[Mimedefang] To stop spam checking of Internal mail
Mathew Thomas
mathew.thomas at rmit.edu.au
Sun Jul 27 21:02:01 EDT 2003
Hi Troy,
You can put the script anywhere in the /etc/mail/mimedefang-filter file. After making the changes, don't forget to restart the process. For the second script, ( sub filter_relay ($$$) ) to work ( no checking at all of internal mail) , make sure that MX_RELAY_CHECK=yes in the /etc/init.d/mimedefang file.
Run mimedefang.pl -test to test the syntax.
The fist script ( will not check Spam), you need to add
If (relayIsTrusted($RelayAddr) {
if ($Features{"SapmAssassin"}) {
rest of SpamAssassin stuff
}
Hope this will helpful.
Mathew
>>> troy at lebouef.com 25/07/03 10:48:16 >>>
How do you get this subroutine to run in mimedefang.filter ? Where do
you insert it ? Or how do you get it to call it ?
-----Original Message-----
From: Mathew Thomas [mailto:mathew.thomas at rmit.edu.au]
Sent: Friday, July 18, 2003 12:34 AM
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] To stop spam checking of Internal mail
Thank you all for the script and it is working fine. This script will
not do any filtering if the mail is from trusted domain. I have also
looked at similar script which uses same method to check IP and if the
IP is from the trusted network, it will not do SpamAssassin check.
use Socket;
sub relayIsTrusted($) {
my ($address) = @_;
my %trustedSubnets = (
'127.0.0.1' => '255.255.255.255',
'204.182.112.64' => '255.255.255.224',
'64.38.151.160' => '255.255.255.224'
);
my $trustedRelay = 0;
my $addr = inet_aton $address;
while (my ($networkString, $netmaskString) = each %trustedSubnets) {
my $network = inet_aton $networkString;
my $netmask = inet_aton $netmaskString;
if (($addr & $netmask) eq $network) { $trustedRelay = 1; last; }
}
return $trustedRelay;
}
Mathew
RMIT University
Australia
>>> qralston+ml.mimedefang at andrew.cmu.edu 17/07/03 8:14:53 >>>
On 2003-07-15 at 22:32:27-0400 "Kevin A. McGrail"
<kmcgrail at peregrinehw.com> wrote:
> if ($hostip eq '127.0.0.1' or $hostip =~ /^10\.10\.10\./) {
No offense intended, but regex-matching against the textual
representation of the IP address is an ugly hack. ;)
It's better to do something like this:
use Socket;
sub filter_relay ($$$) {
my ($hostip, $hostname, $helo) = @_;
my $addr = '';
my $network_string = '';
my $mask_string = '';
# List networks that should be exempt from all filtering by
# putting their network/mask pairs into the exempt_subnets
# associative array. (Follow the example for the loopback.)
my %exempt_subnets = (
'127.0.0.0', '255.0.0.0', # loopback
);
# If the address of the connecting client falls within one of
# the subnets defined by %exempt_subnets, then bypass all
# further filtering.
$addr = inet_aton $hostip;
while (($network_string, $mask_string) = each %exempt_subnets) {
my $network = inet_aton $network_string;
my $mask = inet_aton $mask_string;
if (($addr & $mask) eq $network) {
return ('ACCEPT_AND_NO_MORE_FILTERING', 'ok');
}
}
# The client isn't in an exempt subnet; filtering should
# continue.
return ('CONTINUE', 'ok');
}
This method also works if your netblock falls on a non-class boundary,
which is a condition very difficult to match with regexes. (It's
probably faster than using regexes as well, but I haven't tested
that.)
--
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
_______________________________________________
MIMEDefang mailing list
MIMEDefang at lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list