[Mimedefang] Multiple Quarantine reports
Will McCorkle
WMcCorkle at dgsystems.com
Thu Feb 27 11:30:00 EST 2003
Stefano,
It goes to an exchange sever after it leaves my sendmail server. The server
is not set to check internal mail only external. The message seems to be
quarantined on the serve that it is received on. A quarantined message using
ENTIRE_MESSAGE is sent to the admin. Do you have any idea why it keeps
adding the header info from mimedefang to the quarantined file? I did back
one change to the mimedefang.pl so that I can send the quarantined message
to different recipient than the Admin. Here is the change I made. Let me
know if you have any other ideas.
# MIME-Tools requires this?
require 5.001;
package main;
use vars qw($AddWarningsInline
$Action $Administrator $AdminName $AdminAddress
$Changed $DaemonAddress $DaemonName $SpamFolder <- this var was
added.
$DefangCounter $Domain $EntireMessageQuarantined
$MessageID $Rebuild $QuarantineCount
$QuarantineDir $QuarantineSubdir $QueueID $MsgID
$RelayAddr $WasResent $RelayHostname
$RealRelayAddr $RealRelayHostname
$ReplacementEntity $Sender $ServerMode $Subject
$ClamdSock $SophieSock $TrophieSock
$SuspiciousCharsInHeaders
$SuspiciousCharsInBody $Helo
$TerminateAndDiscard $URL $OpenAVHost $VirusName
$CurrentVirusScannerMessage
$VirusScannerMessages $WarningLocation $WasMultiPart
$CWD
$NotifySenderSubject $NotifyAdministratorSubject
$ValidateIPHeader
$QuarantineSubject $SALocalTestsOnly $NotifyNoPreamble
%Actions %Stupidity @FlatParts @Recipients @Warnings %Features
$SyslogFacility $MaxMIMEParts $InMessageContext
%SendmailMacros);
use vars qw($GeneralWarning);
use vars qw($HTMLFoundEndBody $HTMLBoilerplate $SASpamTester);
#***********************************************************************
# %PROCEDURE: send_quarantine_notifications
# %ARGUMENTS:
# None
# %RETURNS:
# Nothing
# %DESCRIPTION:
# Sends quarantine notification message, if anything was quarantined
#***********************************************************************
sub send_quarantine_notifications () {
# If there are quarantined parts, e-mail a report
if ($QuarantineCount > 0 || $EntireMessageQuarantined) {
my($body);
$body = "From: $DaemonName <$DaemonAddress>\n";
# $body .= "To: \"$AdminName\" <$AdminAddress>\n";
$body .= "To: \"$AdminName\" <$SpamFolder>\n";
$body .= "MIME-Version: 1.0\nContent-Type: text/plain\n";
$body .= "Subject: $QuarantineSubject\n\n";
if ($QuarantineCount >= 1) {
$body .= "An e-mail had $QuarantineCount part";
$body .= "s" if ($QuarantineCount != 1);
} else {
$body .= "An e-mail message was";
}
$body .= " quarantined in the directory\n";
$body .= "$QuarantineSubdir on the mail server.\n\n";
$body .= "The sender was '$Sender'.\n\n" if defined($Sender);
$body .= "The relay machine was $RelayHostname ($RelayAddr).\n\n";
if ($EntireMessageQuarantined) {
$body .= "The entire message was quarantined in
$QuarantineSubdir/ENTIRE_MESSAGE\n\n";
}
my($recip);
foreach $recip (@Recipients) {
$body .= "Recipient: $recip\n";
}
if (open(IN, "<$QuarantineSubdir/ENTIRE_MESSAGE")) {
$body .= "\n----------\nHere are the message headers:\n";
while(<IN>) {
$body .= $_;
}
close(IN);
}
my($i);
for ($i=1; $i<=$QuarantineCount; $i++) {
if (open(IN, "<$QuarantineSubdir/PART.$i.ENTIRE_MESSAGE")) {
$body .= "\n----------\nHere are the headers for quarantined
part $i:\n";
while(<IN>) {
$body .= $_;
}
close(IN);
}
}
if ($#Warnings >= 0) {
$body .= "\n----------\nHere are the warning details:\n\n";
$body .= "@Warnings";
}
send_mail($DaemonAddress, $DaemonName, $SpamFolder, $body);
/SpamFolder
$body .= "Subject: $NotifySenderSubject\n\n";
unless($NotifyNoPreamble) {
$body .= "An e-mail you sent with message-id $MessageID\n";
$body .= "was modified by our mail scanning software.\n\n";
$body .= "The recipients were:";
my($recip);
foreach $recip (@Recipients) {
$body .= " $recip";
}
$body .= "\n\n";
}
if (open(FILE, "<NOTIFICATION")) {
unless($NotifyNoPreamble) {
$body .= "Here are the details of the modification:\n\n";
}
while(<FILE>) {
$body .= $_;
}
close(FILE);
}
send_mail($DaemonAddress, $DaemonName, $Sender, $body);
}
# Send notification to administrator, if required
if (-r "ADMIN_NOTIFICATION") {
my($body);
$body = "From: $DaemonName <$DaemonAddress>\n";
# $body .= "To: \"$AdminName\" <$AdminAddress>\n";
$body .= "To: \"$AdminName\" <$SpamFolder>\n";
$body .= "MIME-Version: 1.0\nContent-Type: text/plain\n";
$body .= "Subject: $NotifyAdministratorSubject\n\n";
if (open(FILE, "<ADMIN_NOTIFICATION")) {
while(<FILE>) {
$body .= $_;
}
close(FILE);
}
send_mail($DaemonAddress, $DaemonName, $SpamFolder, $body);
Will
-----Original Message-----
From: Stefano McGhee [mailto:SMcGhee at arcweb.com]
Sent: Thursday, February 27, 2003 9:58 AM
To: mimedefang at lists.roaringpenguin.com
Subject: RE: [Mimedefang] Multiple Quarantine reports
Hello Wil,
Do you have some kind of bypass in place to skip filtering of local
mail? Is the notification leaving the box it's being generated on (to go
to another Sendmail, Exchange, or Notes server)? I only think that might
be happening because of the number of times the header is being added. I
would imagine it gets added again and again until the size of the message
goes over the max size specified in the filter for SA to look at 100 - 250k
depending on what as set.
Cheers,
Stefano
> No, I do not have Stream_by_receipent or domain in the
> mimedefang-filter. It
> seems to process the email again and again until it has
> decided that it is
> done.
> I have a few files that have multiple quarantine report
> headers in the same
> file that is considered spam. It is causing a lot of
> notification emails to
> go out. Can some one possible explain why I have so many of
> these in one
> quarantined file. I have 15 of these in one file.
>
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list