefang.pl subroutine
> hour_str where it returns $min+1 instead of $mon+1

:(  Oh wow, what a silly typo.  Thanks for catching it.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] replace_entire_message() help

[Dianne Skoll]

On Fri, 17 Nov 2017 08:34:50 -0800
"Michael Fox"  wrote:

> In other words, if the top-level headers can't be replaced by new
> values in the MIME::Entity->build() method, then why do I still need
> to include them when building the new entity?

Ah, I guess you don't.  But I'd do it anyway just for the sake of sanity
and consistency.  As you point out later, if you attach sub-entities to the
parent entity, they need the headers fully-specified.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] replace_entire_message() help

[Dianne Skoll]

On Fri, 17 Nov 2017 07:46:00 -0800
"Michael Fox"  wrote:

> 1) When building $new_entity, does every field need to be included?

Yes.

> Or will extra info be copied from the existing $entity?

No, unless you arrange for that in your code.

> 2)  I can't figure out how to replace the Subject header - even with a
> string literal.  For example, suppose I have the following in
> filter_end():

You can't replace top-level headers this way.  You need to use
action_change_header(...)

> What comes through the filter (received in the user's mailbox) is a
> text/plain message with the original subject and the replacement
> body.  What am I doing wrong?

See above!

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Mimedefang with postfix. Process memory usage over time.

[Dianne Skoll]

On Fri, 10 Nov 2017 18:44:20 -0500
Robert Theisen  wrote:

> Did you find anything of concern in the mimedefang process on your
> host that was consuming 8GB RAM?

No, and here's the weird thing.  I attached using gdb and forced a
core dump.  The core file was only 98MB in size.  I have no idea what
would cause that.

The mail server is very busy and mimedefang would have hundreds of threads
going, so I can easily see a 98MB process image with all of the threads'
stacks.

I'm sorry, but this has me stumped.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Mimedefang with postfix. Process memory usage over time.

[Dianne Skoll]

On Fri, 10 Nov 2017 13:18:15 -0500
Robert Theisen  wrote:

> {
> struct privdata *data;
> char *val;
> char buf[256];
> if (*macro && *(macro+1)) {
> /* Longer than 1 char -- use curlies */
> snprintf(buf, sizeof(buf), "{%s}", macro);
> val = smfi_getsymval(ctx, buf);
> } else {
> val = smfi_getsymval(ctx, macro);
> }
>  ...
> }

> 
> at snprintf(buf, sizeof(buf), "{%s}", macro);
> 
> that buf[256] is not getting cleaned up even though it is a local
> variable that is falling out of scope?

Um what?  There's nothing to clean up.  CLeaning that up simply
involves the C compiler incrementing the stack pointer by sizeof(buf);
it's an automatic variable.

> The strike against that theory would be that my memory dump shows that
> the "i" and "j" variables are included in that memory chunk.  But the
> single character i and j values are never copied to the local buf[256]
> variable.

If you're linking against a version of libmilter older than 8.14.4, the
library has a memory leak in it that could be causing this.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Mimedefang with postfix. Process memory usage over time.

[Dianne Skoll]

Hi again,

What version of libmilter are you linking against?  There was a memory leak
in libmilter in versions older then 8.14.4.

https://groups.google.com/forum/#!topic/linux.debian.bugs.dist/I3QpUbpdwSM

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Mimedefang with postfix. Process memory usage over time.

[Dianne Skoll]

On Fri, 10 Nov 2017 10:33:10 -0500
Robert Theisen  wrote:

[snip]

> and that macro gets copied to dbuf at line  952
> 
> /* Write the standard macros */
> macro = StandardSendmailMacros;
> while (*macro) {
> append_macro_value(, ctx, *macro);
> macro++;
> }
> 
> 
> Is it possible that that dbuf is not getting freed properly on down
> the line?

I can't see how.  A bit further down:

if (data->cmdFD < 0) {
dbuf_free();
cleanup(ctx);
DEBUG_EXIT("envfrom", "SMFIS_TEMPFAIL");
return SMFIS_TEMPFAIL;
}
if (write_dbuf(, data->cmdFD, data, "COMMANDS") < 0) {
dbuf_free();
cleanup(ctx);
DEBUG_EXIT("envfrom", "SMFIS_TEMPFAIL");
return SMFIS_TEMPFAIL;
}
dbuf_free();

and there are no branches or returns between the code you posted
and the code I posted above.  However, I just checked one of our
busy servers and the mimedefang process is 8GB which seems large.
I'll investigate to see if I can find a memory leak.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] How-to: Extracting Inline Images from Emails?

[Dianne Skoll]

On Wed, 8 Nov 2017 18:49:01 -0500
"Kevin A. McGrail"  wrote:

> I'm trying to rip out attachments that are inline as well as
> attachments from emails.

