Re: [Mimedefang] [External] Re: A rose by any other name... Renaming MIMEDefang. What's your idea for a name?
On 12/10/19 11:22 AM, Mark Costlow wrote: > I realize I'm too late, but I'm just going to throw this out: > > Maildefang I thought I had suggested that too. It's a good option and keeps the "MD" abbreviation and e.g. the defang user, so it's nice for compatibility. I do question if it's different enough for trademark reasons. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] A rose by any other name... Renaming MIMEDefang. What's your idea for a name?
On 12/9/19 5:16 PM, Jobst Schmalenbach wrote: > Why not use a descriptive name what it actually does? > That way people who do not know about it will immediately understand. > > It obeserves/checks/looks at the Mime of mail messages and then > deletes/cans/removes a dangerous part That description is a bit too specific to the default filter. PerlMilter would clarify exactly what it does, but might be too generic. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] REVISED: postfix/mimedefang socket
I have attached updated systemd service files, with the PID file directly in /run, which I have tested with 2.84. This change also requires specifying a lock file in $SPOOLDIR. If you prefer a diff rather than new files, I also attached a diff against 2.84. This includes and builds upon my last changes: On 12/09/2017 05:45 PM, Richard Laager wrote: > I ran into a problem with my systemd units for MIMEDefang. There is a > race condition between mimedefang-multiplexor creating the socket and > mimedefang trying to access it. If the multiplexor doesn't create the > socket in time, mimedefang fails on startup. > > This is happening because Type=simple services are assumed to be running > immediately. This is documented in systemd.service(5), which says, "In > this mode, if the process offers functionality to other processes on the > system, its communication channels should be installed before the daemon > is started up (e.g. sockets set up by systemd, via socket activation), > as systemd will immediately proceed starting follow-up units." > > I have attached updated versions to correct this. These change to > Type=forking and drop the -D flag. With the change to Type=forking, I > have also brought back pid files. Since systemd requires the pid file > path to be hardcoded (as the argument to PIDFile), I put it in /run > rather than the $SPOOLDIR (which the administrator can change). This part no longer applies, as of MIMEDefang 2.83, because it writes the PID files as root: > It can't > be directly in /run, as the daemon writes the pidfile after dropping > privileges, so we have to create a /run/mimedefang subdirectory owned by > $MX_USER. This requires some indirection, as $MX_USER can also be > customized by the administrator. I only create this directory for > mimedefang-multiplexor.service (and not mimedefang.service), as > mimedefang.service is already ordered after mimedefang-multiplexor.service. -- Richard [Unit] Description=MIMEDefang E-mail Filter Documentation=man:mimedefang(8) Before=multi-user.target Before=postfix.service Before=sendmail.service After=remote-fs.target After=systemd-journald-dev-log.socket BindsTo=mimedefang-multiplexor.service After=mimedefang-multiplexor.service PropagatesReloadTo=mimedefang-multiplexor.service [Service] Type=forking PIDFile=/run/mimedefang.pid Restart=on-failure TimeoutStopSec=30s # LC_ALL=C may not be necessary for mimedefang, but it is for # mimedefang-multiplexor, so upstream prefers it here also to be consistent. Environment=LC_ALL=C MX_SOCKET=/var/spool/MIMEDefang/mimedefang-multiplexor.sock MX_USER=defang SPOOLDIR=/var/spool/MIMEDefang SOCKET=/var/spool/MIMEDefang/mimedefang.sock EnvironmentFile=-/etc/default/mimedefang ExecStartPre=/bin/rm -f $SOCKET ExecStart=/bin/sh -c 'exec /usr/bin/mimedefang \ `[ -n "$LOOPBACK_RESERVED_CONNECTIONS" ] && echo "-R $LOOPBACK_RESERVED_CONNECTIONS"` \ -m $MX_SOCKET \ -z $SPOOLDIR \ -o $SPOOLDIR/mimedefang.lock \ `[ -n "$MX_USER" ] && echo "-U $MX_USER"` \ `[ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY"` \ `[ "$MX_RELAY_CHECK" = "yes" ] && echo "-r"` \ `[ "$MX_HELO_CHECK" = "yes" ] && echo "-H"` \ `[ "$MX_SENDER_CHECK" = "yes" ] && echo "-s"` \ `[ "$MX_RECIPIENT_CHECK" = "yes" ] && echo "-t"` \ `[ "$KEEP_FAILED_DIRECTORIES" = "yes" ] && echo "-k"` \ `[ "$MD_EXTRA" != "" ] && echo $MD_EXTRA` \ `[ "$MD_SKIP_BAD_RCPTS" = "yes" ] && echo "-N"` \ "`[ -n "$X_SCANNED_BY" ] && \ ( [ "$X_SCANNED_BY" = "-" ] && \ echo "-X" || echo "-x$X_SCANNED_BY" )`" \ `[ "$MD_ALLOW_GROUP_ACCESS" = "yes" ] && echo "-G"` \ `[ "$ALLOW_NEW_CONNECTIONS_TO_QUEUE" = "yes" ] && echo "-q"` \ -p $SOCKET -P /run/mimedefang.pid' ExecStopPost=/bin/rm -f $SOCKET # Make this service eligible for a reload, so we can propagate it to # mimedefang-multiplexor.service. ExecReload=/bin/true [Install] WantedBy=multi-user.target [Unit] Description=MIMEDefang E-mail Filter (Multiplexor) Documentation=man:mimedefang-multiplexor(8) After=remote-fs.target After=systemd-journald-dev-log.socket PartOf=mimedefang.service [Service] Type=forking PIDFile=/run/mimedefang-multiplexor.pid Restart=on-failure TimeoutStopSec=30s KillMode=mixed # Locale should be set to "C" for generating valid date headers Environment=LC_ALL=C MX_BUSY=600 MX_LOG=yes MX_MAXIMUM=10 MX_MINIMUM=2 MX_SOCKET=/var/spool/MIM
Re: [Mimedefang] DKIM and boilerplate conflict
On 02/22/2018 09:16 PM, Randy Candy wrote: > my $signature = $dkim->signature()->as_string(); > $signature =~ s/^DKIM-Signature:\s+//i; > action_add_header('DKIM-Signature', $signature); On a related note... I just implement DKIM signing a few days ago, and I got broken messages until I stripped the CRs from the signature. See the third line below: my $signature = $dkim->signature()->as_string(); $signature =~ s/^DKIM-Signature:\s+//i; $signature =~ s/\015//g; action_add_header('DKIM-Signature', $signature); -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
I ran into a problem with my systemd units for MIMEDefang. There is a race condition between mimedefang-multiplexor creating the socket and mimedefang trying to access it. If the multiplexor doesn't create the socket in time, mimedefang fails on startup. This is happening because Type=simple services are assumed to be running immediately. This is documented in systemd.service(5), which says, "In this mode, if the process offers functionality to other processes on the system, its communication channels should be installed before the daemon is started up (e.g. sockets set up by systemd, via socket activation), as systemd will immediately proceed starting follow-up units." I have attached updated versions to correct this. These change to Type=forking and drop the -D flag. With the change to Type=forking, I have also brought back pid files. Since systemd requires the pid file path to be hardcoded (as the argument to PIDFile), I put it in /run rather than the $SPOOLDIR (which the administrator can change). It can't be directly in /run, as the daemon writes the pidfile after dropping privileges, so we have to create a /run/mimedefang subdirectory owned by $MX_USER. This requires some indirection, as $MX_USER can also be customized by the administrator. I only create this directory for mimedefang-multiplexor.service (and not mimedefang.service), as mimedefang.service is already ordered after mimedefang-multiplexor.service. Long term, the ideal answer is to use systemd's socket activation. This would allow the services to startup in parallel. Another alternative would be to use Type=notify. Either requires changes to the mimedefang C code. -- Richard [Unit] Description=MIMEDefang E-mail Filter Documentation=man:mimedefang(8) Before=multi-user.target Before=postfix.service Before=sendmail.service After=remote-fs.target After=systemd-journald-dev-log.socket BindsTo=mimedefang-multiplexor.service After=mimedefang-multiplexor.service PropagatesReloadTo=mimedefang-multiplexor.service [Service] Type=forking PIDFile=/run/mimedefang/mimedefang.pid Restart=on-failure TimeoutStopSec=30s # LC_ALL=C may not be necessary for mimedefang, but it is for # mimedefang-multiplexor, so upstream prefers it here also to be consistent. Environment=LC_ALL=C MX_SOCKET=/var/spool/MIMEDefang/mimedefang-multiplexor.sock MX_USER=defang SOCKET=/var/spool/MIMEDefang/mimedefang.sock EnvironmentFile=-/etc/default/mimedefang ExecStartPre=/bin/rm -f $SOCKET ExecStart=/bin/sh -c 'exec /usr/bin/mimedefang \ `[ -n "$LOOPBACK_RESERVED_CONNECTIONS" ] && echo "-R $LOOPBACK_RESERVED_CONNECTIONS"` \ -m $MX_SOCKET \ `[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \ `[ -n "$MX_USER" ] && echo "-U $MX_USER"` \ `[ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY"` \ `[ "$MX_RELAY_CHECK" = "yes" ] && echo "-r"` \ `[ "$MX_HELO_CHECK" = "yes" ] && echo "-H"` \ `[ "$MX_SENDER_CHECK" = "yes" ] && echo "-s"` \ `[ "$MX_RECIPIENT_CHECK" = "yes" ] && echo "-t"` \ `[ "$KEEP_FAILED_DIRECTORIES" = "yes" ] && echo "-k"` \ `[ "$MD_EXTRA" != "" ] && echo $MD_EXTRA` \ `[ "$MD_SKIP_BAD_RCPTS" = "yes" ] && echo "-N"` \ "`[ -n "$X_SCANNED_BY" ] && \ ( [ "$X_SCANNED_BY" = "-" ] && \ echo "-X" || echo "-x$X_SCANNED_BY" )`" \ `[ "$MD_ALLOW_GROUP_ACCESS" = "yes" ] && echo "-G"` \ `[ "$ALLOW_NEW_CONNECTIONS_TO_QUEUE" = "yes" ] && echo "-q"` \ -p $SOCKET -P /run/mimedefang/mimedefang.pid' ExecStopPost=/bin/rm -f $SOCKET # Make this service eligible for a reload, so we can propagate it to # mimedefang-multiplexor.service. ExecReload=/bin/true [Install] WantedBy=multi-user.target [Unit] Description=MIMEDefang E-mail Filter (Multiplexor) Documentation=man:mimedefang-multiplexor(8) After=remote-fs.target After=systemd-journald-dev-log.socket PartOf=mimedefang.service [Service] Type=forking PIDFile=/run/mimedefang/mimedefang-multiplexor.pid Restart=on-failure TimeoutStopSec=30s KillMode=mixed # Locale should be set to "C" for generating valid date headers Environment=LC_ALL=C MX_BUSY=600 MX_LOG=yes MX_MAXIMUM=10 MX_MINIMUM=2 MX_SOCKET=/var/spool/MIMEDefang/mimedefang-multiplexor.sock MX_USER=defang EnvironmentFile=-/etc/default/mimedefang ExecStartPre=/bin/rm -f $MX_SOCKET ExecStartPre=/bin/sh -c '/usr/bin/install -d \ `[ -n "$MX_USER" ] && echo "-o $MX_USER"` \ /run/mimedefang' ExecStart=/bin/sh -c 'HOME=${SPOOLDIR:=/var/spool/MIMEDefang} \ exec /usr/bin/mimedefang-multiplexor \ `[ "$MX_EMBED_PERL" = "yes" ] && echo "-E"` \ `[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \ `[ -n "$FILTER" ] && echo "-f $FILTER"` \ `[ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY"` \ `[ -n "$SUBFILTER" ] && echo "-F $SUBFILTER"` \ `[ -n "$MX_MINIMUM" ] && echo "-m $MX_MINIMUM"` \ `[ -n "$MX_MAXIMUM" ] && echo "-x $MX_MAXIMUM"` \ `[ -n "$MX_MAP_SOCKET" ] && echo "-N $MX_MAP_SOCKET"` \ `[ -n "$MX_LOG_SLAVE_STATUS_INTERVAL" ] && echo "-L $MX_LOG_SLAVE_STATUS_INTERVAL"`
Re: [Mimedefang] Error with mimedefang + clamd
Does your system have apparmor or SELinux that could be blocking access separately from filesystem permissions? -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On 09/28/2017 11:11 PM, Richard Laager wrote: > I have attached fully split, native, Type=simple (not forking) unit > files, which I have tested on Ubuntu 16.04. I have submitted the slightly updated versions to Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877663 Dianne, you may want to ship these (or similar) upstream, but that's obviously up to you. It doesn't make any difference to me personally, since I use the downstream packaging. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Reload doesnt work
