Contributed by jose on from the replacing-a-duplicate-PF-article dept.
(Comments are closed)
OpenBSD Journal
Contributed by jose on from the replacing-a-duplicate-PF-article dept.
(Comments are closed)
Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]
By Steph L () on http://mutt.free.fr/milter/
Sendmail's Milter API offers many solutions to
common problems(spam, virus, policy, rate control,...)
Have a look at http://mutt.free.fr/milter/ for
more information about Milter and have a list
of other existing Milter solutions.
Feedback welcome on milter AT free.fr
By Sleepy () sleepy@maximumunix.org on http://www.maximumunix.org
is there a smtp-proxy that work in a similar way to the ftp-proxy so people could redirect smtp traffic to it for inspection?
Thanks
Comments
By Daniel Hartmeier () daniel@benzedrine.cx on mailto:daniel@benzedrine.cx
Doing it in a proxy would be possible, but there's no way to properly tell the receiving MTA that the proxy would like to abort the transaction (without potentially causing annoying warnings about what would appear to the MTA to be connections dropped or transactions incompleted by the real sender), at least that I know of.
And I don't see how you could implement 'discard' in a proxy, either. The proxy would have to complete the transaction with the sender, while causing the receiver to discard the message. That ends up taking over some parts of the SMTP dialogue, making the proxy more complex.
The milter API allows to do all of this with the MTA (sendmail) being aware that an intermediate process is causing the rejections, solving those problems elegantly. If other MTAs have similar mechanisms (or, even better, built-in regexp filtering capabilities), I'd prefer those.
By schubert () on http://schubert.cx/
By Peter Hessler () spambox@theapt.org on http://www.theapt.org
in main.cf:
mime_header_checks = regexp:/etc/postfix/mime_header_checks
In /etc/postfix/mime_header_checks:
name=[^>]*.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|inf|ins|isp|lnk|js|jse|lnk|ocx|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pi|pif|prf|reg|scf|scr|sct|shb|shm|shs|swf|uue|vb|vbe|vbs|vbx|vxd|wab|wsc|wsf|wsh)/ DISCARD MS_EXE was attached
No spaces in the regex. I use DISCARD so no bounces are generated. There is only one Windows user on my network, and I told her what I was doing, and have her friends zip up anything program they want to send her.
Comments
By Anonymous Coward () on
By Peter Hessler () spambox@theapt.org on http://www.theapt.org
in main.cf:
mime_header_checks = regexp:/etc/postfix/mime_header_checks
In /etc/postfix/mime_header_checks:
/name=[^>]*.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|inf|ins|isp|lnk|js|jse|lnk|ocx|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pi|pif|prf|reg|scf|scr|sct|shb|shm|shs|swf|uue|vb|vbe|vbs|vbx|vxd|wab|wsc|wsf|wsh)/ DISCARD MS_EXE was attached
No spaces in the regex. I use DISCARD so no bounces are generated. There is only one Windows user on my network, and I told her what I was doing, and have her friends zip up anything program they want to send her.
Comments
By Anonymous Coward () on
reject MS Attachment
/name=[^>]*.(ade|adp|asd|bas|bat|chm|cmd|com|cpl|crt|dbx|dll|exe|hlp|hta|inf|ins|isp|lnk|js|jse|lnk|ocx|mde|mdt|mdw|msc|msi|msp|mst|nws|ops|pcd|pi|pif|prf|reg|scf|scr|sct|shb|shm|shs|swf|uue|vb|vbe|vbs|vbx|vxd|wab|wsc|wsf|wsh)/
yes? no?
By Hugo Villeneuve () on http://EINTR.net
By jordan () on http://www.roaringpenguin.com/mimedefang/
Comments
By Steph L () on http://mutt.free.fr/milter/
Daniel's filter requires only a C compiler + sendmail with Milter support. It's a more easy solution to fight agains worms. Of course if you want to do virus scanning with sendmail set-up amavisd-new or MIMEDefang.
By collin () collin-deadly@betaversion.net on mailto:collin-deadly@betaversion.net
checkout MessageWall (an SMTP proxy) it is specially designed to block spam during the transfer process (in SMTP). It works for all MTAs since it's backend does SMTP too. Check it out at: www.messagewall.org
Comments
By Steph L () on http://mutt.free.fr/milter/
The latest official release was made out quite a long time ago...
It works in "sandwitch mode" so is less efficient than a Milter filter (Milter uses threads) but of course it offers more features.
By Paul Pruett () ppruett@webengr.com on http://www.cocoavillagepublishing.com/
Also I would think if you are using spam assassin and you like one or several of the rules to be site wide that are pattern matching, you could do a regex equivalent. Because this is compiled and not perl or otherwise it should be faster,
QUESTION - We could remove the regexp stuff for header maching we have the in sendmail.mc and is in some /usr/share/sendmail/cf/*.mc examples and use this instead, would that be better?
#
# Reject mail based on regexp above
#
SLocal_check_mail
R$* $: $>Parse0 $>3 $1
R$+ $: $(checkaddress $1 $)
R@MATCH $#error $: "553 Header error"
By Frank Denis () j@pureftpd.org on http://www.pureftpd.org/
rdr proto tcp from any os { "Windows" "SCO" }
to any port smtp -> 127.0.0.1 port spamd
By sthen () on