[Mimedefang] 451 4.7.1 Please try again later

Marco Berizzi pupilla at hotmail.com
Thu Feb 14 10:18:17 EST 2002


I have just installed MIMEDefang 2.3 + Sendmail 8.12.2 on my Slackware
Linux box.
I'm testing it with no success. (MIMEDefang 2.2 with the same filter is
working)
I always get error "451 4.7.1 please try again later".
This is part of my /var/log/messages
sendmail[68]: starting daemon (8.12.2): SMTP+queueing at 00:15:00

Feb 14 13:21:40 iris sendmail[79]: g1ECLdxB000079:
from=<pupilla at libero.it>, size=449, class=0, nrcpts=1,
msgid=<023701c1b552$270131e0$334252d5 at aive.it>, proto=SMTP, daemon=MTA,
relay=[213.82.66.51]

Feb 14 13:21:44 iris sendmail[79]: g1ECLdxB000079: Milter: data,
reject=451 4.7.1 Please try again later

Feb 14 13:21:44 iris sendmail[79]: g1ECLdxB000079: to=<marco at aive.it>,
delay=00:00:04, pri=30431, stat=Please try again later

Feb 14 13:21:54 iris sendmail[83]: g1ECLsxB000083:
from=<pupilla at libero.it>, size=449, class=0, nrcpts=1,
msgid=<023e01c1b552$2f580d50$334252d5 at aive.it>, proto=SMTP, daemon=MTA,
relay=[213.82.66.51]

Feb 14 13:21:56 iris sendmail[83]: g1ECLsxB000083: Milter: data,
reject=451 4.7.1 Please try again later

Feb 14 13:21:56 iris sendmail[83]: g1ECLsxB000083: to=<marco at aive.it>,
delay=00:00:02, pri=30431, stat=Please try again later

Feb 14 13:31:08 iris sendmail[87]: g1ECV5xB000087:
from=<pupilla at libero.it>, size=449, class=0, nrcpts=1,
msgid=<024601c1b553$78d8c630$334252d5 at aive.it>, proto=SMTP, daemon=MTA,
relay=[213.82.66.51]

Feb 14 13:31:09 iris sendmail[87]: g1ECV5xB000087: Milter: data,
reject=451 4.7.1 Please try again later

Feb 14 13:31:09 iris sendmail[87]: g1ECV5xB000087: to=<marco at aive.it>,
delay=00:00:02, pri=30431, stat=Please try again later

and this is /etc/mail/mimedefang-filter:

# -*- Perl -*-

#***********************************************************************

#

# mimedefang-filter

#

# Sample implementation of "filter" function for MIMEDefang.

# Your filter *must* be correct Perl code, *must* return "1" when

# sourced; and *must* be placed in /etc/mail/mimedefang-filter.

#

# This filter is "low risk" because it is very restrictive about what

# it allows through. Note that it DOES allow HTML attachments through,

# which may be a problem for your e-mail client.

#

# Copyright (C) 2000 Roaring Penguin Software Inc.

#

# This program may be distributed under the terms of the GNU General

# Public License, Version 2, or (at your option) any later version.

#

# $Id: low-risk-filter,v 1.15 2001/10/04 15:27:58 dfs Exp $

#***********************************************************************

#***********************************************************************

# Set administrator's name here. The administrator receives

# quarantine messages and is listed as the contact for site-wide

# MIMEDefang policy. A good example would be 'defang-admin at mydomain.com'

#***********************************************************************

$Administrator = 'postmaster at aive.it';

#***********************************************************************

# Set the e-mail address from which MIMEDefang quarantine warnings and

# user notifications appear to come. A good example would be

# 'mimedefang at mydomain.com'. Make sure to have an alias for this

# address if you want replies to it to work.

#***********************************************************************

$DaemonAddress = 'mailer-daemon at aive.it';

#***********************************************************************

# Set various stupid things your mail client does below.

#***********************************************************************

# Set the next one if your mail client cannot handle nested multipart

# messages

$Stupidity{"flatten"} = 0;