Inline attachments are not special; they're just like regular attachments
except they have a Content-Disposition: of inline and quite likely
have a Content-ID: header.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Part’s parent content-type

[Dianne Skoll]

On November 4, 2017 9:25:20 PM EDT, Amit Gupta  wrote:
>Thank you Dianne! This is going to sound silly, but what I'm looking
>for is a function like

>$parent_part = get_parent ($top_entity, $part);

No such function exists.  That's why you have to do it the way I illustrated.

You could probably use the framework I posted to write such a function,
but I would rethink what you're trying to do to make it fit more naturally
into the recursive MIME structure.  You are thinking non-recursively
when you request such a function.

Regards,

Dianne.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Part’s parent content-type

[Dianne Skoll]

On Fri, 3 Nov 2017 22:37:46 -0700
Amit Gupta  wrote:

> When iterating through the parts of a MIME::Entity using parts_DFS,
> what would be the best way to get a reference to a part's parent
> entity or parent entity type?

Pass it in when you recurse.

sub process {
my ($entity, $parent_entity) = @_;

if ($entity->is_multipart()) {
foreach my $p (@{$entity->parts()}) {
process ($p, $entity);
}
return;
}

# Process non-multiparts here
}

Call it with:  process($toplevel, undef)

If you need the entire chain of entities all the way to the top,
use an array:

sub process
{
my ($entity, $parents) = @_;
$parents ||= [];
if ($entity->is_multipart) {
my @parents_copy = @$parents;
push(@parents_copy, $entity);
foreach my $p (@{$entity->parts()}) {
process($p, \@parents_copy);
}
return;
}
# Process non-multiparts here
}

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang 2.83 is released

[Dianne Skoll]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

MIMEDefang 2.83 is released and available at the download page:

https://mimedefang.org/download

Release notes follow.

Regards,

Dianne.

2017-10-30 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.83 RELEASED

* mimedefang.pl: Do not add a Message-ID: header when handing a
message to SpamAssassin if the original message lacks such a
header.

* Add systemd unit files; thanks to Richard Laager.

* Minor tweaks to the sample filter.

* mimedefang-multiplexor: Change the maxLifetime option to kick in
only once a worker has processed at least one request; also check
for exceeded lifetimes during the periodic idle-time check.

* mimedefang-multiplexor: Fix an exit(EXIT_FAILURE) to be
exit(EXIT_SUCCESS) in one place.

2017-09-08 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.82 RELEASED



-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iD8DBQFZ90zXwYQuKhJvQuARApx7AJoCUIH7hElG+oQwzg9+d1S4JhqQsgCeOVI2
bAt78Zj0wZ5ypBuVaNrlNAI=
=tc1d
-END PGP SIGNATURE-

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] base64 to quoted-printable

[Dianne Skoll]

On Fri, 13 Oct 2017 10:20:04 -0400
Dianne Skoll <d...@roaringpenguin.com> wrote:

>   # non-recursive case: Single part.
>   # If $in_entity is base-64 encoded, make a new $new_entity
>   # that is qp-encoded and call $out_entity->attach($new_entity)
>   # and return 1 to indicate that a change was made.
>   # Otherwise, call $out_entity->attach($in_entity)
>   # and return 0.

Oh, sorry.  ->attach should be ->add_part.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] base64 to quoted-printable

[Dianne Skoll]

On Fri, 13 Oct 2017 06:53:33 -0700
"Michael Fox"  wrote:

> While I appreciate everyone's attempt to warn me that "there be
> dragons", the facts are that the client is what it is, it serves
> hundreds of people (in my location alone), and the problem needs
> solving.  

OK.  You will most likely have to do all your changes in
filter_end.  You'll need to traverse the MIME tree, looking for
text/* parts.  If any are Base-64 encoded, you'll need to load them in
and re-encode them using Quoted-Printable.  As you do this, you need
to build up a *new* replacement MIME::Entity.  Finally, call
replace_entire_message with your new entity as the argument.

I won't give the actual Perl code, but here's a basic sketch, completely
untested.  I really have no idea whether or not this will work, but I
think the basic approach is correct. :)

sub re_encode
{
my ($in_entity, $out_entity, $did_something) = @_;

# If it's multipart, recurse
if ($in_entity->is_multipart) {
my $new_entity = MIME::Entity->build(Type => $in_entity->type);
$out_entity->add_part($new_entity);
foreach my $p (@{$in_entity->parts}) {
if (re_encode($p, $new_entity, $did_something)) {
$did_something = 1;
}
}
return $did_something;
}