On 10/03/2017 02:18 AM, Bill Cole wrote: > This is platform-specific. If your platform uses systemd, the command > "systemctl reload mimedefang" doesn't reload the mimedefang-filter "systemctl reload mimedefang" should reload the filter by way of /etc/init.d/mimedefang, but maybe that's not setup on your system. My version of systemd-sysv-gennerator (Ubuntu 16.04) sets: ExecReload=/etc/init.d/mimedefang reload Alternatively, if you use the native systemd unit files I posted a few days ago (or the slightly updated versions attached here), reload definitely works correctly. > it only reloads the systemd definition of the mimedefang service This is definitely not true. To reload the service definitions, you use "systemctl daemon-reload". -- Richard [Unit] Description=MIMEDefang E-mail Filter Documentation=man:mimedefang(8) Before=multi-user.target Before=postfix.service Before=sendmail.service After=remote-fs.target After=systemd-journald-dev-log.socket BindsTo=mimedefang-multiplexor.service After=mimedefang-multiplexor.service PropagatesReloadTo=mimedefang-multiplexor.service [Service] Type=simple Restart=on-failure TimeoutStopSec=30s # LC_ALL=C may not be necessary for mimedefang, but it is for # mimedefang-multiplexor, so upstream prefers it here also to be consistent. Environment=LC_ALL=C MX_SOCKET=/var/spool/MIMEDefang/mimedefang-multiplexor.sock MX_USER=defang SOCKET=/var/spool/MIMEDefang/mimedefang.sock EnvironmentFile=-/etc/default/mimedefang ExecStartPre=/bin/rm -f $SOCKET ExecStart=/bin/sh -c 'exec /usr/bin/mimedefang -D \ `[ -n "$LOOPBACK_RESERVED_CONNECTIONS" ] && echo "-R $LOOPBACK_RESERVED_CONNECTIONS"` \ -m $MX_SOCKET \ `[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \ `[ -n "$MX_USER" ] && echo "-U $MX_USER"` \ `[ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY"` \ `[ "$MX_RELAY_CHECK" = "yes" ] && echo "-r"` \ `[ "$MX_HELO_CHECK" = "yes" ] && echo "-H"` \ `[ "$MX_SENDER_CHECK" = "yes" ] && echo "-s"` \ `[ "$MX_RECIPIENT_CHECK" = "yes" ] && echo "-t"` \ `[ "$KEEP_FAILED_DIRECTORIES" = "yes" ] && echo "-k"` \ `[ "$MD_EXTRA" != "" ] && echo $MD_EXTRA` \ `[ "$MD_SKIP_BAD_RCPTS" = "yes" ] && echo "-N"` \ "`[ -n "$X_SCANNED_BY" ] && \ ( [ "$X_SCANNED_BY" = "-" ] && \ echo "-X" || echo "-x$X_SCANNED_BY" )`" \ `[ "$MD_ALLOW_GROUP_ACCESS" = "yes" ] && echo "-G"` \ `[ "$ALLOW_NEW_CONNECTIONS_TO_QUEUE" = "yes" ] && echo "-q"` \ -p $SOCKET' ExecStopPost=/bin/rm -f $SOCKET # Make this service eligible for a reload, so we can propagate it to # mimedefang-multiplexor.service. ExecReload=/bin/true [Install] WantedBy=multi-user.target [Unit] Description=MIMEDefang E-mail Filter (Multiplexor) Documentation=man:mimedefang-multiplexor(8) After=remote-fs.target After=systemd-journald-dev-log.socket PartOf=mimedefang.service [Service] Type=simple Restart=on-failure TimeoutStopSec=30s KillMode=mixed # Locale should be set to "C" for generating valid date headers Environment=LC_ALL=C MX_BUSY=600 MX_LOG=yes MX_MAXIMUM=10 MX_MINIMUM=2 MX_SOCKET=/var/spool/MIMEDefang/mimedefang-multiplexor.sock MX_USER=defang EnvironmentFile=-/etc/default/mimedefang # This can be removed with MIMEDefang 2.82: SuccessExitStatus=1 ExecStart=/bin/sh -c 'HOME=${SPOOLDIR:=/var/spool/MIMEDefang} \ exec /usr/bin/mimedefang-multiplexor -D \ `[ "$MX_EMBED_PERL" = "yes" ] && echo "-E"` \ `[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \ `[ -n "$FILTER" ] && echo "-f $FILTER"` \ `[ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY"` \ `[ -n "$SUBFILTER" ] && echo "-F $SUBFILTER"` \ `[ -n "$MX_MINIMUM" ] && echo "-m $MX_MINIMUM"` \ `[ -n "$MX_MAXIMUM" ] && echo "-x $MX_MAXIMUM"` \ `[ -n "$MX_MAP_SOCKET" ] && echo "-N $MX_MAP_SOCKET"` \ `[ -n "$MX_LOG_SLAVE_STATUS_INTERVAL" ] && echo "-L $MX_LOG_SLAVE_STATUS_INTERVAL"` \ `[ -n "$MX_USER" ] && echo "-U $MX_USER"` \ `[ -n "$MX_IDLE" ] && echo "-i $MX_IDLE"` \ `[ -n "$MX_BUSY" ] && echo "-b $MX_BUSY"` \ `[ -n "$MX_REQUESTS" ] && echo "-r $MX_REQUESTS"` \ `[ -n "$MX_SLAVE_DELAY" ] && echo "-w $MX_SLAVE_DELAY"` \ `[ -n "$MX_MIN_SLAVE_DELAY" ] && echo "-W $MX_MIN_SLAVE_DELAY"` \ `[ -n "$MX_MAX_RSS" ] && echo "-R $MX_MAX_RSS"` \ `[ -n "$MX_MAX_AS" ] && echo "-M $MX_MAX_AS"` \ `[ "$MX_LOG" = "yes" ] && echo "-l"` \ `[ "$MX_STATS" = "yes" ] && echo "-t /var/log/mimedefang/stats"` \ `[ "$MX_STATS" = "yes" -a "$MX_FLUSH_STATS" = "yes" ] && echo "-u"` \ `[ "$MX_STATS_SYSLOG" = "yes" ] && echo "-T"` \ `[ "$MD_ALLOW_GROUP_ACCESS" = "yes" ] && echo "-G"` \ `[ "$MX_STATUS_UPDATES" = "yes" ] && echo "-Z"` \ `[ -n "$MX_QUEUE_SIZE" ] && echo "-q $MX_QUEUE_SIZE"` \ `[ -n "$MX_QUEUE_TIMEOUT" ] && echo "-Q $MX_QUEUE_TIMEOUT"` \ `[ -n "$MX_NOTIFIER" ] && echo "-O $MX_NOTIFIER"` \ `[ -n "$MX_RECIPOK_PERDOMAIN_LIMIT" ] && echo "-y $MX_RECIPOK_PERDOMAIN_LIMIT"` \ -s $MX_SOCKET' ExecStartPre=/bin/rm -f $MX_SOCKET
Re: [Mimedefang] REVISED: postfix/mimedefang socket
I have attached fully split, native, Type=simple (not forking) unit files, which I have tested on Ubuntu 16.04. They honor the settings in /etc/default/mimedefang. This includes the MX_USER setting (i.e. systemd does not directly control the service user). They are configured such that if you do start/stop/reload/restart the mimedefang service (as before), the actions propagate to mimedefang-multiplexor appropriately. Some questions (for Dianne?): 1) Is it necessary to rm $SOCKET and $MX_SOCKET *before starting*? 2) Is it necessary to rm $SOCKET and $MX_SOCKET *after stopping*? 3) The init script (at least on Ubuntu) says, '# Locale should be set to "C" for generating valid date headers'. I see a strftime() in mimedefang-multiplexor.c. Plus, the Perl code inherits from the multiplexor, so I can understand this. Is setting LC_ALL=C necessary for the mimedefang process too, or just mimedefang-multiplexor? 4) The mimedefang-multiplexor process exits with status 1 on SIGTERM. I am absolutely sure (because I'm doing it by hand for testing) that I am only sending a SIGTERM, and only to the main mimedefang-multiplexor process (not the children). It logs 'Received SIGTERM: Stopping slaves and terminating' and then reaps the slaves as expected; there are no errors in the log. Is that exit status expected? I have built the unit files assuming the following answers: 1) Yes. 2) Yes. 3) Not necessary for mimedefang, only mimedefang-multiplexor. 4) "Yes", as this happens (whether expected or not). -- Richard [Unit] Description=MIMEDefang E-mail Filter Documentation=man:mimedefang(8) Before=multi-user.target Before=postfix.service Before=sendmail.service After=remote-fs.target After=systemd-journald-dev-log.socket BindsTo=mimedefang-multiplexor.service After=mimedefang-multiplexor.service PropagatesReloadTo=mimedefang-multiplexor.service [Service] Type=simple Restart=on-failure TimeoutStopSec=30s Environment=MX_SOCKET=/var/spool/MIMEDefang/mimedefang-multiplexor.sock MX_USER=defang SOCKET=/var/spool/MIMEDefang/mimedefang.sock EnvironmentFile=-/etc/default/mimedefang ExecStartPre=/bin/rm -f $SOCKET ExecStart=/bin/sh -c 'exec /usr/bin/mimedefang -D \ `[ -n "$LOOPBACK_RESERVED_CONNECTIONS" ] && echo "-R $LOOPBACK_RESERVED_CONNECTIONS"` \ -m $MX_SOCKET \ `[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \ `[ -n "$MX_USER" ] && echo "-U $MX_USER"` \ `[ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY"` \ `[ "$MX_RELAY_CHECK" = "yes" ] && echo "-r"` \ `[ "$MX_HELO_CHECK" = "yes" ] && echo "-H"` \ `[ "$MX_SENDER_CHECK" = "yes" ] && echo "-s"` \ `[ "$MX_RECIPIENT_CHECK" = "yes" ] && echo "-t"` \ `[ "$KEEP_FAILED_DIRECTORIES" = "yes" ] && echo "-k"` \ `[ "$MD_EXTRA" != "" ] && echo $MD_EXTRA` \ `[ "$MD_SKIP_BAD_RCPTS" = "yes" ] && echo "-N"` \ "`[ -n "$X_SCANNED_BY" ] && \ ( [ "$X_SCANNED_BY" = "-" ] && \ echo "-X" || echo "-x$X_SCANNED_BY" )`" \ `[ "$MD_ALLOW_GROUP_ACCESS" = "yes" ] && echo "-G"` \ `[ "$ALLOW_NEW_CONNECTIONS_TO_QUEUE" = "yes" ] && echo "-q"` \ -p $SOCKET' ExecStopPost=/bin/rm -f $SOCKET # Make this service eligible for a reload, so we can propagate it to # mimedefang-multiplexor.service. ExecReload=/bin/true [Install] WantedBy=multi-user.target [Unit] Description=MIMEDefang E-mail Filter (Multiplexor) Documentation=man:mimedefang-multiplexor(8) After=remote-fs.target After=systemd-journald-dev-log.socket PartOf=mimedefang.service [Service] Type=simple Restart=on-failure TimeoutStopSec=30s KillMode=mixed # Locale should be set to "C" for generating valid date headers Environment=LC_ALL=C MX_BUSY=600 MX_LOG=yes MX_MAXIMUM=10 MX_MINIMUM=2 MX_SOCKET=/var/spool/MIMEDefang/mimedefang-multiplexor.sock MX_USER=defang EnvironmentFile=-/etc/default/mimedefang SuccessExitStatus=1 ExecStart=/bin/sh -c 'HOME=${SPOOLDIR:=/var/spool/MIMEDefang} \ exec /usr/bin/mimedefang-multiplexor -D \ `[ "$MX_EMBED_PERL" = "yes" ] && echo "-E"` \ `[ -n "$SPOOLDIR" ] && echo "-z $SPOOLDIR"` \ `[ -n "$FILTER" ] && echo "-f $FILTER"` \ `[ -n "$SYSLOG_FACILITY" ] && echo "-S $SYSLOG_FACILITY"` \ `[ -n "$SUBFILTER" ] && echo "-F $SUBFILTER"` \ `[ -n "$MX_MINIMUM" ] && echo "-m $MX_MINIMUM"` \ `[ -n "$MX_MAXIMUM" ] && echo "-x $MX_MAXIMUM"` \ `[ -n "$MX_MAP_SOCKET" ] && echo "-N $MX_MAP_SOCKET"` \ `[ -n "$MX_LOG_SLAVE_STATUS_INTERVAL" ] && echo "-L $MX_LOG_SLAVE_STATUS_INTERVAL"` \ `[ -n "$MX_USER" ] && echo "-U $MX_USER"` \ `[ -n "$MX_IDLE" ] && echo "-i $MX_IDLE"` \ `[ -n "$MX_BUSY" ] && echo "-b $MX_BUSY"` \ `[ -n "$MX_REQUESTS" ] && echo "-r $MX_REQUESTS"` \ `[ -n "$MX_SLAVE_DELAY" ] && echo "-w $MX_SLAVE_DELAY"` \ `[ -n "$MX_MIN_SLAVE_DELAY" ] && echo "-W $MX_MIN_SLAVE_DELAY"` \ `[ -n "$MX_MAX_RSS" ] && echo "-R $MX_MAX_RSS"` \ `[ -n "$MX_MAX_AS" ] && echo "-M $MX_MAX_AS"` \ `[ "$MX_LOG" = "yes" ] && echo "-l"` \ `[ "$MX_STATS" = "yes" ] && echo "-t
Re: [Mimedefang] REVISED: postfix/mimedefang socket
