[Mimedefang] 451 4.7.1 Please try again later

Barry Byrne barry.byrne at wbtsystems.com
Thu Feb 14 10:38:56 EST 2002 

Marco:

I had a similar problem. Check the calls to the virus checker in
/etc/mail/mimedefang-filter.

You need to modify the two calls as follows:


	WAS:		$VirusFound = message_contains_virus();
	SHOULD BE:	$VirusFound = message_contains_virus_{your virus checker}();

and
    	WAS:		if ($VirusFound && entity_contains_virus($entity)) {
	SHOULD BE:	if ($VirusFound && entity_contains_virus_{your
virus_checker}($entity)) {

replace as appropriate for whatever virus scanner you use.

 - Barry

--
Barry Byrne, IT Manager,
WBT Systems, Block 2, Harcourt Centre
Harcourt Street, Dublin 2, Ireland


> -----Original Message-----
> From: mimedefang-admin at lists.roaringpenguin.com
> [mailto:mimedefang-admin at lists.roaringpenguin.com]On Behalf Of Marco
> Berizzi
> Sent: 14 February 2002 15:18
> To: mimedefang at lists.roaringpenguin.com
> Subject: [Mimedefang] 451 4.7.1 Please try again later
>
>
> I have just installed MIMEDefang 2.3 + Sendmail 8.12.2 on my Slackware
> Linux box.
> I'm testing it with no success. (MIMEDefang 2.2 with the same filter is
> working)
> I always get error "451 4.7.1 please try again later".
> This is part of my /var/log/messages
> sendmail[68]: starting daemon (8.12.2): SMTP+queueing at 00:15:00
>
> Feb 14 13:21:40 iris sendmail[79]: g1ECLdxB000079:
> from=<pupilla at libero.it>, size=449, class=0, nrcpts=1,
> msgid=<023701c1b552$270131e0$334252d5 at aive.it>, proto=SMTP, daemon=MTA,
> relay=[213.82.66.51]
>
> Feb 14 13:21:44 iris sendmail[79]: g1ECLdxB000079: Milter: data,
> reject=451 4.7.1 Please try again later
>
> Feb 14 13:21:44 iris sendmail[79]: g1ECLdxB000079: to=<marco at aive.it>,
> delay=00:00:04, pri=30431, stat=Please try again later
>
> Feb 14 13:21:54 iris sendmail[83]: g1ECLsxB000083:
> from=<pupilla at libero.it>, size=449, class=0, nrcpts=1,
> msgid=<023e01c1b552$2f580d50$334252d5 at aive.it>, proto=SMTP, daemon=MTA,
> relay=[213.82.66.51]
>
> Feb 14 13:21:56 iris sendmail[83]: g1ECLsxB000083: Milter: data,
> reject=451 4.7.1 Please try again later
>
> Feb 14 13:21:56 iris sendmail[83]: g1ECLsxB000083: to=<marco at aive.it>,
> delay=00:00:02, pri=30431, stat=Please try again later
>
> Feb 14 13:31:08 iris sendmail[87]: g1ECV5xB000087:
> from=<pupilla at libero.it>, size=449, class=0, nrcpts=1,
> msgid=<024601c1b553$78d8c630$334252d5 at aive.it>, proto=SMTP, daemon=MTA,
> relay=[213.82.66.51]
>
> Feb 14 13:31:09 iris sendmail[87]: g1ECV5xB000087: Milter: data,
> reject=451 4.7.1 Please try again later
>
> Feb 14 13:31:09 iris sendmail[87]: g1ECV5xB000087: to=<marco at aive.it>,
> delay=00:00:02, pri=30431, stat=Please try again later
>
> and this is /etc/mail/mimedefang-filter:
>
> # -*- Perl -*-
>
> #***********************************************************************
>
> #
>
> # mimedefang-filter
>
> #
>
> # Sample implementation of "filter" function for MIMEDefang.
>
> # Your filter *must* be correct Perl code, *must* return "1" when
>
> # sourced; and *must* be placed in /etc/mail/mimedefang-filter.
>
> #
>
> # This filter is "low risk" because it is very restrictive about what
>
> # it allows through. Note that it DOES allow HTML attachments through,
>
> # which may be a problem for your e-mail client.
>
> #
>
> # Copyright (C) 2000 Roaring Penguin Software Inc.
>
> #
>
> # This program may be distributed under the terms of the GNU General
>
> # Public License, Version 2, or (at your option) any later version.
>
> #
>
> # $Id: low-risk-filter,v 1.15 2001/10/04 15:27:58 dfs Exp $
>
> #***********************************************************************
>
> #***********************************************************************
>
> # Set administrator's name here. The administrator receives
>
> # quarantine messages and is listed as the contact for site-wide
>
> # MIMEDefang policy. A good example would be 'defang-admin at mydomain.com'
>
> #***********************************************************************
>
> $Administrator = 'postmaster at aive.it';
>
> #***********************************************************************
>
> # Set the e-mail address from which MIMEDefang quarantine warnings and
>
> # user notifications appear to come. A good example would be
>
> # 'mimedefang at mydomain.com'. Make sure to have an alias for this
>
> # address if you want replies to it to work.
>
> #***********************************************************************
>
> $DaemonAddress = 'mailer-daemon at aive.it';
>
> #***********************************************************************
>
> # Set various stupid things your mail client does below.
>
> #***********************************************************************
>
> # Set the next one if your mail client cannot handle nested multipart