# non-recursive case: Single part.
# If $in_entity is base-64 encoded, make a new $new_entity
# that is qp-encoded and call $out_entity->attach($new_entity)
# and return 1 to indicate that a change was made.
# Otherwise, call $out_entity->attach($in_entity)
# and return 0.
}

sub filter_end
{
my ($entity) = @_;
my $replacement_entity = MIME::Entity->build(Type => 'multipart/mixed');
my $changes_made = re_encode($entity, $replacement_entity, 0);
if ($changes_made) {
# Recursively remove single-part "multiparts" starting
# from top-level.
while ($replacement_entity->is_multipart && 
scalar(@{$replacement_entity->parts}) == 1) {
$replacement_entity = $replacement_entity->parts(0);
}
replace_entire_message($replacement_entity);
}
}

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] base64 to quoted-printable

[Dianne Skoll]

On Tue, 10 Oct 2017 16:11:07 -0400
Joseph Brennan  wrote:

> On Tue, Oct 10, 2017 at 1:48 PM, Michael Fox  wrote:
> > I need to convert base64 to something readable.

> To be honest I can't think of a reason to do this. Any client from
> this century can read base64. Mimedefang and Spamassassin can read it
> too, so searching content just works.

And QP is not necessarily any more readable than B64, depending
on the source language.

Is =D7=A2=D7=91=D7=A8=D7=99=D7=AA=E2=80=8E any more readable than
16LXkdeo15nXquKAjg== ?

:)

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] return values

[Dianne Skoll]

Hi,

> Shouldn't filter() and filter_multipart() simply use "return;" (with
> no return value)?  If not, please help me understand.

The return value of filter and filter_multipart is ignored.
I sometimes write:

  return action_accept();

as shorthand for:

   action_accept();
   return;

> Issue 2:  bounce or discard, which is it?

Yeah, that makes no sense. :)

> In the "suggested-minimum-filter." filter function, there is this:

> # Block message/partial parts
> if (lc($type) eq "message/partial") {
> md_graphdefang_log('message/partial');
> action_bounce("MIME type message/partial not accepted here");
> return action_discard();
> }

Replace return action_discard(); with return;

I will fix the filter.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] best practices for handling filename extensions

[Dianne Skoll]

On Thu, 5 Oct 2017 14:04:59 +0200
Mark Coetser  wrote:

> Pretty sure the filetype matching is done by checking the actual mime 
> type of the file not just what the file extension is, so just
> renaming the file will still not allow the file through.

The sample filter doesn't do that; it only looks at the actual filename.
Some people have written code that probes the file to figure out the MIME
type, but that code's not part of the MIMEDefang distribution.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] REVISED: postfix/mimedefang socket

[Dianne Skoll]

On Wed, 4 Oct 2017 18:58:39 -0500
Richard Laager  wrote:

> I have submitted the slightly updated versions to Debian:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877663

> Dianne, you may want to ship these (or similar) upstream, but that's
> obviously up to you. It doesn't make any difference to me personally,
> since I use the downstream packaging.

I might as well put it in upstream.  Thanks for the work!

Regards,

Dianne.

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] You *are* using the multiplexor (was Re: Reload doesnt work)

[Dianne Skoll]

On Tue, 03 Oct 2017 03:18:37 -0400
"Bill Cole"  wrote:

> OR if you are not using the mimedefang-multiplexor (which I think 
> everyone should...)

MIMEDefang hasn't supported *not* using the multiplexor for ages, since
at least version 2.51 released in February 2005.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] REVISED: postfix/mimedefang socket

[Dianne Skoll]

On Thu, 28 Sep 2017 23:11:18 -0500
Richard Laager  wrote:

> 1) Is it necessary to rm $SOCKET and $MX_SOCKET *before starting*?

It's best to do so because if mimedefang or mimedefang-multiplexor
crashes, the socket files will be left lying around and startup will likely
fail.

> 2) Is it necessary to rm $SOCKET and $MX_SOCKET *after stopping*?

It's best to do so in order that stale socket files are not left
lying around.

> 3) The init script (at least on Ubuntu) says, '# Locale should be set
> to "C" for generating valid date headers'. I see a strftime() in
> mimedefang-multiplexor.c. Plus, the Perl code inherits from the
> multiplexor, so I can understand this. Is setting LC_ALL=C necessary
> for the mimedefang process too, or just mimedefang-multiplexor?

I don't know; it's probably safer for both.

> 4) The mimedefang-multiplexor process exits with status 1 on SIGTERM.

This is a bug that was corrected in MIMEDefang 2.82.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] base64 to text

[Dianne Skoll]

On Tue, 26 Sep 2017 21:53:14 -0700
"Michael Fox"  wrote:

> Does there exist a repository of functions written by folks for MD?
> It sure would help us noobs to not have to re-invent the wheel.