For those of you that don't use systemd, you can just ignore this. None of this affects the SysV init scripts in any way. Here's a first run at the diff from the generated unit to a manual unit to fix the issue. The relevant change is making ExecStop use "stop wait" instead of just "stop". The init script (at least on my system, which is Ubuntu 16.04) does not do a "wait" on stop, but only on restart. That arguably seems fine in the SysV world. The other changes I made in the [Service] section weren't required for this particular problem, but seem like things we'd want. This fixes the problem for me. I think a more correct solution for systemd is to make this two units, one for mimedefang and one for mimedefang-multiplexor. I'm going to work on that next, before submitting anything to Debian. --- /run/systemd/generator.late/mimedefang.service 2017-09-16 01:25:06.77200 -0500 +++ /lib/systemd/system/mimedefang.service 2017-09-28 18:41:38.651481894 -0500 @@ -1,10 +1,5 @@ -# Automatically generated by systemd-sysv-generator - [Unit] -Documentation=man:systemd-sysv-generator(8) -SourcePath=/etc/init.d/mimedefang -Before=multi-user.target -Before=multi-user.target +Documentation=man:mimedefang(8) Before=multi-user.target Before=graphical.target Before=shutdown.target @@ -14,12 +9,11 @@ [Service] Type=forking -Restart=no +Restart=on-failure TimeoutSec=5min -IgnoreSIGPIPE=no -KillMode=process +KillMode=control-group GuessMainPID=no RemainAfterExit=yes ExecStart=/etc/init.d/mimedefang start -ExecStop=/etc/init.d/mimedefang stop +ExecStop=/etc/init.d/mimedefang stop wait ExecReload=/etc/init.d/mimedefang reload -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On 09/25/2017 12:14 AM, Bill Cole wrote: > A service definition in a unit file has an ExecStart definition > and maybe an ExecStop definition ExecStop must not return until the service has actually stopped: https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStop= There are a couple ways to address this. As discussed, the init script can be changed to always wait on stop. Then the automatic mapping in systemd should Just Work. Otherwise, as discussed, we need to create a unit file. For a temporary measure, if one is willing to depend on the SysV init script, it should be possible to do something simple like: ExecStop=/etc/init.d/mimedefang stop ; /etc/init.d/mimedefang wait The fully native approach would be to include (either directly, or in a small helper script) the wait loop (but not the status nor the killing bits, as systemd handles those things). Unless someone beats me to it, I'll whip up a systemd unit file in the next few days, test it, and submit a patch to Debian. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] REVISED: postfix/mimedefang socket
On 09/22/2017 12:47 PM, Michael Fox wrote: > Option 3: Use unix socket in Postfix chroot jail This looks to be what I do. I'm running Postfix and MIMEDefang on Ubuntu, both from packages. Postfix runs as the postfix user, and there's a defang group. I run Postfix in a chroot. These appear to be the relevant parts of my install script: adduser --quiet postfix defang install -d -o defang -g defang -m 750 \ /var/spool/postfix/var/spool/MIMEDefang chown -R defang:defang \ /var/lib/MIMEDefang \ /var/spool/MIMEDefang \ /var/spool/postfix/var/spool/MIMEDefang sed -i 's|^\(# \)\?\(SOCKET\)=.*|\2=/var/spool/postfix/var/spool/MIMEDefang/mimedefang.sock|' \ /etc/default/mimedefang I believe we have some sort of trouble if one of the daemons is restarted, but not the other, or if it's done in the wrong order or something. I don't have a lot of specifics off the top of my head. In practice, we hardly ever restart one or the other. It's usually either stopping both (and starting MIMEDefang first, to give slaves a chance to spin up), or rebooting the server. I hope this helps. If you have specific questions, I'll try to dig into my config if I can. I'm currently out of the office, though. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Message-ID
On 09/14/2017 07:44 PM, Joseph Brennan wrote: > So, back to where we started. What will be in that generated Message-ID? See mimedefang.pl: sub gen_msgid_header { my ($ss, $mm, $hh, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time); # Generate a "random" message ID that looks # similiar to sendmail's for SpamAssassin comparing # Received / MessageID QueueID return sprintf("Message-ID: <%04d%02d%02d%02d%02d.%s\@%s>\n", $year + 1900, $mon + 1, $mday, $hh, $mm, ($QueueID eq 'NOQUEUE' ? rand() : $QueueID), get_host_name() ); } > Would my mail host's name, the one that received the message, be in it? Yes: sub get_host_name { # Use cached value if we have it return $PrivateMyHostName if defined($PrivateMyHostName); # Otherwise execute "hostname" $PrivateMyHostName = hostname; $PrivateMyHostName = "localhost" unless defined($PrivateMyHostName); # Now make it FQDN my($fqdn) = gethostbyname($PrivateMyHostName); $PrivateMyHostName = $fqdn if (defined $fqdn) and length($fqdn) > length($PrivateMyHostName); return $PrivateMyHostName; } -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Message-ID
On 09/11/2017 03:30 PM, Dianne Skoll wrote: > On Mon, 11 Sep 2017 16:26:38 -0400 > Joseph Brennanwrote: > >> When a message comes in with no Message-ID header, and MD passes it to >> SpamAssassin, what is in the Message-ID that SA sees? > > Nothing at all. There's no Message-ID header in the message that gets passed > to SpamAssassin. Are you sure? spam_assassin_mail() calls gen_msgid_header(). -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] [postfix] $QueueId not defined
Make sure you have this set in your Postfix configuration: smtpd_delay_open_until_valid_rcpt = no -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Get recipients
On 04/12/2017 04:12 AM, Stagiair 2. Cisa wrote: > Could this be the result of using an EFA-server? > (https://efa-project.org/about/) > It uses postfix instead of sendmail. I use postfix. The first argument to filter_recipient() is the recipient. The same value is also put into the first element of @Recipients. Add these three lines, exactly, to filter_recipient(): sub filter_recipient() { my $a = $_[0]; my $b = $Recipients[0]; md_syslog('info', "a = $a ; b = $b"); } See what that outputs. My output looks like this: a =; b = If you get something like that, then whatever code you wrote to look at @Recipients is wrong. Start with the working code and you should be able to figure it out. If that exact code outputs: a = ; b = then the recipient value really is the empty string, and I have no idea why. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Get recipients
On 04/11/2017 10:09 AM, Stagiair 2. Cisa wrote: > I've checked on capitals and this was fine. It looked like a non-existing or > empty array. > > After some testing I've found out the array actually really exists and I can > access it. > The only problem is that the values (the different recipients addresses) are > empty in the array. > > When I send to 3 recipients, it actually sees that there are 3 recipients but > instead of giving me the addresses it returns an empty string. > So I think the array is like > @Recipients = ("", "", ""); > > Same for 2 recipients, it sees there are 2 but returns empty strings. > @Recipients = ("", ""); > > I tried using foreach to get the recipients out of the array. > I've also tried using #Recipients[i], but no success either. Please keep your replies on-list, not just to me individually. I don't know why you'd be seeing that. I use @Recipients extensively in my filter and it works fine. I'd probably try sticking some syslog calls in mimedefang.pl (the actual mimedefang code) where it sets @Recipients. Then trace from there. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Get recipients
On 04/07/2017 03:25 AM, Stagiair 2. Cisa wrote: > I've tried getting the recipients out of the @recipients array but it seems > to be empty. Note the first letter is capitalized. It's @Recipients, not @recipients. > Should I call it on a specific time or in a specific function? It is available at filter_begin() through filter_end() time, with all of the recipients. From `man mimedefang-filter`, "In filter_recipient, it is set to the single recipient currently under consideration." -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Anti-spam breakthrough from Roaring Penguin
On 04/07/2017 08:59 AM, Dianne Skoll wrote: > The part about reaching into Dovecot > to move the message is slightly worrying; it implies that the scanning > process has significant privileges. It could be limited. For the simplest example, assume the same machine... The defang user could have a sudo rule that allows it to call one particular script as the vmail/dovecot user. That script would take arguments of the account (email address) and a Message-ID. It would move the message with that ID from Junk (and only Junk) to Inbox. In this way, defang wouldn't have arbitrary access to IMAP mailboxes. > An enhancement would be to automatically train messages in Junk as spam > if they've been there for at least 5 days. We were doing something like that for a while. When a message was expired (deleted) from Junk, we would train it as spam. In our case, that was 14 days. We were doing global (not per-user) Bayesian filtering, so it was a mess accuracy-wise and we quit Bayesian filtering entirely. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Anti-spam breakthrough from Roaring Penguin
On 04/05/2017 04:20 AM, Jan-Pieter Cornet wrote: > Funny thing is, this method of both accepting AND rejecting Speaking of both accepting and rejecting... On a serious note, I wonder if anyone has built this: if (greylisting says to tempfail) { # add a header, such that this message will be delivered to the # user's Junk folder resend_message(); # store some data so we can find the message later action_tempfail(); } else { if (we accepted this message before) { # reach out to Dovecot, move the message from Junk to Inbox # (possibly if and only if it is still unread) action_discard(); } } This pseudo-code assumes stream_by_recipient() or enhancements for users with different filtering preferences. This also requires greylisting to happen at DATA, not RCPT. We would accept the message (but deliver it to the Junk folder) while reporting a tempfail to the sender. If the sender retries correctly, we move the message from Junk into Inbox. This means my Inbox gets all the advantages of greylisting. I also get every message delivered immediately; if I need a "password reset" email or something from a new sender on the phone, I can look in my Junk folder. -- Richard signature.asc Description: OpenPGP digital signature ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Get recipients
On 03/20/2017 10:52 AM, Stagiair 2. Cisa wrote: > Now coming to the point: I always had a fixed value for the email adress > to test my functions but now I want to get the email address(es) from > the incoming mails. Look at the @Recipients array. Obviously, a single message may have multiple recipients, so you need to deal with that accordingly. For example, if you have one recipient who wants the attachment replaced and one who does not, what do you do? The details of how you want to handle that depend on the situation. If you want to honor both, you will need to do something involving resending the message--see resend_message(). See also stream_by_recipient(). See `man mimedefang-filter` for more details. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] action_drop_with_warning with recipient depending message
You have to understand that MIMEDefang is operating on one message. It may have multiple recipients, but anything you do happens to that message. If you want different per-recipient behavior for the same message, somewhere along the line you need to resend the message. You can do this up-front all the time with stream_by_recipient() or you can do it as needed with resend_message(). -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Block internal messages
On 12/26/2016 03:35 PM, Marcelo Machado wrote: > I am new to Mimedefang and I would like to know if it is possible to > block internal messages, (from my domain to my domain) if the number > of recipients is greater than 10. Anything is possible if you write the custom Perl code required. What you have described wouldn't be too terribly hard. No, that's not an offer to write it. Look at the @Recipients array. In there, you can determine if some recipients are local, and how many. The $Sender variable is how you'd determine if the sender is local. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender Address Verification