>
> # messages
>
> $Stupidity{"flatten"} = 0;
>
> # Set the next one if your mail client cannot handle multiple "inline"
>
> # parts (*cough* Exchange *cough* Outlook)
>
> $Stupidity{"NoMultipleInlines"} = 1;
>
> #***********************************************************************
>
> # %PROCEDURE: filter_begin
>
> # %ARGUMENTS:
>
> # None
>
> # %RETURNS:
>
> # Nothing
>
> # %DESCRIPTION:
>
> # Called just before e-mail parts are processed
>
> #***********************************************************************
>
> sub filter_begin {
>
> # If you have a recognized anti-virus scanner, use this
>
> $VirusFound = message_contains_virus();
>
> # Example: Only allow mailing to "all at mycorp.com" from our mail server
>
> $OurMailServer = 192.168.7.4;
>
> if ($RelayAddr ne $OurMailServer) {
>
> foreach $recip (@Recipients) {
>
> if ($recip eq 'all at mycorp.com') {
>
> action_bounce('Outsiders may not mail to all at mycorp.com');
>
> last;
>
> }
>
> }
>
> }
>
> }
>
> #***********************************************************************
>
> # %PROCEDURE: filter
>
> # %ARGUMENTS:
>
> # entity -- a Mime::Entity object (see MIME-tools documentation for
> details)
>
> # fname -- the suggested filename, taken from the MIME
> Content-Disposition:
>
> # header. If no filename was suggested, then fname is ""
>
> # ext -- the file extension (everything from the last period in the name
>
> # to the end of the name, including the period.)
>
> # type -- the MIME type, taken from the Content-Type: header.
>
> #
>
> # NOTE: There are two likely and one unlikely place for a filename to
>
> # appear in a MIME message: In Content-Disposition: filename, in
>
> # Content-Type: name, and in Content-Description. If you are paranoid,
>
> # you will use the re_match and re_match_ext functions, which return
> true
>
> # if ANY of these possibilities match. re_match checks the whole name;
>
> # re_match_ext checks the extension. See the sample filter below for
> usage.
>
> # %RETURNS:
>
> # Nothing
>
> # %DESCRIPTION:
>
> # This function is called once for each part of a MIME message.
>
> # It decides the fate of the part by calling one of:
>
> #
>
> # action_accept() -- Accept the attachment as-is.
>
> #
>
> # acction_accept_with_warning($msg) -- Accept the attachment, but add
>
> # a warning message "$msg".
>
> #
>
> # action_drop() -- Silently drop the attachment. NOT
>
> # RECOMMENDED.
>
> #
>
> # action_drop_with_warning($msg) -- Add a warning message "$msg" and
>
> # drop the attachment.
>
> #
>
> # action_defang($entity, $name, $fname, $type) -- Allow the attachment
>
> # through, but change the name to "$name", filename to "$fname" and MIME
>
> # type to "$type". If "$name" or "$fname" are set to "", they are
>
> # generated. Use this to "de-fang" dangerous attachements so the data
>
> # gets through, but is not susceptible to simple social engineering
>
> # attacks.
>
> #
>
> # action_external_filter($entity, $cmd) -- Run an external filter
> "$cmd".
>
> # This program must read from the file "./FILTERINPUT" and leave
>
> # the result in "./FILTEROUTPUT".
>
> #
>
> # action_quarantine($entity, $msg) -- Similar to
> action_drop_with_warning.
>
> # However, it copies the attachment to a file in /var/spool/MIMEDefang
>
> # and e-mails the details of the attachment and the name of the
>
> # quarantined file to the MIMEDefang administrator.
>
> #
>
> # action_bounce($reply) -- Bounce the entire message with one-line reply
>
> # $reply. This means that the sender gets an error and the intended
>
> # recipients never see the mail. You can profitably use
>
> # action_quarantine before a call to action_bounce.
>
> #
>
> # action_discard() -- Silently discard the entire message. This means
>
> # that the intended recipients never see the mail and the sender
>
> # *does not* get an error message back. You can profitably use
>
> # action_quarantine before a call to action_discard.
>
> #***********************************************************************
>
> sub filter {
>
> my($entity, $fname, $ext, $type) = @_;
>
> # For convenience, compute lower-case versions of filename and extension
>
> my($lc_fname) = $fname;
>
> my($lc_ext) = $ext;
>
> $lc_fname =~ tr/A-Z/a-z/;
>
> $lc_ext =~ tr/A-Z/a-z/;
>
> ####################################################################
>
> # #
>
> # Filter rules follow #
>
> # #
>
> ####################################################################
>
> #-------------------------------------------------------------------
>
> # Quarantine viruses
>
> #-------------------------------------------------------------------
>
> if ($VirusFound && entity_contains_virus($entity)) {
>
> # Notify the sender if you desire
>
> action_notify_sender("The attachment '$fname' was deleted. It
> contains\n".
>