# Set the next one if your mail client cannot handle multiple "inline"

# parts (*cough* Exchange *cough* Outlook)

$Stupidity{"NoMultipleInlines"} = 1;

#***********************************************************************

# %PROCEDURE: filter_begin

# %ARGUMENTS:

# None

# %RETURNS:

# Nothing

# %DESCRIPTION:

# Called just before e-mail parts are processed

#***********************************************************************

sub filter_begin {

# If you have a recognized anti-virus scanner, use this

$VirusFound = message_contains_virus();

# Example: Only allow mailing to "all at mycorp.com" from our mail server

$OurMailServer = 192.168.7.4;

if ($RelayAddr ne $OurMailServer) {

foreach $recip (@Recipients) {

if ($recip eq 'all at mycorp.com') {

action_bounce('Outsiders may not mail to all at mycorp.com');

last;

}

}

}

}

#***********************************************************************

# %PROCEDURE: filter

# %ARGUMENTS:

# entity -- a Mime::Entity object (see MIME-tools documentation for
details)

# fname -- the suggested filename, taken from the MIME
Content-Disposition:

# header. If no filename was suggested, then fname is ""

# ext -- the file extension (everything from the last period in the name

# to the end of the name, including the period.)

# type -- the MIME type, taken from the Content-Type: header.

#

# NOTE: There are two likely and one unlikely place for a filename to

# appear in a MIME message: In Content-Disposition: filename, in

# Content-Type: name, and in Content-Description. If you are paranoid,

# you will use the re_match and re_match_ext functions, which return
true

# if ANY of these possibilities match. re_match checks the whole name;

# re_match_ext checks the extension. See the sample filter below for
usage.

# %RETURNS:

# Nothing

# %DESCRIPTION:

# This function is called once for each part of a MIME message.

# It decides the fate of the part by calling one of:

#

# action_accept() -- Accept the attachment as-is.

#

# acction_accept_with_warning($msg) -- Accept the attachment, but add

# a warning message "$msg".

#

# action_drop() -- Silently drop the attachment. NOT

# RECOMMENDED.

#

# action_drop_with_warning($msg) -- Add a warning message "$msg" and

# drop the attachment.

#

# action_defang($entity, $name, $fname, $type) -- Allow the attachment

# through, but change the name to "$name", filename to "$fname" and MIME

# type to "$type". If "$name" or "$fname" are set to "", they are

# generated. Use this to "de-fang" dangerous attachements so the data

# gets through, but is not susceptible to simple social engineering

# attacks.

#

# action_external_filter($entity, $cmd) -- Run an external filter
"$cmd".

# This program must read from the file "./FILTERINPUT" and leave

# the result in "./FILTEROUTPUT".

#

# action_quarantine($entity, $msg) -- Similar to
action_drop_with_warning.

# However, it copies the attachment to a file in /var/spool/MIMEDefang

# and e-mails the details of the attachment and the name of the

# quarantined file to the MIMEDefang administrator.

#

# action_bounce($reply) -- Bounce the entire message with one-line reply

# $reply. This means that the sender gets an error and the intended

# recipients never see the mail. You can profitably use

# action_quarantine before a call to action_bounce.

#

# action_discard() -- Silently discard the entire message. This means

# that the intended recipients never see the mail and the sender

# *does not* get an error message back. You can profitably use

# action_quarantine before a call to action_discard.

#***********************************************************************

sub filter {

my($entity, $fname, $ext, $type) = @_;

# For convenience, compute lower-case versions of filename and extension

my($lc_fname) = $fname;

my($lc_ext) = $ext;

$lc_fname =~ tr/A-Z/a-z/;

$lc_ext =~ tr/A-Z/a-z/;

####################################################################

# #

# Filter rules follow #

# #

####################################################################

#-------------------------------------------------------------------

# Quarantine viruses

#-------------------------------------------------------------------

if ($VirusFound && entity_contains_virus($entity)) {

# Notify the sender if you desire

action_notify_sender("The attachment '$fname' was deleted. It
contains\n".

