Re: [Mimedefang] Is this list still alive?
On Thu, 1 Apr 2021 09:43:21 -0500 wrote: > My question also was what is going to happen to the data feeds we are > getting. I'm not sure what data feeds you're referring to. If you are referring to the Roaring Penguin IP blocklists and/or the CanIt Bayes data feeds, those are controlled by AppRiver and if AppRiver decides to shut them down... there's not much anyone can do because they are fed by CanIt installations. > I don't see a good option for small ISPs that don't have a budget > for spam filtering at scale. It is a problem indeed. :( Many ISPs are in the same boat. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Is this list still alive?
On Thu, 01 Apr 2021 11:13:48 -0400 "Bill Cole" wrote: > There was an issue opened a month ago at > https://github.com/The-McGrail-Foundation/MIMEDefang/issues/25 > stating that the list was down. The list is still being run by AppRiver (Zix, now, I guess.) > I attempted to post a test on March 3 which never showed up on the > list. Huh, weird. It's unfortunately out of my hands now. :( Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Is this list still alive?
I haven't seen traffic since December 2020... just pinging the list... Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Tue, 1 Dec 2020 13:10:43 -0500 Joseph Brennan wrote: > We used this to create an array of header information: > if (open(IN, '<', './HEADERS')) { > while() { > chomp; > if (/^(\S+):\s*(.*)/) { > my $label = $1; > my $data = $2; > $label = lc($label); > $Header{$label} = $data; > if ($label eq 'received') { > push(@Received,$data); > } > } > close(IN); > } Hmm. Received: isn't the only header that can permit multiple instances. You may lose some information here. Why would you not just use the MIME::Head object that you can get from $entity->head? It has all the headers pre-parsed and has decent accessors. (I assume this is all academic (heh...) as Columbia looks to be using Proofpoint now.) Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Thu, 26 Nov 2020 12:47:56 -0500 "Bill Cole" wrote: [snip] > That Received header is added by Sendmail *AFTER* all milters have > done their end-of-data work. It is not present when MD sees the > message. So as per Bill Cole's analysis, it seems there were indeed no Received: headers on the mail as seen by MIMEDefang. As for why SpamAssassin is not running, Bill's guess (size limit) is a pretty good one, but we can't know for sure without seeing your filter code. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Help with header checking
On Wed, 25 Nov 2020 11:45:11 +0100 Andrea Venturoli wrote: > > if (open(HF, "<./HEADERS")) { > > my $head = Mail::Header->new([]); > > close HF; > > md_syslog('warning',"head = %$head"); You shouldn't really print "head = %$head" because you don't know the implementation details of Mail::Header. Treat it as an opaque object. > The purpose is to extract Received fields, so to reconstruct the path > a message underwent from server to server. > It has worked 99.99% of the times for years; lately, however it fails > on some very frequent spam messages and I have a hard time > understanding why. I suggest calling action_quarantine_entire_message() if you get no received headers so you can preserve a copy of the original message for analysis. > I tried adding: > > foreach $key (keys %$head) > > { > > md_syslog('warning',"$key is $head{$key}"); > > } It should be $head->{$key} and is unlikely to be useful; you're printing instance variables on the Mail::Header object, which most likely do not correspond to actual headers. If you want to log @recheads, I would do it like this: md_syslog('warning', 'recheads = ' . join(', ', @recheads)); Anyway... you need to capture the message (or at least the headers) so we can analyze what's going on. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Future development
On Mon, 23 Nov 2020 12:41:00 -0500 Anne Bennett wrote: > > The Perl code is atrocious. > Give yourself a break. ;-) Well, OK. :) The code itself is not terrible. I like to write clear code that any newbie can understand (for "newbie", read "myself in 6 months time...") What I mean is the *design* is atrocious, given that MIMEDefang is the result of acretion rather than design. (OTOH, I have worked on systems with beautiful designs but very tricky and "clever" code where most of my time is spent reverse-engineering. We don't want that either.) > - Initially (years ago), it was a bit hard to keep track of the bits > and pieces, because mimedefang.pl calls my filter file, and my > filter file calls various utilities provided by mimedefang.pl. > Any code re-org that would make it easier to untangle this would > help, even something as simple as putting the user-filter-called > facilities into their own Perl module. Right. Tracking the flow of control when callbacks are involved is tricky. > - I like to run with Perl taint checks on, but mimedefang.pl > doesn't cooperate well with that. Oh, hmm. :) That would be a lot of work. > - Picking up needed information (i.e., from the envelope and > message, and QID) seems to be different in each filter_* > subroutine. I don't know how this would affect performance, > but if there were a hash containing all available header, > envelope, message status so far (e.g., did we mark as to > be rejected?), and QID information, and maybe even headers > in concatenated and decoded form, that would make writing > filter_* subroutines easier. Yes, some sort of context object that held all of this would be good. > > I would start by writing a MD::Filter base class > > and storing state in the MD::Filter object. Callbacks could be > > implemented as methods and users could subclass MD::Filter to > > implement their behaviour. > As another poster mentioned, that would indeed require more > advanced Perl chops from the end user (postmaster), though > well-chosen examples might go a long way toward alleviating > that requirement. In my ideal world, you would be able to take an existing mimedefang-filter script, and add two lines to the top: package MyFilter; use base 'MD::Filter::Compat'; and then have it Just Work. I don't know if this is realistic or a pipe-dream. > Well, there's still potentially a fair amount of homegrown code that > people can add. I'm assuming that this would somehow fit into "users > could subclass MD::Filter to implement their behaviour". Yes, exactly. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Future development
On Sun, 22 Nov 2020 15:21:04 -0500 "Bill Cole" wrote: [snipsnip...] > Obviously OOPifying MD would be a v3 project, as it would break all > existing mimedefang-filter.pl scripts. That is an issue. Perhaps making an MD::Filter::Compat class that lets old filter scripts keep working with minimal changes could be a solution? (It is a fair bit of work, of course...) > A nearer-term step to clean up the code a bit would be to break out > existing code to distinct modules that may (or may not) be the basis > for future object structures. This could result in supporting > existing configurations with a code base that is easier to maintain > and understand. Yes, incremental cleanups could help too, but they would still likely break existing filter scripts. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Future development
On Sun, 22 Nov 2020 13:24:24 -0500 Dianne Skoll wrote: > Anyway... I'd really like to see MIMEDefang development activity pick > up again. I'm hoping The McGrail Foundation will attract more > interest in the project. Specifically... these are things I would do differently if I were starting MIMEDefang now instead of 20 years ago. :) The C code is mostly fine; the milter and the multiplexor work pretty well. The Perl code is atrocious. mimedefang.pl is over 7500 lines of Perl in one ugly file with a ton of global variables. It needs a major overhaul. I would start by writing a MD::Filter base class and storing state in the MD::Filter object. Callbacks could be implemented as methods and users could subclass MD::Filter to implement their behaviour. Functions like md_check_against_smtp_server, etc. should be broken out into helper modules. The actual filter file would be a very simple thing that simply instantiates a (subclass of) MD::Filter and calls $filter->run() to run the main mimedefang.pl loop. Comments/thoughts/etc? Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Test
On Sun, 22 Nov 2020 19:20:00 +0100 Benny Pedersen via MIMEDefang wrote: > hope not to be enforced to use mimedefang, my simplest setup have > being clamav-milter, spampd, and not more That is a rather odd comment to post on the MIMEDefang mailing list, no? Anyway... I'd really like to see MIMEDefang development activity pick up again. I'm hoping The McGrail Foundation will attract more interest in the project. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Test
On Thu, 19 Nov 2020 19:46:14 +0100 Benny Pedersen via MIMEDefang wrote: > if mimedefang was writed in python i would have used it :=) The multiplexor <-> filter protocol is simple and documented, so have a go... :) > hope for spamassassin writed in python is a long term dream, just > like unifi wifi ax No chance of that happening, I'd say. There's only downside involved in such a rewrite. > beg for owner on maillist why is srs failing ? Not sure, but it seems to be fixed now. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Test
Hi, > Maybe it's just you and me, Dianne, and I don't know why I'm still > here after management moved us to Proofpoint. I helped figure out the issue. All the mail was quarantined and should come flooding into the list. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Test