MIME::tools is what you want; it's a prerequisite for MIMEDefang
and is therefore already installed.   man MIME::Entity is your
starting point.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] REVISED: postfix/mimedefang socket

[Dianne Skoll]

On Tue, 26 Sep 2017 15:48:42 -0400
"Bill Cole"  wrote:

> I'm uneasy telling any author that they're wrong about their own code 
> but as far as I can tell, that is only conditionally true:

Oh dear... you are correct. :)

Seeing as I don't use those scripts myself, I've never encountered the
problem. :(

Mea culpa.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] REVISED: postfix/mimedefang socket

[Dianne Skoll]

On Tue, 26 Sep 2017 09:38:18 -0400
"Bill Cole"  wrote:

> bigsky:mimedefang-2.82 bill$ grep -A3 'stop)'

The stop_it function in init-script.in and the stop function in
redhat/mimedefang-init.in both wait for the daemons to exit.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] base64 to text

[Dianne Skoll]

On Tue, 26 Sep 2017 09:05:01 +0200 (CEST)
Steffen Kaiser  wrote:

> Honestly, I would de-MIME the whole message, re-format it and replace
> the entire message with the new one.

Honestly, *I* would tell anyone using ancient non-MIME-aware software
"too bad; update your software to 1999 standards, please!"  :)

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] REVISED: postfix/mimedefang socket

[Dianne Skoll]

On Mon, 25 Sep 2017 16:08:46 -0500
Richard Laager  wrote:

> There are a couple ways to address this. As discussed, the init script
> can be changed to always wait on stop. Then the automatic mapping in
> systemd should Just Work.

The sample init script that ships with MIMEDefang does wait on stop.
If you have a script that doesn't, that's a distribution bug and not a
MIMEDefang bug and it's definitely more productive to take this up with
the distribution maintainer.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] REVISED: postfix/mimedefang socket

[Dianne Skoll]

On Fri, 22 Sep 2017 23:59:38 -0700
"Michael Fox"  wrote:

> This seems like a clear bug in MIMEDefang.

Not at all.  This problem is not present with Sendmail, so I have no
idea what would cause it with Postfix.  Removing the MIMEDefang socket
prior to starting MIMEDefang should fix this.  The sample init script
given with MIMEDefang does exactly this.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Message-ID

[Dianne Skoll]

On Mon, 11 Sep 2017 23:38:32 -0500
Richard Laager  wrote:

> > Nothing at all.  There's no Message-ID header in the message that
> > gets passed to SpamAssassin.

> Are you sure?
> spam_assassin_mail() calls gen_msgid_header().

Ah... apparently I was wrong.

I think that's a bug.  I'm going to delete that line.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Message-ID

[Dianne Skoll]

On Mon, 11 Sep 2017 16:26:38 -0400
Joseph Brennan  wrote:

> When a message comes in with no Message-ID header, and MD passes it to
> SpamAssassin, what is in the Message-ID that SA sees?

Nothing at all.  There's no Message-ID header in the message that gets passed
to SpamAssassin.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang 2.82 is released

[Dianne Skoll]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

MIMEDefang 2.82 is released and available at the download page:

https://mimedefang.org/download

Release notes follow.

Regards,

Dianne.

2017-09-08 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.82 RELEASED

* Update contrib/graphdefang with improvements from Kevin A. McGrail.

* Fix Red Hat init script (thanks to Robert Scheck)

* Exit with EXIT_SUCCESS if mimedefang-multiplexor is told to
terminate.

* Terminology change:  Change "slave" to "worker" everywhere.

*** NOTE INCOMPATIBILITY ***

Check your init scripts to make sure they use current names for shell
variables; a few "SLAVE" strings have been changed to "WORKER"

* Add a new -V maxLifetime option to mimedefang-multiplexor that
terminates worker processes after maxLifetime seconds (approximately).
This is in addition to the -r maxRequests option.

* Log the lifetime and number of requests processed when we terminate
a worker process.

2017-08-31 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.81 RELEASED



-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iD8DBQFZsq1HwYQuKhJvQuARAveHAJ9egYnzBWeoZEXNgXH4IdMwIUNw0gCbBx7Q
fIDp4bJS633W4efBWvPqO7o=
=CjtY
-END PGP SIGNATURE-

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang 2.81 is released

[Dianne Skoll]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

MIMEDefang 2.81 is released and available at the download page:

https://mimedefang.org/download

Release notes follow.

Regards,

Dianne.

2017-08-31 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.81 RELEASED

* Don't barf if the installed version of Sys::Syslog has a developer
tag added (like 0.33_01 on Debian Stretch).

* Make mimedefang and mimedefang-multiplexor write their PID files
as root to avoid the "defang" user tampering with the pidfiles.
Thanks to Michael Orlitzky for pointing this issue out.

*** NOTE INCOMPATIBILITY ***

You should move your PID files out of the MIMEDefang spool directory
and into a standard root-owned directory like /var/run.  Use the -o
option to create lock files in the spool directory.  The sample
init scripts have been updated to reflect this.