On 11/23/2016 12:22 PM, Richard Laager wrote: > On 11/22/2016 12:55 PM, Bill Cole wrote: >> the SAV rule was never decisive in a correct SA 'spam' determination > > Thanks for sharing. This is good information. > > I've made a note to re-evaluate my SAV rules after the holiday. I have > some test harnesses to determine whether an individual rule "made a > difference" in the outcome of the spam decision. I looked at 6 full days of my results. About 3.7% of the messages that make it to SpamAssassin scoring (RBLs, attachment extension checks, and ClamAV are earlier) were blocked *only* because of sender address verification. That is, they were over the threshold with SAV, but under the threshold without SAV. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender Address Verification
On 11/22/2016 12:55 PM, Bill Cole wrote: > the SAV rule was never decisive in a correct SA 'spam' determination Thanks for sharing. This is good information. I've made a note to re-evaluate my SAV rules after the holiday. I have some test harnesses to determine whether an individual rule "made a difference" in the outcome of the spam decision. If it turns out it's useless for me, I can rip out my SAV code, which is a win regardless of one's viewpoint on whether it is abusive. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sender Address Verification
We have been doing sender address verification for years. Looking through the code... We use custom MIMEDefang code around DNS::Resolver and md_check_against_smtp_server(). We wrap the md check in a block and use alarm() to timeout, as MD's timeout doesn't always work (e.g. if the server is intentionally or unintentionally tarpitting where TCP responds quickly but SMTP is slow). We do our callback from the NULL sender address. We do not perform the check if the sender to us is the NULL sender. If we get a TEMPFAIL result, but the message matches /gr[ae]ylist/i, we treat the address as valid. We exempt *.bounces.google.com because they fail verification and we don't want the score increase from it. We special-case *@charter.net, as they (at least at one time) reject the NULL sender completely! We accept MXes that point to CNAMEs, even though that is an RFC violation. We cache invalid results for 1 hour and valid results for 7 days. We add 1.5 points for a tempfail and 3 points for a reject. None of these values were exhaustively optimized. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] conditionally add boilerplate in message with more than one recipient
On 09/22/2016 11:54 AM, Vieri Di Paola wrote: >> From: "Richard Laager" <rlaa...@wiktel.com> >>> It's a typo, I presume? In my example, u...@domain.com wants the >>> boilerplate and u...@domain.org doesn't. So I guess you meant "resend to >>> u...@domain.com, >>> delete_recipient(u...@domain.org) and add boilerplate", right? >> >> No, I don't think so? If ORG does NOT WANT boilerplate, then you resend >> to ORG and delete ORG, as resending sends the original, unmodified, no >> boilerplate message. Then you add boilerplate for the remaining >> recipient, which is COM, who WANTS the boilerplate. > > OK, got it. However, I want all the filtering stuff in the filter*() > functions to be applied to the "resent" message to ORG, except the > boilerplate. I guess it's not possible because resend_message resends the > ORIGINAL message and won't be processed. When the message is resent, you'll see it again in another run of the filter. That's your opportunity to do what you need for the ORG recipient. Craft your filter very careful in light of this! -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] conditionally add boilerplate in message with more than one recipient
On 09/21/2016 05:13 PM, Vieri Di Paola wrote: >> From: "Richard Laager" <rlaa...@wiktel.com> >> So in your case, you would resent to u...@domain.org, >> delete_recipient(u...@domain.org), and then add the boilerplate. > > It's a typo, I presume? In my example, u...@domain.com wants the boilerplate > and u...@domain.org doesn't. So I guess you meant "resend to u...@domain.com, > delete_recipient(u...@domain.org) and add boilerplate", right? No, I don't think so? If ORG does NOT WANT boilerplate, then you resend to ORG and delete ORG, as resending sends the original, unmodified, no boilerplate message. Then you add boilerplate for the remaining recipient, which is COM, who WANTS the boilerplate. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] conditionally add boilerplate in message with more than one recipient
On 09/21/2016 09:09 AM, Vieri Di Paola wrote: >> You can stream_by_recipient() so MIMEDefang resends the message for each >> recipient. In this way, your filter code can handle recipients >> differently. Note the warnings in the mimedefang-filter man page, though. > > The man page isn't too extensive on this. At a first glance it seems that > calling stream_by_recipient in filter_begin does not trigger the code in > filter_end, for instance. So if stream_by_recipient is true then only > filter() is run? I don't use stream_by_recipient() and never have. Here's my understanding, though... If stream_by_recipient() returns false, there was only one user, so stream_by_recipient() did nothing and the filter runs as normal. If there are multiple recipients, then stream_by_recipient() resends the original message to each recipient individually, and your filter should terminate. You'll then see the new messages in separate invocations of your filter. >> Alternatively, you can do all the work yourself, and only selectively >> resend when necessary. This is what I do (not for boilerplate insertion, >> but other things). > > How do you do that? > Do you use resend_message()? (but that resends immediately the ORIGINAL > message) Until a few weeks ago, yes. We were adding a header in some cases. So what we did was: if everyone wants the header, add it, and we're done. If some recipients want the header and some don't, resend the (original) message to those who *don't*, remove them with delete_recipient(), and add the header. So in your case, you would resent to u...@domain.org, delete_recipient(u...@domain.org), and then add the boilerplate. We're now doing more extensive modifications, so I have re-implemented resend_message() with my own code to modify the message as appropriate. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] conditionally add boilerplate in message with more than one recipient
On 09/21/2016 07:16 AM, Vieri Di Paola wrote: > Suppose I have an email that's being sent To: u...@domain.org, > u...@domain.com. > > @Recipients will hold both addresses. > I'd like mimedefang to add a boilerplate only for the message being sent to > u...@domain.com. > > Is that possible? > If so, how? You can stream_by_recipient() so MIMEDefang resends the message for each recipient. In this way, your filter code can handle recipients differently. Note the warnings in the mimedefang-filter man page, though. Alternatively, you can do all the work yourself, and only selectively resend when necessary. This is what I do (not for boilerplate insertion, but other things). -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] clamav-unofficial-sigs and pyzor
On 09/19/2016 01:48 AM, Marcus Schopen wrote: > Did you activate all signatures > or just e.g. sanesecurity sigs? I read activating all signatures turns > clamav into an evil memory monster, while only activating sanesecurity > sigs catches most and doesn't need that much resources. I don't adjust the defaults. I don't use anything that requires signing up. I just looked into those, but they're for non-commercial use, which is why they require a sign-up. > What about pyzor or razor integration? Do they help or just burn > performance? I think I tried Pyzor a long time ago and found it worthless, but I have no idea what it's like now. We have Razor enabled. Historically, that's been very effective, though I haven't actually double-checked recently. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] clamav-unofficial-sigs and pyzor
On 09/19/2016 12:46 AM, Marcus Schopen wrote: > my be a little bit off topic, but are there any experience with the > efficiency of pyzor and clamav-unofficial-sigs We use clamav-unofficial-sigs. If clamd triggers, it's a hard fail for us, regardless of whether it was a virus or spam rule. We do differentiate them for logging and SMTP rejection messages. I can't say how much spam would have been blocked anyway by later processing (e.g. SpamAssassin), but we have very few (but non-zero over the years) false positives. And in our filter, whitelisting does not bypass this test; maybe it should, but that's the current setup. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] reread mimedefang after sa-update
On 09/14/2016 11:12 AM, Marcus Schopen wrote: > Am Mittwoch, den 14.09.2016, 11:51 -0400 schrieb Dianne Skoll: >> On Wed, 14 Sep 2016 17:46:07 +0200 >> Marcus Schopenwrote: >> >>> Sep 14 17:39:55 scansrv mimedefang-multiplexor[24029]: Cannot destroy >>> and recreate a Perl interpreter safely on this platform. Filter rules >>> will NOT be reread. >> >> Huh! That is very weird. I don't get anything like that on Debian Jessie. > > Hmmm, I get this error on Ubuntu 12.04 LTS too, mimedefang 2.71, perl > 5.14.2. > >> If you get that message, then you'll need to do restart instead of reread. > > Okay, but this might harm a mail which is in process. Any ideas how to > fix above error? I'm digging into it right now. The problem seems to be that Perl outputs -lpthread as a required LDFLAG, but gcc needs -pthread (with no "l"), or else it fails linking to the symbol pthread_setspecific. Since the SAFE_EMBED_PERL configure test then fails to compile, MIMEDefang thinks it can't do a reread on this platform. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Sendmail SOCKETMAP
I don't use either feature. On 04/27/2016 02:20 PM, Dianne Skoll wrote: I most likely won't delete the features. It's the curse of software development... published APIs must live forever. :( If killing the features is the right move, just call it MIMEDefang 3. Seriously! Don't be afraid of bumping the major version. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Permissions on /varspool/MIMEDefang
On 02/10/2016 11:01 PM, Bill Maidment wrote: Hi After your most recent release I have had problems with the permissions on /var/spool/MIMEDefang being reset to 0750 after a reboot. I need the permission to be 0770 to allow for clamd scanner to use the directory. I eventually discovered this line in /usr/lib/tmpfiles.d/mimedefang.conf z /var/spool/MD-Quarantine 0750 defang defang - - `grep -r tmpfiles.d mimedefang-2.78` returns nothing for me. Are you sure this isn't coming from your distro's package of MIMEDefang? Also, /var/spool/MIMEDefang and /var/spool/MD-Quarantine aren't the same thing. And in any event, why would clamd need to write to /var/spool/MIMEDefang? -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Any way to get MD to accept a Postfix queue ID at RCPT time?