> "a known virus.\nHere is the output from the virus
> scanner:\n$VirusScannerMessages");
>
> return action_quarantine($entity, "The attachment $fname contains a
> known virus. It has been quarantined.\nHere is the output from the virus
> scanner:\n$VirusScannerMessages");
>
> }
>
> #-------------------------------------------------------------------
>
> # Quarantine: .exe .com .bat .vbs .shs .dll .vxd
>
> # .pif .scr .reg .ocx .lnk .js .ini .mdb
>
> # .wpd .wk4 .eml
>
> #-------------------------------------------------------------------
>
> if (re_match_ext($entity,
> '^\.(exe|com|bat|vbs|scr|shs|dll|vxd|pif|reg|ocx|lnk|js|ini|mdb|wpd|wk4|
> eml)$')){
>
> # Notify the sender if you desire
>
> #action_notify_sender("The attachment '$fname' was deleted. We do
> not\n".
>
> # "accept attachments of type '$ext'.\n");
>
> action_notify_sender("The message was deleted. We do not accept\n".
>
> "message with attachments of type '$ext'.\n");
>
> # Discard the message
>
> return action_discard();
>
> # Quarantine the attachment.
>
> #return action_quarantine($entity, "An attachment named $fname was
> removed from this document as it\nconstituted a security hazard. If you
> require this document, please contact\nthe sender and arrange an
> alternate means of receiving it.\n");
>
> }
>
> #-------------------------------------------------------------------
>
> # Accept any kind of textual attachment
>
> #-------------------------------------------------------------------
>
> if ($type =~ m+^text/+) {
>
> return action_accept();
>
> }
>
> # This type is generated by some buggy mail clients.
>
> if ($type eq "text") {
>
> return action_accept();
>
> }
>
> #-------------------------------------------------------------------
>
> # Messages (generated by mail transfer agents)
>
> #-------------------------------------------------------------------
>
> if ($type =~
> m+^message/(rfc822|partial|news|delivery-status|disposition-notification
> )$+) {
>
> return action_accept();
>
> }
>
> #-------------------------------------------------------------------
>
> # Images with stringent filename checks
>
> #-------------------------------------------------------------------
>
> if (($type eq "image/jpeg" && ($lc_ext eq ".jpg" || $lc_ext eq ".jpeg"))
> ||
>
> ($type eq "image/gif" && $lc_ext eq ".gif") ||
>
> ($type eq "image/png" && $lc_ext eq ".png") ||
>
> ($type eq "image/tiff" && ($lc_ext eq ".tif" || $lc_ext eq ".tiff"))) {
>
> return action_accept();
>
> }
>
> #-------------------------------------------------------------------
>
> # PDF's are OK if the filename is sane
>
> #-------------------------------------------------------------------
>
> if ($type eq "application/pdf" && $lc_ext eq ".pdf") {
>
> return action_accept();
>
> }
>
> #-------------------------------------------------------------------
>
> # ZIP's are OK. My boss also want xls, doc and ppt
>
> #-------------------------------------------------------------------
>
> if (re_match_ext($entity, '^\.(xls|doc|ppt|zip|gz|tgz|Z)$')){
>
> return action_accept();
>
> }
>
> #-------------------------------------------------------------------
>
> # Don't do double-defanging on things we recognize as safe
>
> #-------------------------------------------------------------------
>
> if ($type eq "application/octet-stream" && $fname =~
> /^defang-\d+\.binary$/) {
>
> return action_accept();
>
> }
>
> #-------------------------------------------------------------------
>
> # Drop anything else
>
> #-------------------------------------------------------------------
>
> #return action_drop_with_warning("An attachment named $fname was removed
> from this document as it\nis of unknown type and may constitute a
> security hazard.\nIf you require this document, please contact\nthe
> sender and arrange an alternate means of receiving it.\n");
>
> return action_bounce("The message was deleted because it contains an
> unknown\nattachment type and may constitute a security hazard.\n");
>
> }
>
>
>
> #***********************************************************************
>
> # %PROCEDURE: defang_warning
>
> # %ARGUMENTS:
>
> # oldfname -- the old file name of an attachment
>
> # fname -- the new "defanged" name
>
> # %RETURNS:
>
> # A warning message
>
> # %DESCRIPTION:
>
> # This function customizes the warning message when an attachment
>
> # is defanged.
>
> #***********************************************************************
>
> sub defang_warning {
>
> my($oldfname, $fname) = @_;
>
> return
>
> "An attachment named '$oldfname' was converted to '$fname'.\n" .
>
> "To recover the file, right-click on the attachment and Save As\n" .
>
> "'$oldfname'\n";
>
> }
>
> # DO NOT delete the next line, or Perl will complain.
>
> 1;
>
>
>
>
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>

More information about the MIMEDefang mailing list