[Mimedefang] filter_relay, HELO checks, and minimal filter
Martin J. Dellwo
dellwo at 3dp.com
Thu Aug 14 13:56:02 EDT 2003
I am attempting to implement some of the HELO checks suggested for
filter_relay and have some questions.
First, I had no difficulty creating filter_relay in mimedefang-filter,
but then how do I invoke it?:) I intend to go trolling in the man
pages, so maybe that will tell me the answer...
Second, I note that 2% of the messages incoming to our server in the
last week, out of about 21,000 messages, have HELO statements saying
HELO 66.250.41.20. This 'all-numeric' HELO is using the address
assigned as static NAT by our firewall!! Only another 0.6% HELO lines
use numeric-only HELOs, so I intend to block all IP-address-only HELOs.
Is this something I could be dealing with more easily using and
access.db? If so, how? I've been wondering how to block incoming mail
to things like 'adm', 'bin', 'man' and other standard unix account
names, that don't originate within our domain. What is the proper way
to do this using access.db? Are there particular IDs such as 'root' or
'postmaster' I need to leave alone?
Third, currently I am accepting email on one server and forwarding it in
to a spam-filtering server on the inside, that then forwards to an
internal Exchange server. Originally I tried running mimedefang/SA
directly on the gateway mail server, but it quickly got hosed (a few
versions back, and it is an SGI). Now, in order to do these HELO checks
properly, I need to run it again on the gateway. My idea was to use a
very minimal filter with the SA lines commented out, in hopes that this
will reduce the load and the machine won't get hosed. Any comments on
this idea? The idea is some mail will get rejected at the gateway, and
the rest will get checked again and SA-checked on the filtering host.
Lastly, on a slightly different topic, I see that many of the quarantine
actions have messages such as "An attachment named $fname was
removed...." Not being a perl expert, what would I do to throw quotes
around $fname to distinguish it in the output? Just "An attachment
named \"$fname\" was removed..." ? Or perhaps $fname should be replaced
by \n\n$fname\n\n to set it apart. The problem is that many $fname have
long weird names with spaces and it is hard for the user to
distinguish the filename from the rest of the warning message. I'd
probably lke to through quotes around $type in the message with "An
attachment of type $type, named $fname..." as well. Perhaps this could
be added to the default suggested filter in the next release.
--
Martin J. Dellwo (610) 458-5264 x6512 dellwo at 3dp.com
Systems Administrator, 3-Dimensional Pharmaceuticals, Inc.
http://www.3dp.com/
More information about the MIMEDefang
mailing list