Hey, Bill! Long time no hear! On Thu, 19 Nov 2020 12:11:00 + "Brown, William" wrote: > Apparently! Hope you and yours are staying safe and healthy. We're all good. Hope you and yours are too. Anyway, the list seems a bit messed up... looks like only my posts are making it through. :( I've reached out to the new stewards of the list to help sort this out. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Submit your Patches for MIMEDefang (Re: AppRiver donates MIMEDefang to The McGrail Foundation)
Hi, all, I'm posting this on behalf of Kevin A. McGrail, whose posts seem to be disappearing... Regards, Dianne. === Afternoon everyone! Sorry for the radio silence. Many moons ago in the prepandemic times, MIMEDefang was donated to The McGrail Foundation. As the new stewards, we are accepting bug reports and especially patches. You can run the latest version from the repo and here is the Changelog: https://github.com/The-McGrail-Foundation/MIMEDefang/blob/master/Changelog where we have been moving forward! More info below and at http://www.mcgrail.com Also getting ready to announce KAM.cf's update channel too. We currently have it running in production and drafting the instructions and announcement now. Regards, KAM AppRiver donates MIMEDefang to The McGrail Foundation Mar 05, 2020 Today, we are proud to announce that the MIMEDefang project has been donated to The McGrail Foundation. This includes source code, website, and domains. However, due to the COVID-19 Pandemic, the integration of this project is going to take some time! Please keep an eye out on the MIMEDefang mailing list https://lists.roaringpenguin.com/mailman/listinfo/mimedefang and our GitHub https://github.com/The-McGrail-Foundation for more updates. Thank you to everyone at AppRiver and Zix as well as Roaring Penguin founder Dianne F. Skoll for their help in making this wonderful donation a reality. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Test
Is this list still alive? Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang and Postfix (was Re: Hi, and an update)
On 2020-07-27 16:34, Joseph Brennan wrote: > Hi Dianne I hope you're well. I'm saving your message just in case! Heh. :) > Only 20 years? Even so how well we know the satisfaction of spending > a whole work day putting letters, numbers, and punctuation marks in > just the right place in a line or two of sendmail.mc Oh, for sure, Sendmail's an amazing piece of software and can be munged to do all kinds of weird and wonderful things. During the time I ran Roaring Penguin, we ran into quite a few situations where Sendmail's flexibility saved the day. But still... it's showing its age, and Postfix is a really nice tool also. Not quite as flexible as Sendmail, but close, and much more straightforward. > The very last one I did was to use access.db to limit which valid users can do > smtp auth. I need to migrate that to postfix pretty soon. I wouldn't have a clue how to do that. :) I'm still a Postfix newbie. Regards, Dianne. PS: There is an official MIMEDefang git repo on github now: https://github.com/The-McGrail-Foundation/MIMEDefang ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang and Postfix (was Re: Hi, and an update)
> I've recently taken a position at Best Practical Solutions (the folks > who make RT / Request Tracker.) I actually have to integrate MIMEDefang > with Postfix, which is not something I've done before, so I'm interested > in hearing tips or pointers from people who have done this. Well, it turned out to be super-easy. The only minor wrinkle was that I made the mimedefang socket an inet socket (127.0.0.1:8443) because Postfix runs in a chroot environment, so it was just easier that way. Then I just added this to /etc/postfix/master.cf: smtpd_milters = inet:127.0.0.1:8443 and everything just worked! Despite having used Sendmail for a long time (20 years?), I have to say I'm a fan of Postfix. Very easy to set up and quite well designed. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Hi, and an update
Hi, everyone, I've recently taken a position at Best Practical Solutions (the folks who make RT / Request Tracker.) I actually have to integrate MIMEDefang with Postfix, which is not something I've done before, so I'm interested in hearing tips or pointers from people who have done this. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Oyster (was Re: A rose by any other name... Renaming MIMEDefang. What's your idea for a name?)
On 11/12/19 10:04 AM, Kenneth Irving wrote: > Maillusc Haha, +1, Puns are my weak spot. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Oyster (was Re: A rose by any other name... Renaming MIMEDefang. What's your idea for a name?)
Oyster is cute, but likely overloaded. I know the London Underground smartcard is called Oyster. If you combine it with something else, it'd be better, I think. MailOyster or something (that doesn't exactly trip off the tongue, but I'm sure someone can come up with something that does.) Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] KAM for MIMEDefang Leadership Role
On 10/21/19 5:51 PM, Kevin A. McGrail wrote: > Good Evening everyone, > My name is Kevin A. McGrail. I've been a long-time user of MIMEDefang > and I'd like to put myself forward to take the mantle of leadership from > DFS now that she has moved on to other work. I don't envision it will > be as amazing as under Dianne's leadership but I look to continue > maintaining MD for the public good. I would love to see MIMEDefang continue as an actively-developed open-source project. I know Kevin and think he'd be an excellent person to lead the project, whether it continues under the MIMEDefang name or changes to a new name. I'm not in a position to support this project for the next 18 months or so, unfortunately, other than to provide a vote of confidence for Kevin. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Carefully Crafted Recipient executes script?
On 6/25/19 4:50 PM, Kevin A. McGrail wrote: > It's an exim exploit CVE-2019-10149. MIMEDefang won't be affected but > you are correct what it is trying to do. > In filter_recipient, add this to reject this exploit attempt: > #EXIM EXPLOIT 2019 June > if ($recip =~ /root\+\$\{run/i) { > $explanation = "Invalid user"; > $answer = 'REJECT'; > > return ($answer, $explanation); > } Thanks for the info; I was racking my brains figuring out how MIMEDefang could have been tricked by that. Unless you have odd email addresses, I'd simply reject and address that contains "${". Then you will catch variants such as postmaster+${ etc. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] on the fly s/mime signing
Hi, Your starting point should be to look at https://metacpan.org/pod/Mail::GnuPG Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] The future of MIMEDefang
Hi, > What will happen to https://mimedefang.org/ Zix now owns that domain. You'd have to ask them what they want to do with it. > Are you open to continue to operate it, or transfer it to a group of > volunteers who will continue the project? This current mailing list > can also be migrated over to that domain so it doesn’t die with the > new ownership. I am willing to keep the site and mailing list going if nobody from Zix wants to keep it going. I did ask AppRiver what the plans were a while back, but have not had a reply. > I'd hate to see MD become abandonware… Been using it since 2003… I'd hate that also. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] The future of MIMEDefang
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, everyone, As many of you probably know, I sold Roaring Penguin Software about a year ago. The company was acquired by AppRiver, and AppRiver was subsequently acquired by Zix. I no longer work with the company (or indeed in the anti-spam field... I've switched over to embedded software development.) As such, I don't have the time to maintain MIMEDefang. It would be a shame for all development to stop, however, as there are still many things that could be done to improve MIMEDefang. I'd encourage the community to take over MIMEDefang and keep development happening. I will of course follow developments with interest and undoubtedly voice my opinion from time to time :) Regards, Dianne. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEc45NlUBSkCwUfQeyaFpaXlEdMOIFAlywkqAACgkQaFpaXlEd MOIJPQ/+LCY9P+S1a7QGd57d77m1q5SOJMXYxs+M5JN38a2ZOewTm3sNxuhHA9Hf shI+yx5Mo+B39b6qZy3S4MLXmyR9ua90FdqE4REgFMEdnlZIQzi/a8YOr8RfnjCU MjsXrCGagAg+tLmM8DyAzJRfxzFaQKnPS/XFkuhqWanbGUb/2eq4AapIgNxU5LvO fkauKqE7EOzVXNU7vrtF+3Aindd72x0duJqbwyaMdBxsxRFB1T9mggFUFQEbIC6g eHQ8y7Ihws4UYkiJi4dO0XhvirdOhpJbBxCga0xdjmliVomqM5DfnMukqQffLQzn k8zVT0sh9i/dmP5xEljaw/g01vrolFB6KJtbaNEPAglMkGmopqEw3uv6ZbV/tFg/ 5cpKe5EtcmQK1Ywjpd3wA6HeHCrgKwGqHqlnsoNSOPlhUR9LESUWbaqOjGkQHwmc H5HS0pBS/y8wGU+FRMVegzWuubDomgB2MQMYBKHZOy3E/W3df+m9XAPHNwpVDspr RcRTMrgpUs4rshWGQw+q2NeTvv16zM1DHT9bePSAx2zqMaIgPJOq1UpW3n4cNw3g dZqZklRK+RR4YHgkBQ8/YuF1vv4qUM7AvgE9+2WPa0uGI5jY/2JgZTDrpqXb++Hw 1zPZJHrYHWh7o970kYLBJDj+X3HI3eeVqZsmXbawTEDZqx32N2c= =4y29 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] vcs extension
On 4/7/19 5:09 AM, Kenneth Porter wrote: > I just got a legitimate text vCard attachment in my quarantine with > a .vcs extension. It's in the list of bad file extensions in the > default filter. Why is that? The default filter is really outdated and could use some revamping and attention. If anyone cares to volunteer... :) Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DKIM body hash won't verify.