"a known virus.\nHere is the output from the virus
scanner:\n$VirusScannerMessages");

return action_quarantine($entity, "The attachment $fname contains a
known virus. It has been quarantined.\nHere is the output from the virus
scanner:\n$VirusScannerMessages");

}

#-------------------------------------------------------------------

# Quarantine: .exe .com .bat .vbs .shs .dll .vxd

# .pif .scr .reg .ocx .lnk .js .ini .mdb

# .wpd .wk4 .eml

#-------------------------------------------------------------------

if (re_match_ext($entity,
'^\.(exe|com|bat|vbs|scr|shs|dll|vxd|pif|reg|ocx|lnk|js|ini|mdb|wpd|wk4|
eml)$')){

# Notify the sender if you desire

#action_notify_sender("The attachment '$fname' was deleted. We do
not\n".

# "accept attachments of type '$ext'.\n");

action_notify_sender("The message was deleted. We do not accept\n".

"message with attachments of type '$ext'.\n");

# Discard the message

return action_discard();

# Quarantine the attachment.

#return action_quarantine($entity, "An attachment named $fname was
removed from this document as it\nconstituted a security hazard. If you
require this document, please contact\nthe sender and arrange an
alternate means of receiving it.\n");

}

#-------------------------------------------------------------------

# Accept any kind of textual attachment

#-------------------------------------------------------------------

if ($type =~ m+^text/+) {

return action_accept();

}

# This type is generated by some buggy mail clients.

if ($type eq "text") {

return action_accept();

}

#-------------------------------------------------------------------

# Messages (generated by mail transfer agents)

#-------------------------------------------------------------------

if ($type =~
m+^message/(rfc822|partial|news|delivery-status|disposition-notification
)$+) {

return action_accept();

}

#-------------------------------------------------------------------

# Images with stringent filename checks

#-------------------------------------------------------------------

if (($type eq "image/jpeg" && ($lc_ext eq ".jpg" || $lc_ext eq ".jpeg"))
||

($type eq "image/gif" && $lc_ext eq ".gif") ||

($type eq "image/png" && $lc_ext eq ".png") ||

($type eq "image/tiff" && ($lc_ext eq ".tif" || $lc_ext eq ".tiff"))) {

return action_accept();

}

#-------------------------------------------------------------------

# PDF's are OK if the filename is sane

#-------------------------------------------------------------------

if ($type eq "application/pdf" && $lc_ext eq ".pdf") {

return action_accept();

}

#-------------------------------------------------------------------

# ZIP's are OK. My boss also want xls, doc and ppt

#-------------------------------------------------------------------

if (re_match_ext($entity, '^\.(xls|doc|ppt|zip|gz|tgz|Z)$')){

return action_accept();

}

#-------------------------------------------------------------------

# Don't do double-defanging on things we recognize as safe

#-------------------------------------------------------------------

if ($type eq "application/octet-stream" && $fname =~
/^defang-\d+\.binary$/) {

return action_accept();

}

#-------------------------------------------------------------------

# Drop anything else

#-------------------------------------------------------------------

#return action_drop_with_warning("An attachment named $fname was removed
from this document as it\nis of unknown type and may constitute a
security hazard.\nIf you require this document, please contact\nthe
sender and arrange an alternate means of receiving it.\n");

return action_bounce("The message was deleted because it contains an
unknown\nattachment type and may constitute a security hazard.\n");

}



#***********************************************************************

# %PROCEDURE: defang_warning

# %ARGUMENTS:

# oldfname -- the old file name of an attachment

# fname -- the new "defanged" name

# %RETURNS:

# A warning message

# %DESCRIPTION:

# This function customizes the warning message when an attachment

# is defanged.

#***********************************************************************

sub defang_warning {

my($oldfname, $fname) = @_;

return

"An attachment named '$oldfname' was converted to '$fname'.\n" .

"To recover the file, right-click on the attachment and Save As\n" .

"'$oldfname'\n";

}

# DO NOT delete the next line, or Perl will complain.

1;







More information about the MIMEDefang mailing list