2017-07-24 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.80 RELEASED
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iD8DBQFZqW11wYQuKhJvQuARAiJaAJ443e51m1ak9VeGA3Fn6CmGNdOQkQCghh+N
NFgH0VQVF9ZeJSb5PXkIAJ4=
=Ie8f
-END PGP SIGNATURE-

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Privilege escalation via PID file manipulation

[Dianne Skoll]

Hi,

This is a much more extensive patch, but I believe it does finally
close the hole if you keep your PID files in a root-owned directory.

Please test this; I plan on releasing 2.81 tomorrow.

Regards,

Dianne.


diff --git a/Changelog b/Changelog
index da1a867..b9f09fa 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,18 @@ WARNING: Before upgrading MIMEDefang, please search this file 
for
 *** NOTE INCOMPATIBILITY ** to see if anything has changed that might
 affect your filter.
 
+2017-08-31 Dianne Skoll <d...@roaringpenguin.com>
+
+   * Make mimedefang and mimedefang-multiplexor write their PID files
+   as root to avoid an unprivileged user tampering with the pidfiles.
+
+   *** NOTE INCOMPATIBILITY ***
+
+   You should move your PID files out of the MIMEDefang spool directory
+   and into a standard root-owned directory like /var/run.  Use the -o
+   option to create lock files in the spool directory.  The sample
+   init scripts have been updated to reflect this.
+
 2017-07-24 Dianne Skoll <d...@roaringpenguin.com>
 
* MIMEDefang 2.80 RELEASED
diff --git a/examples/init-script.in b/examples/init-script.in
index 346efca..8da803f 100755
--- a/examples/init-script.in
+++ b/examples/init-script.in
@@ -10,8 +10,10 @@
 RETVAL=0
 prog='mimedefang'
 SPOOLDIR='@SPOOLDIR@'
-PID="$SPOOLDIR/$prog.pid"
-MXPID="$SPOOLDIR/$prog-multiplexor.pid"
+PID="/var/run/$prog.pid"
+MXPID="/var/run/$prog-multiplexor.pid"
+LOCK="$SPOOLDIR/$prog.lock"
+MXLOCK="$SPOOLDIR/$prog-multiplexor.lock"
 
 # These lines keep SpamAssassin happy.  Not needed if you
 # aren't using SpamAssassin.
@@ -229,7 +231,7 @@ start_it() {
 else
EMBEDFLAG=""
 fi
-$PROGDIR/$prog-multiplexor -p $MXPID \
+$PROGDIR/$prog-multiplexor -p $MXPID -o $MXLOCK \
$EMBEDFLAG \
`[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \
`[ -n "$FILTER" ] && echo "-f $FILTER"` \
@@ -269,7 +271,7 @@ start_it() {
 # Start mimedefang
 printf "%-60s" "Starting $prog: "
 rm -f $SOCKET > /dev/null 2>&1
-$PROGDIR/$prog -P $PID -R $LOOPBACK_RESERVED_CONNECTIONS \
+$PROGDIR/$prog -P $PID -o $LOCK -R $LOOPBACK_RESERVED_CONNECTIONS \
-m $MX_SOCKET \
`[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \
`[ -n "$MX_USER" ] && echo "-U $MX_USER"` \
diff --git a/mimedefang-multiplexor.8.in b/mimedefang-multiplexor.8.in
index 980b57d..3505e48 100644
--- a/mimedefang-multiplexor.8.in
+++ b/mimedefang-multiplexor.8.in
@@ -117,7 +117,18 @@ for the format of \fIsocket\fR.
 .TP
 .B \-p \fIfileName\fR
 Causes \fBmimedefang-multiplexor\fR to write its process-ID (after
-becoming a daemon) to the specified file.
+becoming a daemon) to the specified file.  The file will be owned
+by root.
+
+.TP
+.B \-o \fIfileName\fR
+Causes \fbmimedefang-multiplexor\fR to use \fIfileName\fR as a lock
+file to avoid multiple instances from running.  If you supply
+\fB\-p\fR but not \fB\-o\fR, then \fbmimedefang-multiplexor\fR
+constructs a lock file by appending ".lock" to the pid file.  However,
+this is less secure than having a root-owned pid file in a root-owned
+directory and a lock file writable by the user named by the \fB\-U\fR
+option.  (The lock file must be writable by the \fB\-U\fR user.)
 
 .TP
 .B \-f \fIfilter_path\fR
diff --git a/mimedefang-multiplexor.c b/mimedefang-multiplexor.c
index 13b77b9..2e44f12 100644
--- a/mimedefang-multiplexor.c
+++ b/mimedefang-multiplexor.c
@@ -56,6 +56,12 @@
 static void limit_mem_usage(unsigned long rss, unsigned long as);
 #endif
 
+static char *pidfile = NULL;
+static char *lockfile = NULL;
+
+/* Number of file descriptors to close when forking */
+#define CLOSEFDS 256
+
 /* Weird case, but hey... */
 #if defined(HAVE_WAIT3) && !defined(HAVE_SETRLIMIT)
 #include 
@@ -346,6 +352,7 @@ static int get_hourly_history_totals(int cmd, time_t now, 
int hours, int *total,
 
 #define NUM_FREE_SLAVES(SlaveCount[STATE_IDLE] + SlaveCount[STATE_STOPPED])
 #define NUM_RUNNING_SLAVES (SlaveCount[STATE_IDLE] + SlaveCount[STATE_BUSY] + 
SlaveCount[STATE_KILLED])
+#define REPORT_FAILURE(msg) do { if (kidpipe[1] >= 0) { write(kidpipe[1], "E" 
msg, strlen(msg)+1); } else { fprintf(stderr, "%s\n", msg); } } while(0)
 
 /**
 * %FUNCTION: state_name
@@ -496,6 +503,7 @@ usage(void)
 fprintf(stderr, "  -v-- Print version and exit\n");
 fprintf(stderr, "  -t filename   -- Log statistics to filename\n");
 fprintf(stderr, "  -p filename   -- Write process-ID in filename\n");
+fprintf(stderr, "  -o file   -- Use specified file as a lock 
file\n");
 fprintf

Re: [Mimedefang] Privilege escalation via PID file manipulation

[Dianne Skoll]

Hi,

The patch I posted earlier does not completely fix the problem.

True, the pid file is owned by root, but it's created in a directory
owned by defang, so there's still a way for the "defang" user to
subvert this.

I will have a patch by tomorrow that separates out the pid file (which
will be root-owned in a root-owned directory) from the lock file
(which can be defang-owned in a defang-owned directory.)

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Privilege escalation via PID file manipulation

[Dianne Skoll]

On Thu, 31 Aug 2017 12:11:05 -0400
Michael Orlitzky  wrote:

> Hmmm, in that case, maybe the PID file is being reused for a purpose
> that it isn't really suited for? The contents of the PID file are
> slightly sensitive, since init scripts tend to trust them -- but the
> contents of a lock file aren't. Would it make more sense to have a
> separate lock file, whose only purpose is to prevent multiple daemons
> from starting (and not to provide info to an init system)?

That makes sense.  I'll do it that way.

Thanks for alerting me to this.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Privilege escalation via PID file manipulation

[Dianne Skoll]

On Thu, 31 Aug 2017 11:38:25 -0400
Michael Orlitzky  wrote:

> You'll have to forgive the stupid question since I'm not a regular
> user of MIMEDefang, but what's the purpose of the file lock? Is it to
> prevent multiple daemons from running at the same time when they're
> not managed by an init system?

Yep.  In the days of systemd and the like, this is probably not
necessary, but not everyone runs systemd.

If people do use systemd or whatever, then they'd start mimedefang and
mimedefang-multiplexor without the options that create the pidfiles
and let systemd manage the processes.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] Privilege escalation via PID file manipulation

[Dianne Skoll]

Here's a patch that should apply against MIMEDefang 2.80.

Again, I cannot see any way to completely close this hole as long as
we're holding an fcnrtl(F_SETLCK)-style lock, since the descriptor
must be kept open.  I do as much as I can to mitigate this by
destroying the variable containing the fd, but an attacker could
pretty quickly discover which fd is pointing to the lock file.

Since an exploit requires compromising the daemon, I would say this
is not a super-urgent problem.

Regards,

Dianne.

diff --git a/Changelog b/Changelog
index da1a867..d056e4f 100644
--- a/Changelog
+++ b/Changelog
@@ -2,6 +2,11 @@ WARNING: Before upgrading MIMEDefang, please search this file 
for
 *** NOTE INCOMPATIBILITY ** to see if anything has changed that might
 affect your filter.
 
+2017-08-31 Dianne Skoll <d...@roaringpenguin.com>
+
+   * Make mimedefang and mimedefang-multiplexor write their PID files
+   as root to avoid an unprivileged user tampering with the pidfiles.
+
 2017-07-24 Dianne Skoll <d...@roaringpenguin.com>
 
* MIMEDefang 2.80 RELEASED
diff --git a/mimedefang-multiplexor.c b/mimedefang-multiplexor.c
index 13b77b9..3dbf6e0 100644
--- a/mimedefang-multiplexor.c
+++ b/mimedefang-multiplexor.c
@@ -566,6 +566,7 @@ main(int argc, char *argv[], char **env)
 int c;
 int n;
 char *pidfile = NULL;
+int pidfile_fd = -1;
 char *user = NULL;
 char *options;
 int facility = LOG_MAIL;
@@ -919,6 +920,17 @@ main(int argc, char *argv[], char **env)
strcat((char *) Settings.sockName, "/mimedefang-multiplexor.sock");
 }
 