Hi, > I just put DKIM on my mail system, but gmail rejects with "body hash did not > verify", so something is wrong with how I'm hashing. Does this code look > reasonable? [snip] The code looks fine. Do services other than Gmail report a valid DKIM signature? I've observed occasional DKIM verification failures by Gmail that I've yet to be able to explain, when all other verifiers work correctly. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Migrating boilerplate signature fronte altermime
On Fri, 11 Jan 2019 16:16:23 +0100 Riccardo Bicelli wrote: > 1. Images > With altermime is nearly impossible to add images as attached/boundary > so I have to insert them as base64 ecoded in img tag. With mimedefang > Is there a way to add images boundary in boilerplate? > 2. Base64 encoded messages > Some mobile devices send messages encoded in base64. Is it possible > adding a base64 boilerplate in Mimedefang? Both of your questions have the same answer; you need to build up a new MIME message in filter_end using the MIME::tools methods to manipulate the message, and then call replace_entire_message to replace the message with your newly-constructed message. This lets you do any sort of message-manipulation you can think of. It's up to you to be careful and make sure you end up with something sensible that doesn't cause failures in email clients that you care about. In particular, mobile clients may be very fussy about the sorts of messages they display correctly. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] filter on header from display name
On Mon, 26 Nov 2018 17:55:57 +0100 Marcus Schopen wrote: > is always the same, but I can't catch it with blacklist_from. Can I get > that from $entity->head->get('From') or any better ideas? That should work, or you can open and read the file ./HEADERS, which contains the message headers (unwrapped, so exactly one header per line.) Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Question about resend_message() (Sendmail)
On Thu, 18 Oct 2018 09:57:40 -0400 John Von Essen wrote: > If I call delete_recipient(); with no argument, does it act as a > catch-all and delete ALL recipients? Nope. > Or do have do something like: > foreach(@Recipients) { delete_recipient($_); } Yup. You could wrap it in a delete_all_recipients() function if you like. > Or could I just null the @Recipients array (@Recipients = (); > add_recipient($SpamBox);) Nope. Anything you do in your filter that only affects memory within the Perl process has absolutely no effect on Sendmail. You have to call one of the functions that communicates with Sendmail to actually affect anything. If you look at the source, you'll see that delete_recipient and add_recipient make notes in the RESULTS file that ask the C code to call appropriate milter functions to *actually* make the changes. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Question about resend_message() (Sendmail)
Hi, > if ($hits >= $req) { > action_change_header("X-Spam-Score", "$hits ($score) $names"); > resend_message($SpamBox); > action_discard(); > } Rather than using resend_message to resend the message, if you have a new-enough version of Sendmail you can use delete_recipient to delete all of the original recipients and then add_recipient to add $SpamBox as a recipient. You have to loop over @Recipients to delete all the original recipients. Otherwise, you could add a magical header to the message and look for it the next time around. You have to be careful to (1) delete the magical header before letting the mail go out if it's not being redirected, and (2) only trust it if the mail does originate from localhost. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_drop_with_warning and refuse to sender
On Fri, 24 Aug 2018 23:35:54 +0200 Marcus Schopen wrote: > That might me right in most of the cases. But if you do a "silent" > reject, this has to be communicated very clearly to the recipient, as > well as rejecting at a spamassassin score of >= 5. This is nothing you > can decide on your own as postmaster, just because it makes sense. It's not silent. The sender will get a delivery failure notification. [...] > I agree that most detected virus mails (I use clamav) are virus mails. > But I myself got some valid emails from Amazon, which were marked as > "Heuristics.Phishing.Email.SpoofedDomain" and therefore those emails > were rejected. Ah, well. Don't use those dangerous signatures. Were those official ClamAV signatures or third-party signatures? Also, I'd check the virus name and maybe quarantine rather than bounce on "Heuristics" hits. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] OT: Bouncing *and* forwarding (was Re: action_drop_with_warning and refuse to sender)
On Fri, 24 Aug 2018 08:37:21 -0700 Jeff Makey wrote: > If you are willing to risk the dangers of both bouncing and forwarding > a message, https://www.youtube.com/watch?v=koRRqOJcaHs Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_drop_with_warning and refuse to sender
On Thu, 23 Aug 2018 19:50:44 +0200 Benny Pedersen via MIMEDefang wrote: > a REJECT is not a bounce, its a denied to accept it A REJECT is potentially likely to cause a bounce, but yeah... it won't be backscatter from your machine. > i dont use mimedefang, its not very good examples of doing anything > good with it :( And yet you're on the list... Hmm... MIMEDefang's a framework. It can be used for clever things or stupid things. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On Mon, 23 Jul 2018 03:31:06 -0500 Richard Laager wrote: > I have attached updated systemd service files, with the PID file > directly in /run, which I have tested with 2.84. This change also > requires specifying a lock file in $SPOOLDIR. Thanks! I'll put these in the next release. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] OT: Re: Fwd: An open letter from Papa John's CEO, Steve Ritchie
On Mon, 16 Jul 2018 11:01:27 -0400 Kris Deugau wrote: > > document.write(' > src="https://2543611.fls.doubleclick.net/activityi;src=2543611;type=email011;cat=promo0;ord > > =' + a + '?" width="1" height="1" frameborder="0" > > style="display:none">'); Have a glass of poisoned statistics: for i in `seq 1 1000`; do wget -O /dev/null "https://2543611.fls.doubleclick.net/activityi;src=2543611;type=email011;cat=promo0;ord=$RANDOM;; echo $i; done Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] utf-8 issue?
On Thu, 28 Jun 2018 10:57:06 +0300 Alexey Lobanov wrote: > It is default code with extended extension list. Trojan writers like > these file types novadays. Ah, OK, the re_match routine in MIMEDefang won't handle wide characters properly. I'll look into fixing it for a future release. I can't promise a delivery date as I'm currently recovering from major surgery and don't have the energy to do much work in a given day. :( Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] utf-8 issue?
Hi, Can you post the relevant part of your filter code that triggers this problem? Also, MIME::tools 5.009 doesn't exist; I assume it was a typo and you meant 5.509? Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Error in filter_begin
On Mon, 14 May 2018 11:32:13 + Thomas Kristensenwrote: > What happens with the email, if there is a error in filter_begin? Ex. > A database server offline and there is a query in filter_begin ? It's up to you to catch the error and call action_tempfail (or whatever you deem appropriate for handling the error.) You also need to remember that it happened and make filter and filter_end do nothing. Since filter_begin/filter/filter_end are all called in the same process, it's safe to remember that an error happened in a global variable. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_change_header
On Mon, 7 May 2018 18:31:18 + Thomas Kristensenwrote: > Then I dont understand the rebuild action. action_rebuild does nothing except set a flag telling MIMEDefang that the message must be regenerated and passed back to the milter body-replacement function. The flag is checked when filter_end returns, > Should i then do the action_change_header and also add the header to > the MIME::Entity? If it needs to be visible later on in your code, then yes. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_change_header
On Mon, 7 May 2018 13:55:19 + Thomas Kristensenwrote: > If I use action_change_header in the begining of the filter_begin, > will the header I add/change be readable later on? No, not in MIMEDefang. MIMEDefang just makes a note to ask the milter engine to add the header; Sendmail does the header addition just before delivery. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang 2.84 is Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, everyone, A really minor release is available at https://mimedefang.org/download Release notes are below, Regards, Dianne. 2018-03-21 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.84 RELEASED * mimedefang.pl: Correctly use "$mon" rather than "$min" to generate quarantine file names. * mimedefang-multiplexor: Make "workerinfo nnn" show how long ago the last state change was for a given worker. 2017-10-30 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.83 RELEASED -BEGIN PGP SIGNATURE- iFwEARECAB0WIQT8LptkVGhpj9eyFlXBhC4qEm9C4AUCWrJxnQAKCRDBhC4qEm9C 4OIaAKCy9T86dxwo9X94RkTbggMPrsuB4gCYxHub6gr/FfPtLVZLrLL7QOURKg== =T+JI -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] DKIM and boilerplate conflict
On Fri, 23 Feb 2018 04:16:40 +0100 "Randy Candy"wrote: > I have implemented the following subroutine dkim_sign (listed below) > and call it from filter_end after I verify that specific criteria are > met. Prior to calling dkim_sign I utilize append_text_boilerplate > and then call action_rebuild. My question is how do I pass the email > with boilerplate to dkim_sign? You need to do the DKIM signing in filter_wrapup, a filter callback function introduced in MIMEDefang version 2.76. It gets passed the final MIME::Entity with all your modifications. You need to write this out to a temporary file and use that file (not INPUTMSG) as the input for DKIM signing. Use $entity->stringify() to get the message that you need to sign. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] cpanel whm centos 6.9 flag on header keywords?
