[Mimedefang] restricting senders who can post to a specific recipient
Ray Spinhirne
rays at admin.stedwards.edu
Sat Aug 24 00:03:00 EDT 2002
>
> [apologies for my tendency for longish posts... please feel free
> to be ruthless in trimming any quoted replies]
>
> I have a situation where I need to protect an email alias from
> "unauthorised" use. This alias expands to several thousand (!!)
> organisational members, all kept in an external :include: file which
> is regularly updated from an sql database.
>
> The alias exists for the sole purpose of allowing the organisation
> to send regular email postings to its members and other clients
> (as one of the services it offers).
>
> The situation that I need to create is that only specific senders
> from specific hosts/networks (within the organisation) can
> successfully post email to this alias.
>
> The alias name itself gets high exposure with these postings, and
> as a result it can (and does) attract both spam and MM viruses,
> and the unoccasional mis-directed reply message.
>
[details cut]
This works for us at SEU.
Ray Spinhirne
#***********************************************************************
# %PROCEDURE: filter_begin
# %ARGUMENTS:
# None
# %RETURNS:
# Nothing
# %DESCRIPTION:
# Called just before e-mail parts are processed
#***********************************************************************
sub filter_begin () {
# ALWAYS drop messages with suspicious chars in headers
if ($SuspiciousCharsInHeaders) {
action_quarantine_entire_message();
action_notify_administrator("Message quarantined because of suspicious c
haracters in headers");
# Do NOT allow message to reach recipient(s)
return action_discard();
}
# Scan for viruses if any virus-scanners are installed
my($code, $category, $action) = message_contains_virus();
$FoundVirus = ($category eq "virus");
# SEU_PATCH
#
# This should not allow mailing to restricted aliases.
# All address which contain .re_strict will be tested and
# the sender must exist in either the file RL.alllowed.all or
# RL.<alias name>
#
# if sender does not exist the administrator will be notified
# and the mail will be rejected.
#
CKRECPT: foreach $recp (@Recipients)
{
next unless($recp =~/.re_strict/); # check only restricted ones
($recp_root) = split('@',$recp);
$recp_root =~ tr/<>//d;
#
# just for now we will do this so that we can see what
# is being sent to the resticted lists (this does not
# prevent more testing and delivery if ok)
action_quarantine_entire_message();
if (-r "/etc/mail/RL.$recp_root")
{
open RESTRICTED, "</etc/mail/RL.$recp_root";
while ($allowed = <RESTRICTED>)
{
chomp $allowed;
next CKRECPT if ($Sender eq $allowed);
}
close RESTRICTED;
#
}
if (-r '/etc/mail/RL.allowed.all')
{
open RESTRICTED, "</etc/mail/RL.allowed.all";
while ($allowed = <RESTRICTED>)
{
chomp $allowed;
next CKRECPT if ($Sender eq $allowed);
}
close RESTRICTED;
}
#
# if we get here then we have a restricted alias and the
# sender is not allowed
action_notify_administrator("Mail to restricted alias $recp from $Sender
at $RelayAddr rejected. \n");
return action_bounce("The alias $recp is restricted. Mail from $Sender
rejected.");
}
}
>
More information about the MIMEDefang
mailing list