[Mimedefang] Blocking messages spoofed with my own e-mailladdress
Brent J. Nordquist
b-nordquist at bethel.edu
Tue Nov 18 14:22:29 EST 2003
On Tue, 18 Nov 2003, Lucas Albers <admin at cs.montana.edu> wrote:
> In related news has anyonce configured it to notify the administrator if
> a virus is received from a a local source?
Lucas asked me to post my code, so here it is. It's ugly; I like the way
Lucas used a function to define "local" better than my use of variables.
I tried to trim it to just the relevant parts -- you should be able to
find the right spots in mimedefang-filter from the context. Note how the
comparisons are reversed for spam vs. virus notification.
=== cut here === cut here === cut here === cut here ===
$LocalNetPrefix = '(nnn\.nn|10)\.'; # local network IP address prefixes
$LocalNetExcept = 'nnn\.nn\.(nn\.30|nn\.33)\b'; # relays (treat as non-local)
# ...
sub filter ($$$$) {
# ...
# Virus scan
if ($FoundVirus) {
my($code, $category, $action);
$VirusScannerMessages = "";
($code, $category, $action) = entity_contains_virus($entity);
# If you are more paranoid, change to: if ($action eq "quarantine") {
if ($category eq "virus") {
md_graphdefang_log('virus', $VirusName, $RelayAddr);
# Bounce the mail! Notify the administrator if machine is local.
action_bounce("Virus $VirusName found in mail - rejected");
action_notify_administrator("A known virus ($VirusName) was discovered and deleted.\nThe relaying machine was $RelayAddr - virus messages follow:\n$VirusScannerMessages\n\n") if ($RelayAddr =~ /^$LocalNetPrefix/ && $RelayAddr !~ /^$LocalNetExcept/);
return;
}
# ...
}
# ...
# Spam checks if SpamAssassin is installed
if ($Features{"SpamAssassin"}) {
if (-s "./INPUTMSG" < 100*1024 && ($RelayAddr !~ /^$LocalNetPrefix/ || $RelayAddr =~ /^$LocalNetExcept/)) {
# Only scan messages smaller than 100kB. Larger messages
# are extremely unlikely to be spam, and SpamAssassin is
# dreadfully slow on very large messages.
# Only run SA check on email from outside nets and relays.
my($hits, $req, $names, $report) = spam_assassin_check();
# ...
}
# ...
}
}
# ...
sub filter_end ($) {
my($entity) = @_;
# Send quarantine reports
send_quarantine_notifications() if ($RelayAddr =~ /^$LocalNetPrefix/ && $RelayAddr !~ /^$LocalNetExcept/);
# ...
}
=== cut here === cut here === cut here === cut here ===
--
Brent J. Nordquist <b-nordquist at bethel.edu> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti
More information about the MIMEDefang
mailing list