On Wed, 10 Jan 2018 11:20:50 -0500 Chipwrote: > Are you saying that you are not actually using .procmail except to > offload the processing to mail-filter.pl? Yes, exactly. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] cpanel whm centos 6.9 flag on header keywords?
On Wed, 10 Jan 2018 09:50:18 -0500 Chipwrote: > Isn't procmail no longer maintained because of a vulneravblity? I believe it's still maintained. However, procmail sucks (that's a technical term.) My .procmailrc looks like this: :0 | /usr/bin/perl /home/dfs/.mail-filter.pl >> /home/dfs/.mail-filter.log 2>&1 and .mail-filter.pl starts like this: #!/usr/bin/perl use strict; use warnings; use Email::Filter; and then I write my filtering policies using the excellent and amazing Email::Filter Perl module. Check it out on CPAN. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] cpanel whm centos 6.9 flag on header keywords?
Hi, As far as I'm aware, cPanel *requires* you to use the Exim MTA, and MIMEDefang is not compatible with Exim. There is therefore no way to install MIMEDefang on a machine running cPanel. You need a different strategy. Maybe a commercial spam-filtering service, which we do offer. :) sa...@roaringpenguin.com Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] typo in hour_str()?
On Tue, 26 Dec 2017 00:59:23 +0100 Franz Schwartauwrote: > After upgrading to 2.83 of mimedefang I'm wondering if "$min+1" should > read "$mon+1" in hour_str(): It should; I have it fixed in git, but haven't made a new release of MIMEDefang with the fix in place yet. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] utf-8 issue?
On Thu, 14 Dec 2017 17:26:38 -0500 "Bill Cole"wrote: > > This will cause other problems down the line. I suggest you > > study the section "Byte and Character Semantics" in the perlunicode > > man page. > Thanks for the reference and for your patience with my confusion. I > understand much better now: anything expressed as a string has to > make sense as a series of encoded characters, not a series of bytes. Right. We completely overhauled our commercial CanIt software to handle Unicode and it took me about four weeks to completely grok how Perl handles Unicode and how the Encode module should be used. It was quite painful. :) Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Is calling action_rebuild() idempotent?
On Thu, 14 Dec 2017 08:52:32 -0800 Amit Guptawrote: > If I call action_rebuild() a couple times in my filter_end code, could > it have different effects depending on when it's called? Nope. All it does is set a flag informing mimedefang.pl it should rebuild the message when filter_end is done. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] utf-8 issue?
On Wed, 13 Dec 2017 20:37:36 -0500 "Bill Cole"wrote: > -return IO::File->new(\ $self->{MBS_Data}, $mode); > +return IO::Scalar->new(\ $self->{MBS_Data}, $mode); This will cause other problems down the line. I suggest you study the section "Byte and Character Semantics" in the perlunicode man page. Modern Perl does let you open a "file" by passing a reference to a scalar; it has built-in in-memory I/O. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] utf-8 issue?
On Wed, 13 Dec 2017 21:03:27 -0500 "Bill Cole"wrote: > It is entirely possible (as stated explicitly in RFC2045) for a MIME > entity to contain unencoded binary data: any arbitrary stream of > bytes. Stream of *bytes* yes. But Perl native characters > 0xFF are not bytes. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] utf-8 issue?
On Wed, 13 Dec 2017 16:28:58 -0500 "Bill Cole"wrote: > Unfortunately, I tested a bit more and found that bug is still extant > in 5.509, when tested with the one-liner in that bug report. That "bug" is a WONTFIX. You can NOT feed MIME::Entity->build() data with raw characters > 0xFF. It doesn't make sense because MIME messages are alway 8-bit messages; you need to encode everything as UTF-8 first before passing to MIME::Entity->build(). I should comment on the ticket. The correct way to build the entity would be: use Encode; use MIME::Entity; my $data = "\x{1f4a9}"; my $e = MIME::Entity->build(Data => Encode::encode('UTF-8', $data, Encode::FB_CROAK)); $e->print(); So the question is... how on Earth are characters > 0xFF getting passed to MIME::Entity->build() from within mimedefang.pl? I will close the bug on CPAN. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] utf-8 issue?
On Tue, 12 Dec 2017 15:43:14 +0200 Mark Coetserwrote: > Error from multiplexor: ERR No response from slave > Reap: slave 1 (pid 15022) exited normally with status 22 (SLAVE DIED > UNEXPECTEDLY) I've never seen this before. I'm also not convinced it's related to the UTF-8 issue. Could you post the exact filter you are using? I'm also running on Stretch, btw. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mailsploit prevention in MD
On Wed, 6 Dec 2017 01:37:39 +0100 Jan-Pieter Cornetwrote: > Another bug with it's own logo and website has appeared: > www.mailsploit.com. Interesting. The code-injection part is worrying, but IMO the spoofing part is completely uninteresting. There are so many ways to fool people regarding DKIM/DMARC/SPF that you don't need malformed messages to do it. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Error with mimedefang + clamd
On Fri, 24 Nov 2017 15:53:44 +0200 "Info @ brainwash"wrote: > Hence, without the -d parameter, the issue is that the work folders > are removed before clamd has a chance to scan them. No, that is absolutely NOT the case. Something else has changed on your system in the interim. Take out the -d option and restart. It should still work. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Error with mimedefang + clamd
Hi, > Actually, user is clamscan.. Did you restart ClamAV after adding clamscan to the defang group? And did you ensure that AllowSupplementaryGroups in clamd.conf is set to "yes" ? Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Error with mimedefang + clamd
On Thu, 23 Nov 2017 20:36:50 +0200 "Info @ brainwash"wrote: > Tried the commands you mention.. to no effect however.. :( Please post the output of these commands: id clamav ls -ld / /var /var/spool /var/spool/MIMEDefang/ Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Error with mimedefang + clamd
On Thu, 23 Nov 2017 14:25:28 +0200 "Info @ brainwash"wrote: > mimedefang with the -G option and have the clamav user as member of > the defang group. In particular, the startup parameters of both [...] > .. and I get the issues with the Work files creation as initially > mentioned, even though clamav user is a member of the defang group. > Unfortunately, I cannot run clamav under defang due to admin > restricions/policies. Try stopping MIMEDefang and running: chgrp -R defang /var/spool/MIMEDefang chmod 750 /var/spool/MIMEDefang chmod g+s /var/spool/MIMEDefang That will make /var/spool/MIMEDefang have group "defang" and set the SGID bit on the directory, meaning any directories or files created under /var/spool/MIMEDefang will also have group "defang" (and recursively down the whole tree.) Rgeards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Error with mimedefang + clamd
Hi, You should either add the ClamAV user to the "defang" group and use the "-G" option to have mimedefang create group-accessible files, or simply run clamd as the "defang" user directly. Regards, Dianne. > Clam has been unable to scan for e-mails when received by MIMEDefang, > producing the following error in the log: > > WARNING: lstat() failed on: /var/spool/MIMEDefang/mdefang-UB1us0i/Work ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Quarantine directory name incorrect
On Sun, 19 Nov 2017 10:39:56 +1100 Bill Maidmentwrote: > In recent times I have noticed that the quarantine directory name has > been generated incorrectly using the minute value instead of the > month value. The problem appears to be in mimedefang.pl subroutine > hour_str where it returns $min+1 instead of $mon+1 :( Oh wow, what a silly typo. Thanks for catching it. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] replace_entire_message() help
On Fri, 17 Nov 2017 08:34:50 -0800 "Michael Fox"wrote: > In other words, if the top-level headers can't be replaced by new > values in the MIME::Entity->build() method, then why do I still need > to include them when building the new entity? Ah, I guess you don't. But I'd do it anyway just for the sake of sanity and consistency. As you point out later, if you attach sub-entities to the parent entity, they need the headers fully-specified. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] replace_entire_message() help
On Fri, 17 Nov 2017 07:46:00 -0800 "Michael Fox"wrote: > 1) When building $new_entity, does every field need to be included? Yes. > Or will extra info be copied from the existing $entity? No, unless you arrange for that in your code. > 2) I can't figure out how to replace the Subject header - even with a > string literal. For example, suppose I have the following in > filter_end(): You can't replace top-level headers this way. You need to use action_change_header(...) > What comes through the filter (received in the user's mailbox) is a > text/plain message with the original subject and the replacement > body. What am I doing wrong? See above! Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang with postfix. Process memory usage over time.
