[Mimedefang] Blocking messages spoofed with my own e-mailladdress

Brent J. Nordquist b-nordquist at bethel.edu
Tue Nov 18 14:22:29 EST 2003 

On Tue, 18 Nov 2003, Lucas Albers <admin at cs.montana.edu> wrote:

> In related news has anyonce configured it to notify the administrator if
> a virus is received from a a local source?

Lucas asked me to post my code, so here it is.  It's ugly; I like the way
Lucas used a function to define "local" better than my use of variables.  
I tried to trim it to just the relevant parts -- you should be able to
find the right spots in mimedefang-filter from the context.  Note how the
comparisons are reversed for spam vs. virus notification.

=== cut here === cut here === cut here === cut here ===

$LocalNetPrefix = '(nnn\.nn|10)\.';  # local network IP address prefixes
$LocalNetExcept = 'nnn\.nn\.(nn\.30|nn\.33)\b';  # relays (treat as non-local)

# ...

sub filter ($$$$) {
    # ...

    # Virus scan
    if ($FoundVirus) {
	my($code, $category, $action);
	$VirusScannerMessages = "";
	($code, $category, $action) = entity_contains_virus($entity);
	# If you are more paranoid, change to: if ($action eq "quarantine") {
	if ($category eq "virus") {
            md_graphdefang_log('virus', $VirusName, $RelayAddr);

	    # Bounce the mail!  Notify the administrator if machine is local.
	    action_bounce("Virus $VirusName found in mail - rejected");
	    action_notify_administrator("A known virus ($VirusName) was discovered and deleted.\nThe relaying machine was $RelayAddr - virus messages follow:\n$VirusScannerMessages\n\n") if ($RelayAddr =~ /^$LocalNetPrefix/ && $RelayAddr !~ /^$LocalNetExcept/);
	    return;
	}
        # ...
    }

    # ...

    # Spam checks if SpamAssassin is installed
    if ($Features{"SpamAssassin"}) {
	if (-s "./INPUTMSG" < 100*1024 && ($RelayAddr !~ /^$LocalNetPrefix/ || $RelayAddr =~ /^$LocalNetExcept/)) {
	    # Only scan messages smaller than 100kB.  Larger messages
	    # are extremely unlikely to be spam, and SpamAssassin is
	    # dreadfully slow on very large messages.
	    # Only run SA check on email from outside nets and relays.
	    my($hits, $req, $names, $report) = spam_assassin_check();
            # ...
	}
	# ...
    }
}

# ...

sub filter_end ($) {
    my($entity) = @_;

    # Send quarantine reports
    send_quarantine_notifications() if ($RelayAddr =~ /^$LocalNetPrefix/ && $RelayAddr !~ /^$LocalNetExcept/);

    # ...
}

=== cut here === cut here === cut here === cut here ===

-- 
Brent J. Nordquist <b-nordquist at bethel.edu> N0BJN
Other contact information: http://kepler.acns.bethel.edu/~bjn/contact.html
* Fast pipe * Always on * Get out of the way - Tim Bray http://tinyurl.com/7sti

More information about the MIMEDefang mailing list