[Mimedefang] Quarantine management - anyone else working on
Troy Carpenter
troy at carpenter.cx
Thu Apr 1 11:36:59 EST 2004
Paul,
I have a stop-gap system that I have been using, so if you want to
develop a full blown system, that would be great. What I am about to
describe probably has security holes, but that is not a problem for me,
and I'm sure if someone wants to use this method and it's a problem,
they will fix it. The standard "it works for me" disclaimers apply.
Quick overview of what I do:
1. I have the quarantine directories linked into my webspace so I can
see the directories using a web browser. My webserver is configured to
allow directory listings.
2. Crontab entry for directory permissions (otherwise #1 doesn't work!)
3. In the top MD-Quarantine directory, I put a file called "README.html"
with a simple table form to call a cgi-script which will delete all
directories (a recent addition because I got tired of deleting
directories one at a time).
4. When something is to be quarantined, I have mimedefang drop a
HEADER.html and a README.html file in the directory (Details below).
5. I have a cgi script and a "helper" script that actually do the
deleting and/or remailing.
---
Details:
1. I will leave it up to you to figure out how to configure the
webserver and directories.
2. Of course, I need a crontab entry to change permissions:
# Change permissions
* * * * * chmod -R 755
/var/spool/MD-Quarantine/
3. Here's the README.html file for the MD-Quarantine directory:
<form name="input" action="/cgi-bin/quarantine.cgi"
method="get">
<table border="1" align="center">
<tr>
<td><input type="submit" name="action" value="Delete All
Directories"></td>
</tr>
<input type="hidden" name="qdir"
value="'/var/spool/MD-Quarantine/qdir-*'">
</table>
4. I have a routine in my mimedefang-filter:
#***********************************************************************
# %Procedure: write_qfiles()
# %Prerequiste: creation of quarantine directory
# %ARGUMENTS:
#
# %RETURNS:
#
#
# %DESCRIPTION:
# Writes README.html and HEADER.html files for quarantine directories
#***********************************************************************
sub write_qfiles()
{
my $newsender = escapeHTML($Sender);
my $newrec = escapeHTML($Recipients[0]);
if (open(OUT,">$QuarantineSubdir/HEADER.html")) {
print OUT "<H2>Quarantined Message: $Subject</H2>\n";
print OUT "<H3>To: $newrec<br>\n";
print OUT "From: $newsender<br>\n";
print OUT "Relay info: $RelayHostname ($RelayAddr),
helo=$Helo</H3><br>\n";
close OUT;
}
if (open(OUT,">$QuarantineSubdir/README.html")) {
print OUT << "BLOCK";
<form name="input" action="/cgi-bin/quarantine.cgi"
method="get">
<table border="1" align="center">
<tr>
<td><input type="submit" name="action" value="Send to
original recipient"></td>
<td><input type="submit" name="action" value="Send to
address below"></td>
<td><input type="submit" name="action" value="Delete This
Directory"></td>
</tr>
<TR>
<TD><input type="hidden" name="qdir"
value="$QuarantineSubdir"> </TD>
<td><input type="text" name="newuser" size="30"></td>
<TD> </TD>
</tr>
</table>
<br>
<br>
BLOCK
print OUT "<pre>$report</pre>";
close OUT;
}
}
------
To quarantine, I do the following (This is a SPAM example):
# Quarantine messages above the $qspam theshold
action_quarantine_entire_message();
get_quarantine_dir();
write_qfiles();
action_notify_administrator("Message\n$Subject\nfrom $Sender to
$Recipients[0] quarantined because SPAM score exceeded threshold.\n\nSee
http://www.carpenter.cx$QuarantineSubdir/\n\nCopy sent to
spam\@carpenter.cx\n\nspamassassin report:\n$report\n");
-------
So when this is done, the messages has been quarantined with the
HEADER.html and README.html files, and a message was sent to the
administrator with a link to the Quarantine directory.
5. The quarantine.cgi script:
----
#!/usr/bin/perl -w
use CGI qw(:standard);
my $action = '';
my $sendto = '';
my $qdir = '';
my $cmd= '/usr/sbin/sendmail ';
$action = param('action');
$sendto = param('newuser');
$qdir = param('qdir');
if ($action =~ /original/i) {
$msg = "Message sent to original recipient";
$cmd = $cmd . "-t < $qdir/ENTIRE_MESSAGE";
}
elsif ($action =~ /address/i) {
$msg = "Sent message to new address";
if ($sendto eq "") {
$msg = $msg . ", but no new address given.";
}
else {
$msg = $msg . ": $sendto";
$cmd = $cmd . "$sendto < $qdir/ENTIRE_MESSAGE";
}
}
else {
$msg = "Quarantine directory deleted.";
$cmd = "sudo /usr/local/bin/qdirhelper $qdir";
}
system $cmd;
print header(); # print out correct content header
print <<"EOF"
<html>
<head>
<title>Quarantine Action: $action</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<h2>$msg</h2><br>
Executed command was:</br>$cmd<br>
<input type="button" value="Close Window"
onclick="window.close()">
<a href=/var/spool/MD-Quarantine/>
<a href=/var/spool/MD-Quarantine/>Back to quarantine directory</a>
</body>
</html>
EOF
-------
The qdirhelper script:
rm -r -f $1
The qdirhelper script needs to be listed in sudoers:
apache ALL= NOPASSWD:/usr/local/bin/qdirhelper
------------------------
I think that does it.
Let me know if there are any questions. Be aware that I use the digest
feature of this list, so I might not answer right away.
Troy Carpenter
troy at carpenter.cx
-----Original Message-----
Date: Thu, 1 Apr 2004 11:31:59 +0100
From: "Paul Murphy" <pmurphy at ionixpharma.com>
Subject: [Mimedefang] Quarantine management - anyone else working on
this?
To: <mimedefang at lists.roaringpenguin.com>
Message-ID:
<B078C3A33484CB4CAE40CE379FBAE90FBAED39 at exchange1.local.ionix.com>
Content-Type: text/plain; charset="us-ascii"
Hi,
I've been working on a CGI program to assist with managing the
quarantine folders, which is now working but nowhere near ready for
public inspection.
The system consists of two Perl CGI scripts - one to display the message
details for all quarantined messages (and to approve/delete them) and
the other to inspect the quarantined message, and a cron job to sort out
the permissions on the qdirs so that the CGI scripts can read the files.
Before I invest too much time in this, is there anything else out there
to assist with this task?
Best Wishes,
Paul.
__________________________________________________
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA
Tel. 01223 433741
Fax. 01223 433788
More information about the MIMEDefang
mailing list