On Fri, 10 Nov 2017 18:44:20 -0500 Robert Theisenwrote: > Did you find anything of concern in the mimedefang process on your > host that was consuming 8GB RAM? No, and here's the weird thing. I attached using gdb and forced a core dump. The core file was only 98MB in size. I have no idea what would cause that. The mail server is very busy and mimedefang would have hundreds of threads going, so I can easily see a 98MB process image with all of the threads' stacks. I'm sorry, but this has me stumped. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang with postfix. Process memory usage over time.
On Fri, 10 Nov 2017 13:18:15 -0500 Robert Theisenwrote: > { > struct privdata *data; > char *val; > char buf[256]; > if (*macro && *(macro+1)) { > /* Longer than 1 char -- use curlies */ > snprintf(buf, sizeof(buf), "{%s}", macro); > val = smfi_getsymval(ctx, buf); > } else { > val = smfi_getsymval(ctx, macro); > } > ... > } > > at snprintf(buf, sizeof(buf), "{%s}", macro); > > that buf[256] is not getting cleaned up even though it is a local > variable that is falling out of scope? Um what? There's nothing to clean up. CLeaning that up simply involves the C compiler incrementing the stack pointer by sizeof(buf); it's an automatic variable. > The strike against that theory would be that my memory dump shows that > the "i" and "j" variables are included in that memory chunk. But the > single character i and j values are never copied to the local buf[256] > variable. If you're linking against a version of libmilter older than 8.14.4, the library has a memory leak in it that could be causing this. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang with postfix. Process memory usage over time.
Hi again, What version of libmilter are you linking against? There was a memory leak in libmilter in versions older then 8.14.4. https://groups.google.com/forum/#!topic/linux.debian.bugs.dist/I3QpUbpdwSM Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang with postfix. Process memory usage over time.
On Fri, 10 Nov 2017 10:33:10 -0500 Robert Theisenwrote: [snip] > and that macro gets copied to dbuf at line 952 > > /* Write the standard macros */ > macro = StandardSendmailMacros; > while (*macro) { > append_macro_value(, ctx, *macro); > macro++; > } > > > Is it possible that that dbuf is not getting freed properly on down > the line? I can't see how. A bit further down: if (data->cmdFD < 0) { dbuf_free(); cleanup(ctx); DEBUG_EXIT("envfrom", "SMFIS_TEMPFAIL"); return SMFIS_TEMPFAIL; } if (write_dbuf(, data->cmdFD, data, "COMMANDS") < 0) { dbuf_free(); cleanup(ctx); DEBUG_EXIT("envfrom", "SMFIS_TEMPFAIL"); return SMFIS_TEMPFAIL; } dbuf_free(); and there are no branches or returns between the code you posted and the code I posted above. However, I just checked one of our busy servers and the mimedefang process is 8GB which seems large. I'll investigate to see if I can find a memory leak. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] How-to: Extracting Inline Images from Emails?
On Wed, 8 Nov 2017 18:49:01 -0500 "Kevin A. McGrail"wrote: > I'm trying to rip out attachments that are inline as well as > attachments from emails. Inline attachments are not special; they're just like regular attachments except they have a Content-Disposition: of inline and quite likely have a Content-ID: header. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Part’s parent content-type
On November 4, 2017 9:25:20 PM EDT, Amit Guptawrote: >Thank you Dianne! This is going to sound silly, but what I'm looking >for is a function like >$parent_part = get_parent ($top_entity, $part); No such function exists. That's why you have to do it the way I illustrated. You could probably use the framework I posted to write such a function, but I would rethink what you're trying to do to make it fit more naturally into the recursive MIME structure. You are thinking non-recursively when you request such a function. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Part’s parent content-type
On Fri, 3 Nov 2017 22:37:46 -0700 Amit Guptawrote: > When iterating through the parts of a MIME::Entity using parts_DFS, > what would be the best way to get a reference to a part's parent > entity or parent entity type? Pass it in when you recurse. sub process { my ($entity, $parent_entity) = @_; if ($entity->is_multipart()) { foreach my $p (@{$entity->parts()}) { process ($p, $entity); } return; } # Process non-multiparts here } Call it with: process($toplevel, undef) If you need the entire chain of entities all the way to the top, use an array: sub process { my ($entity, $parents) = @_; $parents ||= []; if ($entity->is_multipart) { my @parents_copy = @$parents; push(@parents_copy, $entity); foreach my $p (@{$entity->parts()}) { process($p, \@parents_copy); } return; } # Process non-multiparts here } Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang 2.83 is released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.83 is released and available at the download page: https://mimedefang.org/download Release notes follow. Regards, Dianne. 2017-10-30 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.83 RELEASED * mimedefang.pl: Do not add a Message-ID: header when handing a message to SpamAssassin if the original message lacks such a header. * Add systemd unit files; thanks to Richard Laager. * Minor tweaks to the sample filter. * mimedefang-multiplexor: Change the maxLifetime option to kick in only once a worker has processed at least one request; also check for exceeded lifetimes during the periodic idle-time check. * mimedefang-multiplexor: Fix an exit(EXIT_FAILURE) to be exit(EXIT_SUCCESS) in one place. 2017-09-08 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.82 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v2 iD8DBQFZ90zXwYQuKhJvQuARApx7AJoCUIH7hElG+oQwzg9+d1S4JhqQsgCeOVI2 bAt78Zj0wZ5ypBuVaNrlNAI= =tc1d -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] base64 to quoted-printable
On Fri, 13 Oct 2017 10:20:04 -0400 Dianne Skoll <d...@roaringpenguin.com> wrote: > # non-recursive case: Single part. > # If $in_entity is base-64 encoded, make a new $new_entity > # that is qp-encoded and call $out_entity->attach($new_entity) > # and return 1 to indicate that a change was made. > # Otherwise, call $out_entity->attach($in_entity) > # and return 0. Oh, sorry. ->attach should be ->add_part. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] base64 to quoted-printable
On Fri, 13 Oct 2017 06:53:33 -0700 "Michael Fox"wrote: > While I appreciate everyone's attempt to warn me that "there be > dragons", the facts are that the client is what it is, it serves > hundreds of people (in my location alone), and the problem needs > solving. OK. You will most likely have to do all your changes in filter_end. You'll need to traverse the MIME tree, looking for text/* parts. If any are Base-64 encoded, you'll need to load them in and re-encode them using Quoted-Printable. As you do this, you need to build up a *new* replacement MIME::Entity. Finally, call replace_entire_message with your new entity as the argument. I won't give the actual Perl code, but here's a basic sketch, completely untested. I really have no idea whether or not this will work, but I think the basic approach is correct. :) sub re_encode { my ($in_entity, $out_entity, $did_something) = @_; # If it's multipart, recurse if ($in_entity->is_multipart) { my $new_entity = MIME::Entity->build(Type => $in_entity->type); $out_entity->add_part($new_entity); foreach my $p (@{$in_entity->parts}) { if (re_encode($p, $new_entity, $did_something)) { $did_something = 1; } } return $did_something; } # non-recursive case: Single part. # If $in_entity is base-64 encoded, make a new $new_entity # that is qp-encoded and call $out_entity->attach($new_entity) # and return 1 to indicate that a change was made. # Otherwise, call $out_entity->attach($in_entity) # and return 0. } sub filter_end { my ($entity) = @_; my $replacement_entity = MIME::Entity->build(Type => 'multipart/mixed'); my $changes_made = re_encode($entity, $replacement_entity, 0); if ($changes_made) { # Recursively remove single-part "multiparts" starting # from top-level. while ($replacement_entity->is_multipart && scalar(@{$replacement_entity->parts}) == 1) { $replacement_entity = $replacement_entity->parts(0); } replace_entire_message($replacement_entity); } } ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] base64 to quoted-printable