On 04/28/2015 02:53 PM, Dianne Skoll wrote: Actually, this is a more thought-through patch. I don't use Postfix, but if any Postfix users would care to give this a try, I'd appreciate it. I can confirm this patch, plus smtpd_delay_open_until_valid_rcpt = no result in $MsgID having a real value (rather than NOQUEUE) in filter_recipient(). -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
I think you should make sure mimedefang is actually being started with the -G option. Like, look at output from `ps`. Also, stick a sleep(60) in the filter or something to slow it down. That way, you can catch the Work directories live and see what their permissions look like. If the directory is 700 instead of 750 (or similiar) or the files are 600 instead of 640, then mimedefang's umask is the issue. Otherwise, as was noted, maybe clamd isn't picking up the group membership somehow. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Mon, 2014-10-13 at 17:00 -0500, Cliff Hayes wrote: Did what you said and I can't touch a new temp file in /var/spool/MIMEDefang ... permission denied ... but clamd appears to be running as clamav Your tests below should be expected to fail. mimedefang.pid is not group-readable. And the directory is not group-writable. Try reading mimedefang-multiplexor.pid which is group-readable: su -s /bin/bash clamav cd /var/spool/MIMEDefang cat mimedefang-multiplexor.pid su -s /bin/bash clamav bash-4.1$ cd /var/spool/MIMEDefang bash-4.1$ ls -l total 8 -rw-r- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock -rw--- 1 defang defang 5 Oct 13 16:50 mimedefang.pid srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock bash-4.1$ vi mimedefang.pid bash-4.1$ touch temp touch: cannot touch `temp': Permission denied -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
On Sun, 2014-10-12 at 14:18 -0500, Cliff Hayes wrote: I tried your idea. I updated the following in clamd.conf: LocalSocket /var/run/clamav/clamd.socket PidFile /var/run/clamav/clamd.pid User clamav Now I get this error when starting clamd: ERROR: Can't open/parse the config file /usr/local/etc/clamd.conf I am starting as root as instructed in clamd.conf I have gotten that error before ... it usually means there is a user issue. When I go back to running as root it knows to look in /etc/ for clamd.conf I have no idea why your clamd is looking in /usr/local/etc instead of /etc. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
If you still have problems, make sure you run MIMEDefang with the -G option. If your MIMEDefang is packaged like mine, set MD_ALLOW_GROUP_ACCESS=yes in /etc/default/mimedefang. This causes MIMEDefang to use a umask that allows group readability. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Relayed emails can't be filter!
On Fri, 2014-06-13 at 14:35 +0700, Cương Bùi wrote: submit.mc has this line (ubuntu distro default). I've commented out it. Don't comment it out. You want that line. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Access to sendmail marco client_addr
On Mon, 2014-05-05 at 11:03 -0600, Mark Costlow wrote: We've found that this approach works and is valuable, although it has been tricky to determine what a safe number of IPs is to allow. In particular, smartphones roaming around the city tend to look like they are connecting from many IPs. We eventually changed the comparrison to consider the number of /24 subnets the IPs were from, which helped. (I.e. 172.14.89.2, 172.14.89.12, and 172.14.89.119, all count as being from a single subnet). Thanks to both you and the OP for sharing this interesting idea. I'll definitely keep this in mind. Here's a bit on a technique we've used: To quarantine phished accounts, we've implemented something that tracks the number of new recipients a given sender sends mail to. If that exceeds a limit over the last (i.e. rolling window of ) 72 hours, then we lock out the account. This works remarkably well. I don't think we've ended up on a block list since, and there have been very few false positives. We've hit a few people sending to 200 recipients from Outlook. We've been able to address that by moving them to a mailing list system, which I think is the right answer for that anyway. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] )What AV scanners do you use? (was Re: Any Sophie users out there?
On Thu, 2014-03-20 at 15:04 -0400, David F. Skoll wrote: Post-Cisco, ClamAV seems to have greatly declined in usefulness. It catches hardly anything anymore... anyone else experiencing this? Are you using clamav-unofficial-signatures? We are. I have no idea how much we should be catching. But here's a dump of what we're doing, in case it's helpful to anyone. If I'm doing something stupid or not doing something smart, I welcome feedback. We outright reject files with these extensions: my $bad_exts = '(ade|adp|app|asd|bas|bat|chm|cmd|com|cpl|crt|exe|fxp| hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mde|mim|msc|msp|mst|ocx|pcd| pif|prg|scr|sct|shb|shs|sys|vb|vbe|vbs|vxd|wmd|wms|wsc|wsf|wsh|\{[^ \}]+\})'; my $bad_filename_regex = '\.' . $bad_exts . '\.*$'; We outright reject encrypted zip files. We ignore official or unofficial signatures with virus names that match: /^(AAPL|Application|PUA|SPR)\./ We handle the phishing and spam signatures differently, and exempt mail going to our helpdesk or a variety of phishing-reporting addresses (at banks, etc.): /^((email)?(abuse|fraud|phish(ing)?|(report_)?spam|spoof)\@.*|.*\@(abuse \.net|spam\.spamcop\.net)|aollegal\@aol\.com|askvisa(usa)?\@visa\.com| enforcement\@sec\.gov|fraud_help\@usbank\.com|mail-spoof\@cc\.yahoo-inc \.com|phishing-report\@us-cert\.gov|reports\@habeas\.com|stop-spoofing \@amazon\.com|reportphish\@wellsfargo\.com)$/ I'm skeptical that reporting phishing scams to major banks actually does any good, but some of our customers want to be able to do so. We ignore the Heuristics.Phishing.Email.SpoofedDomain test because of false positives. Maybe we could score it, but we don't currently. Viruses from the Internet are silently discarded to avoid generating backscatter. Viruses from our customers are rejected (so they get an error in their mail client if there's a false positive). Phishing/spam mail detected by clamav is rejected on the spot; unlike SpamAssassin, we apply this regardless of user settings and whitelisting does not apply. In other words, the false positive rate is very, very low. The encrypted zip and filename extensions are separate error messages from each other and separate from spam and virus messages. We special-case .lnk blocking with an error message that says they should mail the file itself, not the shortcut to it. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Perl DBI problem stops mimedefang from loading?
On Fri, 2013-12-06 at 07:44 -0500, Scott Galambos wrote: I was using these on an older 32 bit single processor server without a problem for years. I'm now trying to migrate to a 64 bit SMP server and I can't specify these max values without it failing with the following error. 64 bits 32 bits. Every pointer is larger, so applications take more memory. We had a similar issue (not with DBI, but with the max memory settings all of a sudden being too small) when we upgraded our MIMEDefang systems from 32 to 64 bits. Retest to find new appropriate values for your 64 bit systems. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] Debugging MIME Parsing Errors
We have a user who is forwarding a Delta airlines email. They've forwarded it several times for testing. Sometimes it gets bounced with the Message contained too many MIME parts. message, while other times it goes through. I have $MaxMIMEParts set to 100. I've looked at the code and it seems to me that when parsing fails, it is *assumed* to be due to having too many parts. Unless parse() returns undef for too many parts and something else that's false for other parser failures? But if that's the case, why the check that $MaxMIMEParts 0? So I'm not sure if this is really because of too many MIME parts or not. Here's the MIMEDefang code I'm referring to: push_status_tag(Parsing Message); $entity = $parser-parse(\*FILE); pop_status_tag(); close FILE; if (!defined($entity) $MaxMIMEParts 0) { # Message is too complex; bounce it action_bounce(Message contained too many MIME parts. We do not accept such complicated messages.); signal_unchanged(); signal_complete(); return; } if (!$entity) { fatal($MsgID: Couldn't parse MIME in $file: $!); signal_complete(); return -1; } What's the best way to debug this? It seems like I need to keep a copy of the raw message from a time when it failed. Would KEEP_FAILED_DIRECTORIES=yes apply here, or is this not a case of the filter failing (since the filter didn't actually crash)? -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] How to change envelope sender?
How are you getting on the Spamcop block list? Are you doing any outbound filtering? -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] md_check_against_smtp_server() returned an empty response
This is unrelated to the other thread. I'm troubleshooting an issue where md_check_against_smtp_server() intermittently hangs for 5 minutes. It's *always* 300 seconds exactly (ignoring sub-second precision). The error is always the returned an empty response from get_smtp_return_code(). I'm using this function for doing callbacks against the sender's address. I look up the MX records using Net::DNS. Before you hate me too much, I cache positive responses for 7 days and negative responses for 1 hour. The delays discussed above are around the actual md_check_against_smtp_server() call and *nothing else*. To get this far, I had to instrument my filter with logging before and after every non-trivial block of code. Does anyone have any idea why the 15 second IO::Socket::INET timeout isn't applying in these cases? Thanks, Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
On Wed, 2013-03-27 at 19:45 +0100, Tilman Schmidt wrote: Am 27.03.2013 15:59, schrieb Matt Garretson: Note that md_graphdefang_log should not be used in filter_relay, filter_sender or filter_recipient. The global variables it relies on are not valid in that context. [...] Although I checked the manpage several times in the course of this thread I never noticed that paragraph. Well, you live and learn. This is a silly restriction that I wish was lifted. Yes, the subject will be blank if you call it earlier, but that's unavoidable. I don't actually use graphdefang, though. So that may be coloring my thinking. In my filter, I have code that does more-or-less the same thing but without this restriction. It works great. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
On Mon, 2013-03-25 at 13:53 -0700, kd6...@yahoo.com wrote: Although this will issue a QUIT when an error is returned, it does NOT do so when the transaction succeeds to the point where 'DATA' is normally issued. I'm not seeing that. I have MIMEDefang 2.71-2build1 on Ubuntu Precise. I see code to issue a QUIT unconditionally after the RCPT TO command. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] md_check_against_smtp_server and md_graphdefang_log
On Mon, 2013-03-25 at 17:00 -0700, kd6...@yahoo.com wrote: This is what I saw: if ($retval ne 'CONTINUE') { $sock-print(QUIT\r\n); Looks pretty conditional to me. If the return value is the continue literal, no quit is issued. I've now pulled mimedefang.pl.in from the 2.73 tarball off the website. Here's the function from HELO onwards: $sock-print(HELO $helo\r\n); $sock-flush(); ($retval, $code, $dsn, $text) = get_smtp_return_code($sock, $recip, $server); if ($retval ne 'CONTINUE') { $sock-print(QUIT\r\n); $sock-flush(); # Swallow return value get_smtp_return_code($sock, $recip, $server); $sock-close(); return ($retval, $text, $code, $dsn); } $sock-print(MAIL FROM:$sender\r\n); $sock-flush(); ($retval, $code, $dsn, $text) = get_smtp_return_code($sock, $recip, $server); if ($retval ne 'CONTINUE') { $sock-print(QUIT\r\n); $sock-flush(); # Swallow return value get_smtp_return_code($sock, $recip, $server); $sock-close(); return ($retval, $text, $code, $dsn); } $sock-print(RCPT TO:$recip\r\n); $sock-flush(); ($retval, $code, $dsn, $text) = get_smtp_return_code($sock, $recip, $server); $sock-print(QUIT\r\n); $sock-flush(); # Swallow return value get_smtp_return_code($sock, $recip, $server); $sock-close(); return ($retval, $text, $code, $dsn); Here, in the last chunk, is the unconditional QUIT. The other, conditional, QUIT commands handle error cases. If the whitespace was like this instead, it'd be easier to see: $sock-print(RCPT TO:$recip\r\n); $sock-flush(); ($retval, $code, $dsn, $text) = get_smtp_return_code($sock, $recip, $server); $sock-print(QUIT\r\n); ... -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Email injection and the android 'email' app
On Tue, 2013-03-05 at 17:59 -0500, David F. Skoll wrote: There's no way you should break your setup to comply with a brain-dead Android app. As a result of this thread, we discussed and tested this in-house (on just one phone). I believe we did get a notification that the message didn't send, so that's good. However, the fact that we had to switch it into airplane mode to be able to delete from the outbox was very annoying. That aside, is Android behaving any differently than Thunderbird, or many other mail clients? Getting a 5xx status code from the outgoing mail server seems to pop up a dialog and then leave the message in the outbox on the ones we tested. This leads to inconsistent behavior between local and remote destinations. It's arguably good for local destinations, as you can fix the address typo before sending (thus avoiding breakage when people hit Reply to All, for example). But I don't think it'd be reasonable for the outgoing mail server to check the remote addresses at the RCPT TO stage so that it could (attempt to) provide the consistent behavior of (nearly) always rejecting at RCPT TO. So if you want consistency, accepting all recipients for authenticated senders (and then later generating bounces) seems to be the only option. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Like action_replace_with_url(), but not quite
On Thu, 2012-08-30 at 13:39 -0600, Philip Prindeville wrote: I can't use stream_by_recipient() because I don't know which attachments need to be removed until I hit filter() and not filter_begin(). I don't use the function, but I think the point of stream_by_recipient() is to ensure that @Recipients only has one address. (It does this by resending the message locally.) If you do that, you can munge things directly in filter(), as you never have a case of some recipients getting the attachments and some not. However, if this isn't efficient enough for you, you might just want to save state in filter() and do the streaming in filter_end if and only if you have recipients that need different handling. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] [OT?] Random Word Spam
On Wed, 2012-02-08 at 10:03 +0100, Juergen Kleff wrote: Do you use greylisting? Yes. Do the mails indeed come from real mailservers or do they come from compromised dial-in computers? Real mail servers Feeding the mails to spamassassin's bayes database could perhaps help, in spite of the random words. But you should keep an eye on it for the risk of false positives. Everything in the headers is different? Nothing common in them? As far as I could tell, nothing was common. They were incredibly minimal. The X-Mailer field was full of random (real mail client) values. -- Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] [OT?] Random Word Spam
We've got a customer who is receiving 1 message per second! that consists solely of random English words stuck together (both subject and body). This has been happening for 24-36 hours. As far as I can see, it's coming from hijacked accounts all over the place (hundreds or thousands of servers) with varying sender addresses. Is anyone else seeing this sort of thing? Any idea how I might combat this? I'd love to bulk submit these messages and report them back to the admins of the compromised servers, if that might do some good. -- Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang+postfix on debian lenny
On Tue, 2009-11-10 at 13:00 -0500, David F. Skoll wrote: ADNET Ghislain wrote: strange, resintalling postfix does not remove sendmail completly.. anyway it seems to work that way Please file a bug with the Debian mimedefang maintainer. Installing MIMEDefang should never force the removal of Postfix. (I'm not the package maintainer, nor affiliated with him.) The mimedefang package [1] in Debian, regardless of which version of Debian you're running, doesn't depend on sendmail, it only recommends it. Thus, you should be able to have it installed without sendmail. Is MIMEDefang useful in any way without either sendmail or postfix installed? It seems to me that the package should say: Depends: sendmail | postfix. Richard [1] http://packages.debian.org/search?keywords=mimedefang signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang+postfix on debian lenny
On Tue, 2009-11-10 at 13:35 -0500, David F. Skoll wrote: I think that's a bug. It should be suggests, because AFAIK apt-get now pulls in recommends packages unless you tell it otherwise. As an aside, I was never a fan of this change, as it seems to lead to exactly this. There are at least two good reasons to want to run MIMEDefang on a machine that isn't also running Sendmail, so the Debian policy should change. One of those is that you'd want to use Postfix, Recommends: sendmail | postfix (or even Depends, from my last email) should address that one. What's the other use? Is it to run watch-mimedefang? If that's the case, maybe that should just be split out into a separate package. I see there's already an open bug suggesting that. Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] mimedefang+postfix on debian lenny
On Tue, 2009-11-10 at 22:30 +0100, ADNET Ghislain wrote: i will try to contact him. I run also in another issue. Postfix runs as the user posfix and i do not found any way to configure mimedefang to have a socket that let the postfix user to communicate with it. Is there any parameters i missed for this ? adding some sleep 10; chmod 770 and chgrp postfix to the socket seems...weird to me :) Does this solve the problem: sudo adduser postfix defang Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting post-data (was Re: [PATCH] filter_data implementation)
On Thu, 2009-05-28 at 13:17 -0700, - wrote: Then again, I kill messages that have improperly formatted Received: header lines. (Those that claim with *smtp*(wildcarded) must conform to 5321 instead of the looser syntax in 5322 and as such, they must have from and by clauses that are domain names (or address literals). If they don't, I reject them as malformed spam. Would you be willing to share this code? Thanks, Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PGP encyption of outging email
On Thu, 2009-05-07 at 09:17 +0100, Paul Murphy wrote: Steffan wrote: I wonder why you don't want to encrypt/sign in the MUA. It is more flexible and, well, works most of the time. Because users are incapable of getting it right, and the time they forget to encrypt the message may also be the time they send company B's confidential data to company A. You might want to consider checking that the message is encrypted and rejecting if it is not. That's probably WAY simpler and has the side-effect of educating users on your policy. Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Rejecting Cyrillic
On Wed, 2009-03-25 at 12:46 -0700, Kenneth Porter wrote: I've noticed a lot of spam lately in codepage Windows-1251 (Cyrillic). I'd like to reject it with a Cyrillic not understood; please resubmit as Unicode. Is there a canonical MIMEDefang idiom for doing that? I wanted to do largely the same thing and finally found the time to write it. I was concerned only with Cyrillic subjects as the indicator of spam. I put the code below in filter_end(), except for the use statements, which I put at the top with the others. In my filter, I added points to the SpamAssassin score, but you could call action_bounce() if you wanted. I don't know if it's strictly necessary to call decode with us-ascii. I did it because I was concerned about Perl's internal handling of bytes vs. characters. Any feedback on this code would be greatly appreciated. Richard use Encode; use MIME::Words; if ($Subject =~ m/=\?.+\?.+\?.+\?=/) { my $decoded_subject = ; foreach my $pair (MIME::Words::decode_mimewords($Subject)) { if (defined($pair-[1]) $pair-[1] ne ) { $decoded_subject .= decode($pair-[1], $pair-[0]); } else { $decoded_subject .= decode(us-ascii, $pair-[0]); } } if ($decoded_subject =~ m/\p{Cyrillic}/) { # DO SOMETHING HERE: REJECT, ETC. } } signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Greylisting netmask
On Sat, 2007-02-03 at 21:48 -0500, Jeff Rife wrote: Of course, I do use a whitelist for the well-known large providers (Yahoo, AOL, MSN, etc.). Would you be willing to share this whitelist? Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] regex filter unwanted words
On Tue, 2007-01-23 at 08:51 -0500, [EMAIL PROTECTED] wrote: John Rudd wrote on 01/22/2007 06:17:48 PM: As many as you can fit. But I would be very careful about it. Plus, I would make sure to use \b around the words, so that you're not getting sub-string matches. For example: \bsex\b will match sex but not match Wesex. I can't second this strongly enough! I had a very *IRATE* user complaining about not receiving email from his boss. Turns out he had created a rule in his mail client to block a certain four letter word and forgot about it. The problem started when he added his title Programmer Analyst to his signature block and he stopped getting replies to his messages. The best one I ever ran into went like this: A user calls in to complain that large attachments are being blocked. Smaller attachments work, but at some unknown point when the messages become too big, they are blocked. We eventually narrowed it down to a filter on sex (as well as some others for 4-letter words) anywhere in the message body. My theory was that as messages with attachments got larger and larger, the probability of them containing sex in the base-64 encoded data approached one. We disabled that filter rule, and everything worked great again. Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang 2.59-BETA-2 is Available
On Fri, 2007-01-19 at 11:21 +1000, Bill Maidment wrote: 2. Entering the ssh passwords for multiple servers is a bit confusing. I work around it by starting only one server initially and then adding the others one by one. Use public key authentication and the ssh-agent. Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Overcoming RPM stupidity
On Sun, 2006-12-17 at 20:46 -0500, Jeff Rife wrote: In the Fedora 6 RPM for MIMEDefang, mimedefang.pl was created using no Features at all. For most of them, this isn't a big deal, as I can put $Features{'whatever'} = 1 in mimedefang-filter and it works. But, this isn't true for Unix::Syslog (or at least I haven't found a way to overcome it). I've been following the rest of this thread, but seriously, the subject captures the problem. The Fedora 6 MIMEDefang RPM has a bug. Report it to the Fedora people to get a fixed RPM. If you need a faster solution, fix the RPM yourself and install that, then send them the patch. Any workarounds in the filter are going to be hacky. I think David's on the right track trying to have MIMEDefang detect them at run-time, but unless and until that happens, fixing the RPM is the right course of action here. Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] OT: RBL checking in Sendmail
Currently, we check a couple of RBLs right away in filter_sender(). I've been thinking that it'd be nice to move those checks from MIMEDefang into Sendmail, for the following two reasons: 1) If the message ends up being blocked, we avoid a milter call and all of MIMEDefang's setup overhead. 2) If the message is not blocked, we save some time by having a Sendmail child waiting on the DNS query instead of a MIMEDefang child. The amount of time here may be so small as to be irrelevant, though. I know I could just use the dnsbl rule in my sendmail.mc, but this has some problems. First, we need to exclude local and authenticated senders from the RBL tests. Excluding local senders saves useless lookups and excluding authenticated senders is necessary because users roaming on other networks may get an IP that was previously being abused. The only easy way I've found to do this so far is to turn on Sendmail's delay_checks. However, I think this will cause the following issues: 1. Milter calls are not delayed, so Sendmail will call MIMEDefang (i.e. for filter_sender) *BEFORE* the RBL checks, completely defeating the point. 2. Even if I were to re-arrange my filter and make MIMEDefang not call filter_sender, I think I'd run into a situation where the RBL tests would be called multiple times, once for each RCPT. I may be wrong, though. Ideally, I just want to call the RBL from Sendmail at the MAIL command stage, before milters are called. Does anyone know how to do that? It seems I need to add something to do the call from Local_check_mail if and only if the sender is not local or authenticated. Thanks, Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] URIBL/SURBL support
On Tue, 2006-11-21 at 10:13 -0500, Joseph Brennan wrote: --On Monday, November 20, 2006 12:56 -0800 Kelsey Cummings [EMAIL PROTECTED] wrote: Has anyone written up generic URIBL or SURBL specific support for MD outside of using SpamAssassin? Mind sharing? First you have to parse the URL out of text. That's fun. This works most of the time for plain text parts. I use SpamAssassin's URL parsing for this. It's possible to do that without running the SpamAssassin tests. While complex, this makes a huge difference in terms of CPU power required. However, why not just run the SURBL stuff via SpamAssassin? Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] sendmail and filter_helo interaction
On Thu, 2006-11-09 at 23:06 -0500, Dirk the Daring wrote: # Check #3 # HELO should not contain localhost How effective is this for you? Do you run into false positives? # Check #4 # If the HELO is an FQDN, the index and rindex of . will not be the same # This catches the spammer using domain.tld (which will slip # by Check #2) I check that the HELO must have a ., but I haven't gone any further than that. Does this work well for you? Any false positives? Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang 2.57 is Released
On Sun, 2006-06-25 at 11:04 -0700, Gary Funck wrote: gcc -ansi -pedantic-errors -Wall -Werror t.c t.c: In function 'main': t.c:8: error: ISO C90 forbids mixed declarations and code Here -Wdeclaration-after-statement is useful. It's not supported by all versions of GCC, so it might not be a bad idea to check for it in a ./configure. (It's been so long since I've build MIMEDefang by hand, I don't even remember if it uses autoconf.) Richard signature.asc Description: This is a digitally signed message part ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MIMEDefang 2.57 is Released
On Tue, 2006-06-20 at 10:48 -0400, David F. Skoll wrote: The main change from 2.56 is a new scheduling algorithm that tries to reuse the same set of slaves for a given command. That is, it will do it's best to run all filter_relays on one set of slaves, filter_senders on another, etc. Does this mean it'd be a good idea to initialize SpamAssassin at the first use, rather than in filter_initialize()? It seems like if a bunch of slaves are going to end up processing only filter_sender or filter_relay, then initializing SpamAssassin in filter_initialize() is a waste of memory (given previously mentioned facts about reference counting, Perl, and copy-on-write). Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] milter smorgas board
On Mon, 2006-05-01 at 10:29 -0700, Gary Funck wrote: http://www.snertsoft.com/solutions.php Above, a list of milters, many of them open source, some not. Thought it might be useful for ideas of add-ons/improvements to MdF. Here's one I thought interesting: http://www.snertsoft.com/sendmail/milter-7bit/ This Sendmail mail filter will tag or reject email with invalid message content transfer encodings as given by RFC 2045. For example a message that is declared to use MIME 7-bit encoding, but contains an 8-bit octet, NUL byte, and/or unpaired CR or LF characters, would be considered invalid and tagged/rejected. Variations of these checks are performed for MIME parts with 8-bit or binary encodings. - MIMEDefang already does the NUL and CR/LF checks as suspicious character checks. But, I'm wondering if the 8-bit check would be useful. Here's another: http://www.snertsoft.com/sendmail/milter-date/ This Sendmail mail filter verifies the conformance of the date-time strings found in the Received:, Resent-Date:, and Date: headers with respect to RFC 2822 section 3.3 Date Time Specification. The milter also checks that the date-time strings in the previously mentioned headers have coherent relationships betweeen themselves and the current mail hop. Mail can be tagged, rejected, or discarded accordingly, if the date-time strings have invalid syntax, semantics, or are incoherent. - How much of this does SpamAssassin do? Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] milter smorgas board
On Mon, 2006-05-01 at 14:12 -0400, Jeff Rife wrote: The milter-sender description reminded me... ... Does anybody have any experiences with this sort of callback check? We use it, including a database cache to lighten the load. Since we do reject on it, I can't say how efficient it is compared to other tests. From a quick log search, I see this test rejects about 38,000 messages per week, after things like RBLs and HELO checks (which block about 15,74,000 messages per week.) In general, my philosophy is that anything which can prevent a SpamAssassin run is good. Running SA on a message is very CPU intensive and involves lots of network queries as well. Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Image validator/OCR SA plugin
On Fri, 2006-04-14 at 18:42 +0200, Martin Blapp wrote: Anyone interested should keep an eye on it - it really helps with the image only spam we get today. But problably the spammers will soon change their tricks to different images which are more difficult to read :-( Interesting... What's the performance like with this? How many messages do you scan per day with it? Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] New to MIMEDEFANG
On Wed, 2006-03-29 at 10:19 +0530, R.Linga Reddy wrote: I am new to MIMEDEFANG, I am planing to install on FEDORA CORE 3 or CORE 4, will it support, and is there any problem, It'll work fine. I run it on Fedora Core 4. The only piece of advice that comes to mind immediately is to make sure you change your locale so it's not a UTF-8 locale or SpamAssassin will be incredibly slow. Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Mimedefang 2.56 and SA 3.1.1 - Idle slaves
On Wed, 2006-03-15 at 14:28 -0500, David F. Skoll wrote: (Oh, and by the way: If any SpamAssassin developers are on the list, could you please fire whoever wrote this in Dns.pm: package Mail::SpamAssassin::Dns; 1; package Mail::SpamAssassin::PerMsgStatus; Thanks!) Has this been filed in SpamAssassin's Bugzilla? Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: Don't let this happen to you
On Thu, 2006-02-16 at 11:50 -0800, Atanas wrote: a sendmail log monitoring script that shuts down web sites immediately (notifying both parties - the web site owner and the shared server administrator) in case a web site starts sending suspicious amounts of outgoing emails for a given period of time. [ snipped ] I'm running it through a modified version of mod_fastcgi that forks dynamic PHP-fastcgi workers on demand and runs them with the privileges of the script owner. Are either of these available online -- especially the modified mod_fastcgi? Thanks, Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Double From: lines in email
On Tue, 2006-02-21 at 11:08 +0100, Sleeuwenhoek J. wrote: This doesn't stop emails with double From: headers from forging internal emailaddresses. Does anyone know of a method to stop this from happening. Currently I'm preventing this with a custom spamassassin rule, but I like to log this with MD. Open the HEADERS file and run over all the lines. It's one header per line, guaranteed (so you don't need to handle the wrapping yourself). If you find a From: header, do your filtering. This makes me thing... Are double From: headers a good indicator of spam? Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Anyone noticing...
On Tue, 2006-01-17 at 17:30 +, Paul Murphy wrote: For more background, search the mailing list archives for Blocking spam senders using IPTables?. Before I spend a lot of time searching... Did you post the script, or just notes on the idea? Thanks, Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Patch to mimedefang...
On Fri, 2006-01-13 at 15:54 -0700, Philip Prindeville wrote: I'd like to propose the following patch, as a prequel to the posting of an amended mimedefang-filter on the Wiki... If your changes are only going on the Wiki, then adding a Requires to the mimedefang package is incorrect. Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Patch for Clam 0.88
On Wed, 2006-01-11 at 12:36 -0500, David F. Skoll wrote: So I found my way out of the twisty passasges. The following patch appears to fix ClamAV 0.88 so it works properly on deflate64-compressed ZIP files, if you have UNIX unzip installed. Cool! Have you submitted this to the ClamAV folks? Richard ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Please review: new Spamc feature
On Tue, 2005-10-25 at 11:01 -0700, [EMAIL PROTECTED] wrote: I do all sorts of things w/ MIMEDefang besides spam-scan, and while the MIMEDefang threads are doing all these things, that SpamAssassin module is sitting there idle, but taking up space. Use the embedded Perl feature of MIMEDefang and use compile_now() from SpamAssassin. That way, the SpamAssassin initialization is done once. fork() on Linux (and Unix in general, I believe) is very lightweight. The SpamAssassin stuff in memory will be shared by all the threads. I do this, and ... unless I'm very confused ;) ... it saves TONS of memory. Richard ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] Adding footers or signatures to all outgoing email
On Fri, 2005-07-08 at 22:03 -0400, Lisa Casey wrote: I'm also open to ideas about drawbacks to this idea (i.e., why I shouldn't do it!). It's obnoxious. Also, as e-mails are replied to and forwarded, they acquire many copies of the message. Richard Laager ___ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] PING - PONG support for mimedefang socket
On Wed, 2005-04-13 at 16:26 +0200, Martin Blapp wrote: What about this little nice patch :-) ? What is PING/PONG support useful for? Richard Laager ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] use strict
On Wed, 2005-04-13 at 16:29 -0700, John Nemeth wrote: I was thinking of sticking 'use strict;' in my filter in order to make sure that it is written cleanly and is less likely to have bugs (I realise that 'use strict;' is not a panacea). Is this likely to cause any problems with mimedefang.pl? Nope. I have use strict and use warnings in my filter. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet signature.asc Description: This is a digitally signed message part ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
[Mimedefang] resend_message fails
resend_message has been failing lately in my filter, it seems. I get the following error message: sendmail non-zero exit status in resend_message: 16384 Any thoughts on what this might be? -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] resend_message fails
On Wed, 2005-04-06 at 13:47 -0400, David F. Skoll wrote: Could it be that you're trying to re-mail to an address that begins with - so Sendmail is misinterpreting it as a command-line option? If so, I will get you a fix. I highly doubt it, given the information I know. Can you suggest a way that I could log what command MIMEDefang is running so I could check the syntax? -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: New Sendmail spam block
On Fri, 2005-03-25 at 16:42 -0600, Les Mikesell wrote: On Thu, 2005-03-24 at 18:34, Richard Laager wrote: If he's blocking because the domain you're sending *doesn't resolve to the IP address of your machine*, he's broken. You *might* also be broken. Or you might be multi-homed and not changing your name to match the interface for each conversation. Or you might be behind a NAT or PAT device. That's why I said might. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: New Sendmail spam block
On Thu, 2005-03-24 at 16:46 -0500, James Ebright wrote: The only issue with that is all if the broken/misconfigured MTAs out there M$ exchange servers OFTEN send: EXCHANGE.servernetbiosname.local as their HELO That's acceptable damage. We have manual whitelisting and automatic whitelisting in place to mitigate this. Also, under the example you've provided, I'd only be adding SpamAssassin points, not blocking outright. This helps limit the problem, especially since users set their own spam filtering level. I've only heard of a couple cases where messages are eventually being rejected by SpamAssassin because of the 5 points I add for failing this test. After contacting the administrators, this usually gets fixed immediately. MS outlook express PCs often send their NETBIOS names as the HELO I don't perform these checks for local machines or clients who have SMTP authenticated. MUAs do a lot of stupid things, so I have a lot of exceptions for local users. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: New Sendmail spam block
On Thu, 2005-03-24 at 16:17 -0600, Ben Kamen wrote: The person I've been having the problems with is quoting RFC821, but forgetting he's breaking RFC1123 which is the amendment to 821. What are you sending as your HELO argument? Here are some sample forms: foo foo.example.com (which doesn't resolve) foo123.example.com (which doesn't match the reverse DNS of the server) If it's anything but the last form, he's not breaking the letter of the RFCs. You could argue that it's violating the be liberal in what you accept philosophy but that's no worse than you violating the be conservative in what you send philosophy. How much that philosophy applies in today's hostile Internet (especially with regard to e-mail) is a question for another day. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] OT: New Sendmail spam block
On Thu, 2005-03-24 at 16:47 -0600, Ben Kamen wrote: It's a norton anti-virus gateway sitting behind a firewall. Right now, it just hands out it's hostname to the server it's talking to. If the server is handing out its hostname, then it's fine. You just need to set a proper hostname (fully-qualified and one that exists in DNS). Also, FYI, Norton anti-virus gateways need to be sandwiched between two regular servers. They can not handle MUAs or Internet MTAs on either side. This is one of the major reasons we switched off our Norton filtering solution a couple years ago. I pointed out to him that it does indeed break RFC1123... we'll see how it goes from there. If he's blocking because the domain you're sending *isn't fully qualified*, he's fine. You're broken. If he's blocking because the domain you're sending *doesn't resolve*, he's fine. You're broken. If he's blocking because the domain you're sending *doesn't resolve to the IP address of your machine*, he's broken. You *might* also be broken. -- Richard Laager [EMAIL PROTECTED] Wikstrom Telecom Internet ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Scary... Filtering on the outbound.
On Mon, 2005-02-21 at 13:33 -0500, David F. Skoll wrote: Actually, I see that as a huge issue. If the key is ever compromised, then every piece of e-mail you've ever sent out is vulnerable to decryption. That makes the MIMEDefang machine a very tempting target. This can be mitigated by creating several encryption subkeys up front. (This would be done on a secure, unconnected machine.) Each key would be valid for a specific chunk of time. Then, only install the first on the server. Near the expiration date, add the second subkey. A little while after the expiration date, remove the first. Repeat this as the subkeys expire. In this way, a compromise would only affect the messages from one chunk of time (or two in the worst-case scenario when it's compromised during the overlap around the expiration date). This does assume that you catch the compromise in a timely fashion. If you wanted to be absolutely sure about that, you could switch the mail server functions over to a freshly installed and patched machine every time you switched subkeys. The messages could be archived in encrypted form. Assuming you use the commercial version of PGP, the secret sharing stuff could be used to ensure that the archived messages could only be read when authorized by the appropriate person(s). If you're using GnuPG or something else, then secret sharing isn't really available, but there are other ways of accomplishing much the same thing. Richard Laager signature.asc Description: This is a digitally signed message part ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] add boilerplate not working as expected
On Sat, 2004-10-02 at 16:35, J.D. Bronson wrote: if ($RelayAddr =~ ^192\.168\.1 or ^127\.0\.0\.1) { Try this instead: if ($RelayAddr =~ ^192\.168\.1 or $RelayAddr eq 127.0.0.1) { The error is that or binds two conditional statements. In your example, it was seeing this as: statement 1: $RelayAddr =~ ^192\.168\.1 OR statement 2: ^127\.0\.0\.1 Richard signature.asc Description: This is a digitally signed message part ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] roaringpenguin.com is listed in rfc-ignorant
On Tue, 2004-09-28 at 20:00, David F. Skoll wrote: I defy anyone to show me an RFC that says an SMTP implementation MUST accept mail from to [EMAIL PROTECTED] From my e-mails to the admin of rfc-ignorant.org, I believe the stance is that postmaster (case-insensitive with or without the domain) must accept mail from anyone. The basis cited for this is RFC 2821, specifically section 4.5.1: SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet. In extreme cases --such as to contain a denial of service attack or other breach of security-- an SMTP server may block mail directed to Postmaster. However, such arrangements SHOULD be narrowly tailored so as to avoid blocking messages which are not part of such attacks. I said DSNs were the *most common* (emphasis added here so the quote below makes sense) usage of the null sender and I speculated that you (David) did not send mail from postmaster, and thus had no reason to expect DSNs for that address. I imagine you put the block in place to stop bounces from joe jobs. The rfc-ignorant.org admin said: most common != only. Richard Laager signature.asc Description: This is a digitally signed message part ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Put a price tag on that. If you are selling a product, how many dollars worth of orders are you willing to discard because the potential customer sent a request for information through a public access point instead of their own ISP? If a potential customer sends you a message through a public access point and their domain has SPF enabled and doesn't list that access point as a valid relay, is that you fault? No, it's their administrator's fault for setting up restrictive SPF without properly configuring their employee's/user's laptops. Example: Let's say that I work for a hypothetical ACME Widgets, Inc. My e-mail address is [EMAIL PROTECTED] A potential customer, [EMAIL PROTECTED], tries to send me an e-mail message from his laptop using a public access point in his hotel. The network he's on is not listed as an allowed relay for example.com, according to their SPF record. My administrator (at acmewidgets.com) is honoring SPF records. What happens? If the people at example.com have setup their SPF record to say that mail from unlisted networks should be bounced, the message will be bounced. If they've said it should be subject to additional checks, but not outright rejected, it will be accepted and the SpamAssassin score increased. The behavior is exactly per their setup. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQRkdsm31OrleHxvOEQKW+gCg09o78crSght3oPnLeNrkStYeSVoAoKRM ohcAK9K0LqS9HGqHRwinnVkc =xuhF -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Deadline for SPF records
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Can't someone still forge the user name as long as the domain name is correct for the originating IP address or will that take yet another change in all MTA's to enforce before this one is very useful? Let's say that the SPF record for futuresource.com says that the allowed relay is mail.futuresource.com. This means that mail coming from mail.futuresource.com (as the relay) is legitimate and that all other mail is likely to be forged. Now, why would mail.futuresource.com allow someone to spoof the envelope sender from its own domain? For example, my mail server has been configured to check all envelope sender addresses which are from local domains. Therefore, I can't send a message with an envelope sender of [EMAIL PROTECTED] If SPF was widely adopted, these two measures would effectively stop forgery of all wiktel.com addresses. On the other hand, if you simply want to be able to tell if a given address is valid, that's easy enough to check. Simply connect back to the MX records for the sending domain and do: MAIL FROM: RCPT TO:[EMAIL PROTECTED] Code for this has been posted on the list before. This allows you to drop completely invalid addresses. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQRgPY231OrleHxvOEQLVvACg6r68vySTWULpxAWhEAghQ94yHJoAnRB3 Enn6ldflDqBL4/xP9Sc9w9r9 =q69y -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Using Mail::GPG in filter to examine PGPattachmentsand messagebody
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Any ideas on my implementation problem? I don't have any ideas on the Perl MIME issues. I know more about the MIMEDefang API and PGP encryption in general than the details of the Perl MIME stuff. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQOt3gW31OrleHxvOEQLBOwCfWAPKP+Uz2KgxQ9bU9bJnfCbYhIgAn3s7 Pp3KT8vj43RVc/R3v87y8qY5 =Ahan -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] Using Mail::GPG in filter to examine PGP attachments and messagebody
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 $pass=PASS; my $gpg = Mail::GPG-new(default_key_id='4B771017', default_passphrase=$pass, debug=1, gnupg_hash_init={ armor = 1, batch = 1, homedir = '/home/defang'} ); Are you really sure you want to do this? The whole point of end-to-end encryption is to protect from attacks along the way. If you have the private key and passphrase available on the mail server, it becomes a single point of failure that would break the encryption on all of the messages, past and future. I would recommend that you simply check that the message was encrypted to the corporate key. Don't actually decrypt it. This does mean that someone could edit the PGP data to make it look like the message was encrypted to the corporate key when it wasn't. If this happens, what is lost? The original recipient can still read the message, you simply can't decrypt it later with the corporate key. This may or may not be a problem in your situation. By the way, E3AA17BD actually looks more like the corporate key (by its name and the fact that it can revoke your key). For either key, you've got one subkey setup -- size 2048, never expires. Especially for a long-life corporate key, you should setup multiple encryption subkeys with expiration dates. That way, the compromise of one subkey will only compromise messages that were encrypted to that subkey. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQOm/Tm31OrleHxvOEQJ7FwCg2YPuTb/p3xZGa3ZS0BgnOJbEvLEAoKhU qdbzlcw8IUvOs4C6PuAZHLO/ =QpMk -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MIMEDefang embedded perl stability issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Add: use strict; to your mimedefang filter and the problem will stop after you have fixed all the error messages. This is not true in all cases. This is the same problem I'm having. I can't do a reread. I've been using use strict in my filter as long as I remember. David, I still haven't gotten around to running the gdb commands you suggested in the other thread a few days back. I hope to get to that soon if I have time. Richard Laager -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQNyAn231OrleHxvOEQKfRACgj5TPGIzWaCxGWxh70+zjfwChHwIAmwWe UtEhskBtvRFI+dFgAnnrDUM3 =Q1lK -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MXCommand: read: Connection reset by peer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Are you constrained by memory? What OS are you running? Fedora Core 1 (Linux 2.4.22-1.2188.nptlsmp kernel) Dual Pentium III 1.2 GHz 2.5 GB memory, 1 GB swap /var/spool/MIMEDefang is on a 1.3 GB tmpfs partition. I'm currently using about 1.7 GB of physical memory and no swap. I'm running the embedded perl interpreter with 50 slaves set as the MX_MINIMUM. I have MX_MAXIMUM set to 110. (By the way, what do you think of these values?) Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQNfMWm31OrleHxvOEQIyhACggLCiJ+Jf/uKgiDId4h2ay9UPvcAAmgOB EnQf14T0CyNdyZonhZq7MLTq =Ze+8 -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] MXCommand: read: Connection reset by peer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 They seem reasonable for your hardware configuration. So for some reason, the multiplexor is dying? This is really hard to pin down. I think you'll need to attach gdb to the multiplexor and wait for it to die. Do this: I think I found the problem. I had a script that would force a filter reread. Doing a reread seems to kill the multiplexor. I've fixed the problem by changing the script to do a full restart of MIMEDefang. I know what you've said about the Perl internals, so this is probably as good as it gets. Is there any fix for the reread problems? I'm running version 2.43. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQNjOxG31OrleHxvOEQKrrwCg7DmerSksokdbKLOBvHqMTA05YVkAn0R2 0cWy0Q/H7+/oGc6lpKM2c8QP =+IlS -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
RE: [Mimedefang] surbl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It looks interesting, but I'm wondering if anyone else has tried this with MIMEDefang? Will it work with MIMEDefang calling SpamAssassin by way of its modules? It depends what you mean by tried this with MIMEDefang. So, I'll respond out of order. In response to your second question, if SpamAssassin supports something by itself, MIMEDefang calling SpamAssassin will utilize such a filtering technique. On a related note, this thought of a URI blacklist is an idea I've had (and shared with others) for a while. We'll see the same problem as we did for Bayesian filtering... Spammers will start including bogus URIs to avoid the filtering (or as a joe job). This is not to say it's useless, just as Bayesian filtering is still useful. URI filtering can be quite handy. I recently implemented code that would check a message for URIs and then run those URIs through our pornography filtering database. I called SpamAssassin to do the actual URI parsing and I did the porn checks from within our MIMEDefang filter. In this way, I was able to leverage the SpamAssassin code and avoid reinventing the wheel. Because of the way I coded, we only run full SpamAssassin checks if the customer wants full spam filtering. If the customer only wants porn filtering, we only need to run the URI parsing portion of the SpamAssassin code, greatly saving CPU power. (If the customer wants neither, we do pass the mail through unscanned.) So, it's possible to do URI filtering by itself if desired. There's no way a spammer can get around this sort of filtering by padding a message with extra URIs since in this case a single case of a URI is enough to trip the test. (Contrast this with approaches that would check the percentage of bad URIs. I'm not sure if this SUBL stuff does that or not.) And, the URIs aren't going into a database based off messages, so there is no danger of joe jobs. Richard Laager Wikstrom Telecom Internet -BEGIN PGP SIGNATURE- Version: PGP 8.0.2 Comment: If you don't know what this is, you can safely ignore it. iQA/AwUBQHtdkG31OrleHxvOEQIPkwCg5KDHynym0btADSNuJOIyx/rm+BIAoIbx VKIYVICtf9byij9ye8zQbuMr =T2oO -END PGP SIGNATURE- ___ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang