[Mimedefang] My filter -- example for the curious

David F. Skoll dfs at roaringpenguin.com
Sat Dec 15 10:35:22 EST 2001 

Hi,

I've decided to post the filter I use -- it might give you some
ideas.  I hope some of you find it useful.

Regards,

David.

# Set the atministrator name and daemon address
$Administrator = 'dfs at roaringpenguin.com';
$DaemonAddress = 'mailer-daemon at roaringpenguin.com';

$Stupidity{"flatten"} = 0;
$Stupidity{"NoMultipleInlines"} = 0;

# I find that most HTML e-mail is SPAM.  I allow HTML if it's coming from
# a mailing list I'm on, or if my address explicitly appears in the To:
# header.  Otherwise, I bounce HTML mail.  The filter_begin decides whether
# or not I should accept HTML parts.  Note how I read ./HEADERS to get at
# the To: header
sub filter_begin {
    if ($Sender =~ /oclug/ || $Sender =~ /bugtraq/ || $Sender =~ /-admin/ || $Sender =~ /-owner/) {
	$HTMLOK = 1;
    } else {
	$HTMLOK = 0;
    }

    # Accept HTML if we appear in the To: field
    if (open(HDRS, "<./HEADERS")) {
	while(<HDRS>) {
	    if (/^To:.*\@roaringpenguin\.com/i) {
		$HTMLOK = 1;
		last;
	    }
	}
	close(HDRS);
    }
}

# The actual filter is very simple.  For test purposes, I accept anything
# from my desktop machine "shishi"
#
# If the message has an HTML part, and I've decided above not to accept
# HTML, I bounce the message.
#
# If the message contains .exe, .com, etc, it's probably a Windoze virus
# and I don't want it cluttering up my disk -- bounce it.
#
# I don't accept MS Office attachments either, so bounce those also.
#
# Otherwise, accept.
sub filter {
    my($entity, $fname, $ext, $type) = @_;

    # Accept anything from shishi
    if ($RelayAddr eq "192.168.2.3") {
	return action_accept();
    }

    my($lc_type) = $type;
    $lc_type =~ tr/A-Z/a-z/;

    if ($lc_type eq "text/html" && !$HTMLOK) {
	return action_bounce("HTML e-mail not accepted; please use plain text only.");
    }

    if (re_match_ext($entity, '^\.(exe|com|bat|vbs|scr|shs|dll|vxd|pif|reg|ocx|lnk|ini)$')) {
        syslog('info', "$MessageID Bounced because of attachment $fname");
	return action_bounce("Attachments of type $ext are not accepted.");
    }

    if (re_match_ext($entity, '^\.(doc|xls|ppt)$')) {
        syslog('info', "$MessageID Bounced because of attachment $fname");
	return action_bounce("Microsoft Office (Word/Excel/PowerPoint) Documents are not accepted -- please use plain text.");
    }

    return action_accept();
}


# Well, this never gets used, but what the heck...
sub defang_warning {
    my($oldfname, $fname) = @_;
    return
	"An attachment named '$oldfname' was converted to '$fname'.\n" .
	"To recover the file, right-click on the attachment and Save As\n" .
	"'$oldfname'\n";
}

# DO NOT delete the next line, or Perl will complain.
1;

More information about the MIMEDefang mailing list