On Tue, 10 Oct 2017 16:11:07 -0400 Joseph Brennanwrote: > On Tue, Oct 10, 2017 at 1:48 PM, Michael Fox wrote: > > I need to convert base64 to something readable. > To be honest I can't think of a reason to do this. Any client from > this century can read base64. Mimedefang and Spamassassin can read it > too, so searching content just works. And QP is not necessarily any more readable than B64, depending on the source language. Is =D7=A2=D7=91=D7=A8=D7=99=D7=AA=E2=80=8E any more readable than 16LXkdeo15nXquKAjg== ? :) Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] return values
Hi, > Shouldn't filter() and filter_multipart() simply use "return;" (with > no return value)? If not, please help me understand. The return value of filter and filter_multipart is ignored. I sometimes write: return action_accept(); as shorthand for: action_accept(); return; > Issue 2: bounce or discard, which is it? Yeah, that makes no sense. :) > In the "suggested-minimum-filter." filter function, there is this: > # Block message/partial parts > if (lc($type) eq "message/partial") { > md_graphdefang_log('message/partial'); > action_bounce("MIME type message/partial not accepted here"); > return action_discard(); > } Replace return action_discard(); with return; I will fix the filter. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] best practices for handling filename extensions
On Thu, 5 Oct 2017 14:04:59 +0200 Mark Coetserwrote: > Pretty sure the filetype matching is done by checking the actual mime > type of the file not just what the file extension is, so just > renaming the file will still not allow the file through. The sample filter doesn't do that; it only looks at the actual filename. Some people have written code that probes the file to figure out the MIME type, but that code's not part of the MIMEDefang distribution. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On Wed, 4 Oct 2017 18:58:39 -0500 Richard Laagerwrote: > I have submitted the slightly updated versions to Debian: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877663 > Dianne, you may want to ship these (or similar) upstream, but that's > obviously up to you. It doesn't make any difference to me personally, > since I use the downstream packaging. I might as well put it in upstream. Thanks for the work! Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] You *are* using the multiplexor (was Re: Reload doesnt work)
On Tue, 03 Oct 2017 03:18:37 -0400 "Bill Cole"wrote: > OR if you are not using the mimedefang-multiplexor (which I think > everyone should...) MIMEDefang hasn't supported *not* using the multiplexor for ages, since at least version 2.51 released in February 2005. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On Thu, 28 Sep 2017 23:11:18 -0500 Richard Laagerwrote: > 1) Is it necessary to rm $SOCKET and $MX_SOCKET *before starting*? It's best to do so because if mimedefang or mimedefang-multiplexor crashes, the socket files will be left lying around and startup will likely fail. > 2) Is it necessary to rm $SOCKET and $MX_SOCKET *after stopping*? It's best to do so in order that stale socket files are not left lying around. > 3) The init script (at least on Ubuntu) says, '# Locale should be set > to "C" for generating valid date headers'. I see a strftime() in > mimedefang-multiplexor.c. Plus, the Perl code inherits from the > multiplexor, so I can understand this. Is setting LC_ALL=C necessary > for the mimedefang process too, or just mimedefang-multiplexor? I don't know; it's probably safer for both. > 4) The mimedefang-multiplexor process exits with status 1 on SIGTERM. This is a bug that was corrected in MIMEDefang 2.82. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] base64 to text
On Tue, 26 Sep 2017 21:53:14 -0700 "Michael Fox"wrote: > Does there exist a repository of functions written by folks for MD? > It sure would help us noobs to not have to re-invent the wheel. MIME::tools is what you want; it's a prerequisite for MIMEDefang and is therefore already installed. man MIME::Entity is your starting point. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On Tue, 26 Sep 2017 15:48:42 -0400 "Bill Cole"wrote: > I'm uneasy telling any author that they're wrong about their own code > but as far as I can tell, that is only conditionally true: Oh dear... you are correct. :) Seeing as I don't use those scripts myself, I've never encountered the problem. :( Mea culpa. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On Tue, 26 Sep 2017 09:38:18 -0400 "Bill Cole"wrote: > bigsky:mimedefang-2.82 bill$ grep -A3 'stop)' The stop_it function in init-script.in and the stop function in redhat/mimedefang-init.in both wait for the daemons to exit. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] base64 to text
On Tue, 26 Sep 2017 09:05:01 +0200 (CEST) Steffen Kaiserwrote: > Honestly, I would de-MIME the whole message, re-format it and replace > the entire message with the new one. Honestly, *I* would tell anyone using ancient non-MIME-aware software "too bad; update your software to 1999 standards, please!" :) Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On Mon, 25 Sep 2017 16:08:46 -0500 Richard Laagerwrote: > There are a couple ways to address this. As discussed, the init script > can be changed to always wait on stop. Then the automatic mapping in > systemd should Just Work. The sample init script that ships with MIMEDefang does wait on stop. If you have a script that doesn't, that's a distribution bug and not a MIMEDefang bug and it's definitely more productive to take this up with the distribution maintainer. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On Fri, 22 Sep 2017 23:59:38 -0700 "Michael Fox"wrote: > This seems like a clear bug in MIMEDefang. Not at all. This problem is not present with Sendmail, so I have no idea what would cause it with Postfix. Removing the MIMEDefang socket prior to starting MIMEDefang should fix this. The sample init script given with MIMEDefang does exactly this. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Message-ID
On Mon, 11 Sep 2017 23:38:32 -0500 Richard Laagerwrote: > > Nothing at all. There's no Message-ID header in the message that > > gets passed to SpamAssassin. > Are you sure? > spam_assassin_mail() calls gen_msgid_header(). Ah... apparently I was wrong. I think that's a bug. I'm going to delete that line. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Message-ID
On Mon, 11 Sep 2017 16:26:38 -0400 Joseph Brennanwrote: > When a message comes in with no Message-ID header, and MD passes it to > SpamAssassin, what is in the Message-ID that SA sees? Nothing at all. There's no Message-ID header in the message that gets passed to SpamAssassin. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang 2.82 is released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.82 is released and available at the download page: https://mimedefang.org/download Release notes follow. Regards, Dianne. 2017-09-08 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.82 RELEASED * Update contrib/graphdefang with improvements from Kevin A. McGrail. * Fix Red Hat init script (thanks to Robert Scheck) * Exit with EXIT_SUCCESS if mimedefang-multiplexor is told to terminate. * Terminology change: Change "slave" to "worker" everywhere. *** NOTE INCOMPATIBILITY *** Check your init scripts to make sure they use current names for shell variables; a few "SLAVE" strings have been changed to "WORKER" * Add a new -V maxLifetime option to mimedefang-multiplexor that terminates worker processes after maxLifetime seconds (approximately). This is in addition to the -r maxRequests option. * Log the lifetime and number of requests processed when we terminate a worker process. 2017-08-31 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.81 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v2 iD8DBQFZsq1HwYQuKhJvQuARAveHAJ9egYnzBWeoZEXNgXH4IdMwIUNw0gCbBx7Q fIDp4bJS633W4efBWvPqO7o= =CjtY -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang 2.81 is released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.81 is released and available at the download page: https://mimedefang.org/download Release notes follow. Regards, Dianne. 2017-08-31 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.81 RELEASED * Don't barf if the installed version of Sys::Syslog has a developer tag added (like 0.33_01 on Debian Stretch). * Make mimedefang and mimedefang-multiplexor write their PID files as root to avoid the "defang" user tampering with the pidfiles. Thanks to Michael Orlitzky for pointing this issue out. *** NOTE INCOMPATIBILITY *** You should move your PID files out of the MIMEDefang spool directory and into a standard root-owned directory like /var/run. Use the -o option to create lock files in the spool directory. The sample init scripts have been updated to reflect this. 2017-07-24 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.80 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v2 iD8DBQFZqW11wYQuKhJvQuARAiJaAJ443e51m1ak9VeGA3Fn6CmGNdOQkQCghh+N NFgH0VQVF9ZeJSb5PXkIAJ4= =Ie8f -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Privilege escalation via PID file manipulation