+/* Open the pidfile as root.  We'll lock it later in the grandchild */
+if (pidfile) {
+   pidfile_fd = open(pidfile, O_RDWR|O_CREAT, 0666);
+   if (pidfile_fd < 0) {
+   syslog(LOG_ERR, "Could not open PID file %s: %m", pidfile);
+   exit(EXIT_FAILURE);
+   }
+   /* It needs to be world-readable */
+   fchmod(pidfile_fd, 0644);
+}
+
 /* Drop privileges */
 if (user) {
pw = getpwnam(user);
@@ -1134,7 +1146,7 @@ main(int argc, char *argv[], char **env)
 }
 
 for (i=0; i<256; i++) {
-   if (i == unpriv_sock || i == sock || i == Pipe[0] || i == Pipe[1]) 
continue;
+   if (i == pidfile_fd || i == unpriv_sock || i == sock || i == Pipe[0] || 
i == Pipe[1]) continue;
(void) close(i);
 }
 
@@ -1155,10 +1167,12 @@ main(int argc, char *argv[], char **env)
 
 /* Write pid */
 if (pidfile) {
-   if (write_and_lock_pidfile(pidfile) < 0) {
+   if (write_and_lock_pidfile(pidfile, pidfile_fd) < 0) {
exit(1);
}
free(pidfile);
+   /* Forget the fd */
+   pidfile_fd = -1;
 }
 
 /* Set up SIGHUP handler */
diff --git a/mimedefang.c b/mimedefang.c
index 7e74137..5d545c4 100644
--- a/mimedefang.c
+++ b/mimedefang.c
@@ -2331,6 +2331,7 @@ main(int argc, char **argv)
 int got_p_option = 0;
 int kidpipe[2];
 char kidmsg[256];
+int pidfile_fd = -1;
 
 mode_t socket_umask = 077;
 mode_t file_umask   = 077;
@@ -2611,6 +2612,17 @@ main(int argc, char **argv)
exit(EXIT_FAILURE);
 }
 
+/* Open the pidfile as root.  We'll lock it later in the grandchild */
+if (pidfile) {
+   pidfile_fd = open(pidfile, O_RDWR|O_CREAT, 0666);
+   if (pidfile_fd < 0) {
+   syslog(LOG_ERR, "Could not open PID file %s: %m", pidfile);
+   exit(EXIT_FAILURE);
+   }
+   /* It needs to be world-readable */
+   fchmod(pidfile_fd, 0644);
+}
+
 /* Look up user */
 if (user) {
pw = getpwnam(user);
@@ -2715,12 +2727,14 @@ main(int argc, char **argv)
 
 /* Write pid */
 if (pidfile) {
-   if (write_and_lock_pidfile(pidfile) < 0) {
+   if (write_and_lock_pidfile(pidfile, pidfile_fd) < 0) {
/* Signal the waiting parent */
REPORT_FAILURE("Cannot lock pidfile: Is another copy running?", 45);
exit(1);
}
free(pidfile);
+   /* Forget the fd */
+   pidfile_fd = -1;
 }
 
 (void) closelog();
diff --git a/mimedefang.h b/mimedefang.h
index 381316d..608c2e6 100644
--- a/mimedefang.h
+++ b/mimedefang.h
@@ -66,7 +66,7 @@ extern int make_listening_socket(char const *str, int 
backlog, int must_be_unix)
 extern void do_delay(char const *sleepstr);
 extern int is_localhost(struct sockaddr *);
 extern int remove_local_socket(char const *str);
-extern int write_and_lock_pidfile(char const *pidfile);
+extern int write_and_lock_pidfile(char const *pidfile, int fd);
 #ifdef EMBED_PERL
 extern int make_embedded_interpreter(char const *progPath,
 char const *subFilter,
diff --git a/utils.c b/utils.c
index 7d4f9c1..1ca3db6 100644
--- a/utils.c
+++ b/utils.c
@@ -1300,9 +1300,8 @@ free_debug(void *ctx, void *x, char const *fname, int 
line)
 #endif
 
 int
-write_and_lock_pidfile(char const *pid

Re: [Mimedefang] Privilege escalation via PID file manipulation

[Dianne Skoll]

Hi,

> The MIMEDefang daemons should create their PID files before dropping
> privileges. This represents a minor security issue; additional factors
> are needed to make it exploitable.

I have made a patch to open the PID files as root.  However, since the
process has to keep the file descriptor open in order not to lose the
file lock, it doesn't completely eliminate the chance of an exploit.

I will post the patch in a little while, once I have thoroughly tested it.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang Digest, Vol 165, Issue 5

[Dianne Skoll]

On Mon, 28 Aug 2017 20:49:41 -0700
Amit Gupta  wrote:

> Regarding your comment about the downside is that it would "Hold open
> more connections and use more milter threads."  I wasn't quite sure
> what you meant by "using more milter threads"?

mimedefang (the C program, as distinct from mimedefang-multiplexor) is
multi-threaded, and it holds open a thread for each active SMTP session.
So there will be more threads active if sessions are queued than if you
don't queue sessions.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] ALLOW_NEW_CONNECTIONS_TO_QUEUE behavior

[Dianne Skoll]

On Sat, 26 Aug 2017 22:52:15 -0700
Amit Gupta  wrote:

> Assume a burst of emails comes in and all 20 md processes are busy
> working.

> 1) What should the 21st and higher connecting  clients
> experience?

Sendmail will appear to respond more slowly than usual.

> 2) Is there a configurable limit to the number of queued
> connections?

Yep.  The "-q" option to mimedefang-multiplexor.  See the -q and -Q
command-line options in the mimedefang-multiplexor(8) man page.

> 3) What's the downside of letting the connections queue
> other than holding open more TCP connections?

Holding open more connections and using more milter threads.

> 4) Any other tips on the settings you use in production?

If you actually need to queue requests more than occasionally, you
need a more powerful server.  The queueing feature is supposed to handle
transient bursts of traffic.  It isn't meant to squeeze more steady-state
performance out of a server.

> The reason I'm asking is because we recently had a burst of traffic
> that caused the IO on our server to go up to a point where everything
> became unresponsive for a couple minutes.  We had our MX_MAXIMUM set
> to 110.

How much RAM did you have?  You really, really, really don't want a
MIMEDefang scanning server to start swapping.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

[Mimedefang] MIMEDefang 2.80 is released

[Dianne Skoll]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

MIMEDefang 2.80 is available at http://mimedefang.org/download

Release notes follow.

Regards,

Dianne.

2017-07-24 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.80 RELEASED

* md-mx-ctrl: Add newline to mimedefang-multiplexor output that lacks
a newline.

* mimedefang-util: Properly substitute @PERL@ at configure time.

* mimedefang-multiplexor.c: Move variable declarations to start of
compound statement to avoid problems with older C compilers.

* mimedefang.pl: Add an extra level of subdirectories in the quarantine
to avoid 32K subdirectory limit on ext3.  Idea by Kevin McGrail.

*** NOTE INCOMPATIBILITY ***  Quarantine subdirectory naming changed.

* mimedefang.c: Fix bug that caused Queue-ID not to show up when
using MIMEDefang with Postfix (thanks to Kris Deugau).

2016-09-26 Dianne Skoll <d...@roaringpenguin.com>

* MIMEDefang 2.79 RELEASED


-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iD8DBQFZdi8jwYQuKhJvQuARAnOXAJ9YsfeH4G17MTFbSzOC9xlm2hS0sQCgsqXy
tDJKcA3UgQScci8Pd0W892o=
=Hzje
-END PGP SIGNATURE-

___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] adding promotional banner to top of email

[Dianne Skoll]

On Sat, 24 Jun 2017 10:18:59 -0400
Dianne Skoll <d...@roaringpenguin.com> wrote:

> You'd need to roll your own.  It's non-trivial, given the infinite
> ways HTML can be malformed.

I would also echo the comments of others on the list who have recommended
against this.  Adding promotional material to emails will quickly
get them marked as spam, and if you add it to emails in transit that you
did not originate, you could quite possibly be breaking the law.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] adding promotional banner to top of email

[Dianne Skoll]

On Wed, 21 Jun 2017 08:58:32 +0200
Mark Coetser  wrote:

> I know html email is not ideal but unfortunately most customers use
> it now days. I am currently using append_html_boilerplate to add
> signatures etc and now a client has requested that we add promotional
> banners to the top of all html emails. I have searched and just cant
> find anything that relates to doing this with mimedefang, any
> pointers please?

You'd need to roll your own.  It's non-trivial, given the infinite ways
HTML can be malformed.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] MIMEDefang without SpamAssassin

[Dianne Skoll]

On Thu, 8 Jun 2017 17:04:40 +
Chad Cordero  wrote:

> Is there a configuration parameter I can set to not run
> SpamAssassin?

You can't use the stock /etc/mail/mimedefang-filter.  Create
your own filter and near the top, put this:

$Features{"AutoDetectPerlModules"} = 0;

This will cause MIMEDefang not to drag in various expensive Perl modules
like SpamAssassin.  Then write your own filter_end routine to do whatever
processing you need.

Regards,

Dianne.
___
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang