[Mimedefang] filter_relay, SendmailMacros & SA questions :)
Vincent Jaussaud
tatooin at kelkoo.com
Sat Dec 28 11:09:00 EST 2002
Hi !
I'm currently trying to figh SPAM using MimeDefang 2.28 + SA 2.43, and I have some
questions regarding these. Our mail server (sendmail 8.12.6) is doing STARTSSL + SMTP
AUTH to enable relaying for roming users.
First, in my filter_relay routine, I'm doing some RBL checks:
# Check a few online black hole databases
if (relay_is_blacklisted($ip, "relays.ordb.org")) {
return ('REJECT', "Relay $name refused by blackhole site relays.ordb.org.
Please see http://www.ordb.org/faq/#why_rejected");
}
if (relay_is_blacklisted($ip, "list.dsbl.org")) {
return ('REJECT', "Relay $name refused by blackhole site list.dsbl.org.
Please see http://dsbl.org");
}
if (relay_is_blacklisted($ip, "relays.osirusoft.com") ) {
return ('REJECT', "Relay $name refused by blackhole site
relays.osirusoft.com. Your mail is rejected.");
}
I noticed one problem though. If the IP address dynamically assigned to my client by his
ISP is listed in any RBL list (this happens), my client won't be able to send emails
through our mail server, even by using SMTP AUTH.
At first, I was thinking to use %SendmailMacros, so that clients who get authenticated
would not pass through RBLs checks. But these macros arn't available in filter_relay; I'm
not sure to understand why btw.
Any idea how to workaround this ?
Also, in my filter ($$$$) routine, I'm checking mails for SPAM using SA:
# We won't allow SPAM to pass through
if ($Features{"SpamAssassin"}) {
# No need to check messages higher than 64k, such big messages are unlikely to be SPAM
if (-s "./INPUTMSG" < 64*1024) {
my($hits, $req, $names, $report) =
spam_assassin_check("/etc/mail/spamassassin/sa-mimedefang.cf");
if ($hits >= $req) {
# This one is SPAM
my($score);
if ($hits < 40) {
$score = "*" x int($hits);
} else {
$score = "*" x 40;
}
action_add_header("X-Spam-Warning", "SpamAssassin says this part is SPAM
[HITS: $hits REQ: $req]");
action_change_header("X-Spam-Info", "HITS: $hits REQ: $req ($score)
NAMES: $names");
action_quarantine_entire_message("Suspicious SPAM Message quarantined.");
return action_bounce("SPAM not welcome here. Your mail is unwanted, and
so far rejected.");
} else {
action_add_header("X-Spam-Warning", "SpamAssassin found the current part
clean. [HITS: $hits REQ: $req]");
}
}
}
Then, in filter_end():
return if message_rejected();
action_add_header("X-Spam-Status", "SpamAssassin say the whole message is FINE :-)");
I'm not sure to do the right thing here. Would it be possible to call SA only once, for
the whole message, rather than for each part of the mail ? What about performances ?
I could check for SPAM in filter_end () rather than in filter ($$$$), but since in the man
pages, it is mentioned that action_bounce cannot be used in filter_end, I don't know how
to deal with this. :-\
I also would like to add an header (only once) for emails found clean by SA, with their
respective $hits. (This would help tuning the score settings of SA)
Something like:
action_add_header("X-Spam-Warning", "SpamAssassin found the whole mail clean. [HITS:
$hits]");
But $hits isn't known in filter_end, unless we make another call for SA. :(
Thanks for your help.
Best Regards,
Vincent Jaussaud.
---
Vincent Jaussaud
Kelkoo - Security Manager / Networks & Systems Administration
---
More information about the MIMEDefang
mailing list