Hi, This is a much more extensive patch, but I believe it does finally close the hole if you keep your PID files in a root-owned directory. Please test this; I plan on releasing 2.81 tomorrow. Regards, Dianne. diff --git a/Changelog b/Changelog index da1a867..b9f09fa 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,18 @@ WARNING: Before upgrading MIMEDefang, please search this file for *** NOTE INCOMPATIBILITY ** to see if anything has changed that might affect your filter. +2017-08-31 Dianne Skoll <d...@roaringpenguin.com> + + * Make mimedefang and mimedefang-multiplexor write their PID files + as root to avoid an unprivileged user tampering with the pidfiles. + + *** NOTE INCOMPATIBILITY *** + + You should move your PID files out of the MIMEDefang spool directory + and into a standard root-owned directory like /var/run. Use the -o + option to create lock files in the spool directory. The sample + init scripts have been updated to reflect this. + 2017-07-24 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.80 RELEASED diff --git a/examples/init-script.in b/examples/init-script.in index 346efca..8da803f 100755 --- a/examples/init-script.in +++ b/examples/init-script.in @@ -10,8 +10,10 @@ RETVAL=0 prog='mimedefang' SPOOLDIR='@SPOOLDIR@' -PID="$SPOOLDIR/$prog.pid" -MXPID="$SPOOLDIR/$prog-multiplexor.pid" +PID="/var/run/$prog.pid" +MXPID="/var/run/$prog-multiplexor.pid" +LOCK="$SPOOLDIR/$prog.lock" +MXLOCK="$SPOOLDIR/$prog-multiplexor.lock" # These lines keep SpamAssassin happy. Not needed if you # aren't using SpamAssassin. @@ -229,7 +231,7 @@ start_it() { else EMBEDFLAG="" fi -$PROGDIR/$prog-multiplexor -p $MXPID \ +$PROGDIR/$prog-multiplexor -p $MXPID -o $MXLOCK \ $EMBEDFLAG \ `[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \ `[ -n "$FILTER" ] && echo "-f $FILTER"` \ @@ -269,7 +271,7 @@ start_it() { # Start mimedefang printf "%-60s" "Starting $prog: " rm -f $SOCKET > /dev/null 2>&1 -$PROGDIR/$prog -P $PID -R $LOOPBACK_RESERVED_CONNECTIONS \ +$PROGDIR/$prog -P $PID -o $LOCK -R $LOOPBACK_RESERVED_CONNECTIONS \ -m $MX_SOCKET \ `[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \ `[ -n "$MX_USER" ] && echo "-U $MX_USER"` \ diff --git a/mimedefang-multiplexor.8.in b/mimedefang-multiplexor.8.in index 980b57d..3505e48 100644 --- a/mimedefang-multiplexor.8.in +++ b/mimedefang-multiplexor.8.in @@ -117,7 +117,18 @@ for the format of \fIsocket\fR. .TP .B \-p \fIfileName\fR Causes \fBmimedefang-multiplexor\fR to write its process-ID (after -becoming a daemon) to the specified file. +becoming a daemon) to the specified file. The file will be owned +by root. + +.TP +.B \-o \fIfileName\fR +Causes \fbmimedefang-multiplexor\fR to use \fIfileName\fR as a lock +file to avoid multiple instances from running. If you supply +\fB\-p\fR but not \fB\-o\fR, then \fbmimedefang-multiplexor\fR +constructs a lock file by appending ".lock" to the pid file. However, +this is less secure than having a root-owned pid file in a root-owned +directory and a lock file writable by the user named by the \fB\-U\fR +option. (The lock file must be writable by the \fB\-U\fR user.) .TP .B \-f \fIfilter_path\fR diff --git a/mimedefang-multiplexor.c b/mimedefang-multiplexor.c index 13b77b9..2e44f12 100644 --- a/mimedefang-multiplexor.c +++ b/mimedefang-multiplexor.c @@ -56,6 +56,12 @@ static void limit_mem_usage(unsigned long rss, unsigned long as); #endif +static char *pidfile = NULL; +static char *lockfile = NULL; + +/* Number of file descriptors to close when forking */ +#define CLOSEFDS 256 + /* Weird case, but hey... */ #if defined(HAVE_WAIT3) && !defined(HAVE_SETRLIMIT) #include @@ -346,6 +352,7 @@ static int get_hourly_history_totals(int cmd, time_t now, int hours, int *total, #define NUM_FREE_SLAVES(SlaveCount[STATE_IDLE] + SlaveCount[STATE_STOPPED]) #define NUM_RUNNING_SLAVES (SlaveCount[STATE_IDLE] + SlaveCount[STATE_BUSY] + SlaveCount[STATE_KILLED]) +#define REPORT_FAILURE(msg) do { if (kidpipe[1] >= 0) { write(kidpipe[1], "E" msg, strlen(msg)+1); } else { fprintf(stderr, "%s\n", msg); } } while(0) /** * %FUNCTION: state_name @@ -496,6 +503,7 @@ usage(void) fprintf(stderr, " -v-- Print version and exit\n"); fprintf(stderr, " -t filename -- Log statistics to filename\n"); fprintf(stderr, " -p filename -- Write process-ID in filename\n"); +fprintf(stderr, " -o file -- Use specified file as a lock file\n"); fprintf
Re: [Mimedefang] Privilege escalation via PID file manipulation
Hi, The patch I posted earlier does not completely fix the problem. True, the pid file is owned by root, but it's created in a directory owned by defang, so there's still a way for the "defang" user to subvert this. I will have a patch by tomorrow that separates out the pid file (which will be root-owned in a root-owned directory) from the lock file (which can be defang-owned in a defang-owned directory.) Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Privilege escalation via PID file manipulation
On Thu, 31 Aug 2017 12:11:05 -0400 Michael Orlitzkywrote: > Hmmm, in that case, maybe the PID file is being reused for a purpose > that it isn't really suited for? The contents of the PID file are > slightly sensitive, since init scripts tend to trust them -- but the > contents of a lock file aren't. Would it make more sense to have a > separate lock file, whose only purpose is to prevent multiple daemons > from starting (and not to provide info to an init system)? That makes sense. I'll do it that way. Thanks for alerting me to this. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Privilege escalation via PID file manipulation
On Thu, 31 Aug 2017 11:38:25 -0400 Michael Orlitzkywrote: > You'll have to forgive the stupid question since I'm not a regular > user of MIMEDefang, but what's the purpose of the file lock? Is it to > prevent multiple daemons from running at the same time when they're > not managed by an init system? Yep. In the days of systemd and the like, this is probably not necessary, but not everyone runs systemd. If people do use systemd or whatever, then they'd start mimedefang and mimedefang-multiplexor without the options that create the pidfiles and let systemd manage the processes. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Privilege escalation via PID file manipulation
Here's a patch that should apply against MIMEDefang 2.80. Again, I cannot see any way to completely close this hole as long as we're holding an fcnrtl(F_SETLCK)-style lock, since the descriptor must be kept open. I do as much as I can to mitigate this by destroying the variable containing the fd, but an attacker could pretty quickly discover which fd is pointing to the lock file. Since an exploit requires compromising the daemon, I would say this is not a super-urgent problem. Regards, Dianne. diff --git a/Changelog b/Changelog index da1a867..d056e4f 100644 --- a/Changelog +++ b/Changelog @@ -2,6 +2,11 @@ WARNING: Before upgrading MIMEDefang, please search this file for *** NOTE INCOMPATIBILITY ** to see if anything has changed that might affect your filter. +2017-08-31 Dianne Skoll <d...@roaringpenguin.com> + + * Make mimedefang and mimedefang-multiplexor write their PID files + as root to avoid an unprivileged user tampering with the pidfiles. + 2017-07-24 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.80 RELEASED diff --git a/mimedefang-multiplexor.c b/mimedefang-multiplexor.c index 13b77b9..3dbf6e0 100644 --- a/mimedefang-multiplexor.c +++ b/mimedefang-multiplexor.c @@ -566,6 +566,7 @@ main(int argc, char *argv[], char **env) int c; int n; char *pidfile = NULL; +int pidfile_fd = -1; char *user = NULL; char *options; int facility = LOG_MAIL; @@ -919,6 +920,17 @@ main(int argc, char *argv[], char **env) strcat((char *) Settings.sockName, "/mimedefang-multiplexor.sock"); } +/* Open the pidfile as root. We'll lock it later in the grandchild */ +if (pidfile) { + pidfile_fd = open(pidfile, O_RDWR|O_CREAT, 0666); + if (pidfile_fd < 0) { + syslog(LOG_ERR, "Could not open PID file %s: %m", pidfile); + exit(EXIT_FAILURE); + } + /* It needs to be world-readable */ + fchmod(pidfile_fd, 0644); +} + /* Drop privileges */ if (user) { pw = getpwnam(user); @@ -1134,7 +1146,7 @@ main(int argc, char *argv[], char **env) } for (i=0; i<256; i++) { - if (i == unpriv_sock || i == sock || i == Pipe[0] || i == Pipe[1]) continue; + if (i == pidfile_fd || i == unpriv_sock || i == sock || i == Pipe[0] || i == Pipe[1]) continue; (void) close(i); } @@ -1155,10 +1167,12 @@ main(int argc, char *argv[], char **env) /* Write pid */ if (pidfile) { - if (write_and_lock_pidfile(pidfile) < 0) { + if (write_and_lock_pidfile(pidfile, pidfile_fd) < 0) { exit(1); } free(pidfile); + /* Forget the fd */ + pidfile_fd = -1; } /* Set up SIGHUP handler */ diff --git a/mimedefang.c b/mimedefang.c index 7e74137..5d545c4 100644 --- a/mimedefang.c +++ b/mimedefang.c @@ -2331,6 +2331,7 @@ main(int argc, char **argv) int got_p_option = 0; int kidpipe[2]; char kidmsg[256]; +int pidfile_fd = -1; mode_t socket_umask = 077; mode_t file_umask = 077; @@ -2611,6 +2612,17 @@ main(int argc, char **argv) exit(EXIT_FAILURE); } +/* Open the pidfile as root. We'll lock it later in the grandchild */ +if (pidfile) { + pidfile_fd = open(pidfile, O_RDWR|O_CREAT, 0666); + if (pidfile_fd < 0) { + syslog(LOG_ERR, "Could not open PID file %s: %m", pidfile); + exit(EXIT_FAILURE); + } + /* It needs to be world-readable */ + fchmod(pidfile_fd, 0644); +} + /* Look up user */ if (user) { pw = getpwnam(user); @@ -2715,12 +2727,14 @@ main(int argc, char **argv) /* Write pid */ if (pidfile) { - if (write_and_lock_pidfile(pidfile) < 0) { + if (write_and_lock_pidfile(pidfile, pidfile_fd) < 0) { /* Signal the waiting parent */ REPORT_FAILURE("Cannot lock pidfile: Is another copy running?", 45); exit(1); } free(pidfile); + /* Forget the fd */ + pidfile_fd = -1; } (void) closelog(); diff --git a/mimedefang.h b/mimedefang.h index 381316d..608c2e6 100644 --- a/mimedefang.h +++ b/mimedefang.h @@ -66,7 +66,7 @@ extern int make_listening_socket(char const *str, int backlog, int must_be_unix) extern void do_delay(char const *sleepstr); extern int is_localhost(struct sockaddr *); extern int remove_local_socket(char const *str); -extern int write_and_lock_pidfile(char const *pidfile); +extern int write_and_lock_pidfile(char const *pidfile, int fd); #ifdef EMBED_PERL extern int make_embedded_interpreter(char const *progPath, char const *subFilter, diff --git a/utils.c b/utils.c index 7d4f9c1..1ca3db6 100644 --- a/utils.c +++ b/utils.c @@ -1300,9 +1300,8 @@ free_debug(void *ctx, void *x, char const *fname, int line) #endif int -write_and_lock_pidfile(char const *pid
Re: [Mimedefang] Privilege escalation via PID file manipulation
Hi, > The MIMEDefang daemons should create their PID files before dropping > privileges. This represents a minor security issue; additional factors > are needed to make it exploitable. I have made a patch to open the PID files as root. However, since the process has to keep the file descriptor open in order not to lose the file lock, it doesn't completely eliminate the chance of an exploit. I will post the patch in a little while, once I have thoroughly tested it. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang Digest, Vol 165, Issue 5
On Mon, 28 Aug 2017 20:49:41 -0700 Amit Guptawrote: > Regarding your comment about the downside is that it would "Hold open > more connections and use more milter threads." I wasn't quite sure > what you meant by "using more milter threads"? mimedefang (the C program, as distinct from mimedefang-multiplexor) is multi-threaded, and it holds open a thread for each active SMTP session. So there will be more threads active if sessions are queued than if you don't queue sessions. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] ALLOW_NEW_CONNECTIONS_TO_QUEUE behavior
On Sat, 26 Aug 2017 22:52:15 -0700 Amit Guptawrote: > Assume a burst of emails comes in and all 20 md processes are busy > working. > 1) What should the 21st and higher connecting clients > experience? Sendmail will appear to respond more slowly than usual. > 2) Is there a configurable limit to the number of queued > connections? Yep. The "-q" option to mimedefang-multiplexor. See the -q and -Q command-line options in the mimedefang-multiplexor(8) man page. > 3) What's the downside of letting the connections queue > other than holding open more TCP connections? Holding open more connections and using more milter threads. > 4) Any other tips on the settings you use in production? If you actually need to queue requests more than occasionally, you need a more powerful server. The queueing feature is supposed to handle transient bursts of traffic. It isn't meant to squeeze more steady-state performance out of a server. > The reason I'm asking is because we recently had a burst of traffic > that caused the IO on our server to go up to a point where everything > became unresponsive for a couple minutes. We had our MX_MAXIMUM set > to 110. How much RAM did you have? You really, really, really don't want a MIMEDefang scanning server to start swapping. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] MIMEDefang 2.80 is released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, MIMEDefang 2.80 is available at http://mimedefang.org/download Release notes follow. Regards, Dianne. 2017-07-24 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.80 RELEASED * md-mx-ctrl: Add newline to mimedefang-multiplexor output that lacks a newline. * mimedefang-util: Properly substitute @PERL@ at configure time. * mimedefang-multiplexor.c: Move variable declarations to start of compound statement to avoid problems with older C compilers. * mimedefang.pl: Add an extra level of subdirectories in the quarantine to avoid 32K subdirectory limit on ext3. Idea by Kevin McGrail. *** NOTE INCOMPATIBILITY *** Quarantine subdirectory naming changed. * mimedefang.c: Fix bug that caused Queue-ID not to show up when using MIMEDefang with Postfix (thanks to Kris Deugau). 2016-09-26 Dianne Skoll <d...@roaringpenguin.com> * MIMEDefang 2.79 RELEASED -BEGIN PGP SIGNATURE- Version: GnuPG v2 iD8DBQFZdi8jwYQuKhJvQuARAnOXAJ9YsfeH4G17MTFbSzOC9xlm2hS0sQCgsqXy tDJKcA3UgQScci8Pd0W892o= =Hzje -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] adding promotional banner to top of email
On Sat, 24 Jun 2017 10:18:59 -0400 Dianne Skoll <d...@roaringpenguin.com> wrote: > You'd need to roll your own. It's non-trivial, given the infinite > ways HTML can be malformed. I would also echo the comments of others on the list who have recommended against this. Adding promotional material to emails will quickly get them marked as spam, and if you add it to emails in transit that you did not originate, you could quite possibly be breaking the law. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] adding promotional banner to top of email
On Wed, 21 Jun 2017 08:58:32 +0200 Mark Coetserwrote: > I know html email is not ideal but unfortunately most customers use > it now days. I am currently using append_html_boilerplate to add > signatures etc and now a client has requested that we add promotional > banners to the top of all html emails. I have searched and just cant > find anything that relates to doing this with mimedefang, any > pointers please? You'd need to roll your own. It's non-trivial, given the infinite ways HTML can be malformed. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang without SpamAssassin
On Thu, 8 Jun 2017 17:04:40 + Chad Corderowrote: > Is there a configuration parameter I can set to not run > SpamAssassin? You can't use the stock /etc/mail/mimedefang-filter. Create your own filter and near the top, put this: $Features{"AutoDetectPerlModules"} = 0; This will cause MIMEDefang not to drag in various expensive Perl modules like SpamAssassin. Then write your own filter_end routine to do whatever processing you need. Regards, Dianne. ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang