[Mimedefang] Quarantine management - anyone else working on

Troy Carpenter troy at carpenter.cx
Thu Apr 1 11:36:59 EST 2004 

Paul,

I have a stop-gap system that I have been using, so if you want to
develop a full blown system, that would be great.  What I am about to
describe probably has security holes, but that is not a problem for me,
and I'm sure if someone wants to use this method and it's a problem,
they will fix it.  The standard "it works for me" disclaimers apply.

Quick overview of what I do:
1. I have the quarantine directories linked into my webspace so I can
see the directories using a web browser.  My webserver is configured to
allow directory listings.
2. Crontab entry for directory permissions (otherwise #1 doesn't work!)
3. In the top MD-Quarantine directory, I put a file called "README.html"
with a simple table form to call a cgi-script which will delete all
directories (a recent addition because I got tired of deleting
directories one at a time).
4. When something is to be quarantined, I have mimedefang drop a
HEADER.html and a README.html file in the directory (Details below).
5. I have a cgi script and a "helper" script that actually do the
deleting and/or remailing.
---

Details:
1. I will leave it up to you to figure out how to configure the
webserver and directories.

2. Of course, I need a crontab entry to change permissions:
# Change permissions
*       *       *       *       *       chmod -R 755
/var/spool/MD-Quarantine/

3. Here's the README.html file for the MD-Quarantine directory:
        <form name="input" action="/cgi-bin/quarantine.cgi"
         method="get">
        <table border="1" align="center">
          <tr>
            <td><input type="submit" name="action" value="Delete All
Directories"></td>
          </tr>
            <input type="hidden" name="qdir"
value="'/var/spool/MD-Quarantine/qdir-*'">
        </table>

4. I have a routine in my mimedefang-filter:
#***********************************************************************
# %Procedure: write_qfiles()
# %Prerequiste: creation of quarantine directory
# %ARGUMENTS:
#
# %RETURNS:
#
#
# %DESCRIPTION:
#  Writes README.html and HEADER.html files for quarantine directories
#***********************************************************************

sub write_qfiles()
{
    my $newsender = escapeHTML($Sender);
    my $newrec = escapeHTML($Recipients[0]);

    if (open(OUT,">$QuarantineSubdir/HEADER.html")) {
        print OUT "<H2>Quarantined Message: $Subject</H2>\n";
        print OUT "<H3>To: $newrec<br>\n";
        print OUT "From: $newsender<br>\n";
        print OUT "Relay info: $RelayHostname ($RelayAddr),
helo=$Helo</H3><br>\n";
        close OUT;
    }

    if (open(OUT,">$QuarantineSubdir/README.html")) {
        print OUT << "BLOCK";

        <form name="input" action="/cgi-bin/quarantine.cgi"
         method="get">
        <table border="1" align="center">
          <tr>
            <td><input type="submit" name="action" value="Send to
original recipient"></td>
            <td><input type="submit" name="action" value="Send to
address below"></td>
            <td><input type="submit" name="action" value="Delete This
Directory"></td>
          </tr>
          <TR>
            <TD><input type="hidden" name="qdir"
value="$QuarantineSubdir">&nbsp</TD>
            <td><input type="text" name="newuser" size="30"></td>
            <TD>&nbsp</TD>
          </tr>
        </table>
        <br>
        <br>
BLOCK

        print OUT "<pre>$report</pre>";
        close OUT;
    }
}
------
To quarantine, I do the following (This is a SPAM example):
    # Quarantine messages above the $qspam theshold
      action_quarantine_entire_message();
      get_quarantine_dir();
      write_qfiles();
      action_notify_administrator("Message\n$Subject\nfrom $Sender to
$Recipients[0] quarantined because SPAM score exceeded threshold.\n\nSee
http://www.carpenter.cx$QuarantineSubdir/\n\nCopy sent to
spam\@carpenter.cx\n\nspamassassin report:\n$report\n");
-------

So when this is done, the messages has been quarantined with the
HEADER.html and README.html files, and a message was sent to the
administrator with a link to the Quarantine directory.

5. The quarantine.cgi script:
----
#!/usr/bin/perl -w

use CGI qw(:standard);

my $action = '';
my $sendto = '';
my $qdir = '';
my $cmd= '/usr/sbin/sendmail ';

$action = param('action');
$sendto = param('newuser');
$qdir = param('qdir');

if ($action =~ /original/i) {
  $msg = "Message sent to original recipient";
  $cmd = $cmd . "-t < $qdir/ENTIRE_MESSAGE";
}
elsif ($action =~ /address/i) {
  $msg = "Sent message to new address";
  if ($sendto eq "") {
        $msg = $msg . ", but no new address given.";
  }
  else {
        $msg = $msg . ": $sendto";
        $cmd = $cmd . "$sendto < $qdir/ENTIRE_MESSAGE";
  }
}
else {
  $msg = "Quarantine directory deleted.";
  $cmd = "sudo /usr/local/bin/qdirhelper $qdir";
}

system $cmd;

print header();   # print out correct content header

print <<"EOF"

<html>
<head>
<title>Quarantine Action: $action</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<h2>$msg</h2><br>
Executed command was:</br>$cmd<br>

<input type="button" value="Close Window"
onclick="window.close()">
<a href=/var/spool/MD-Quarantine/>
<a href=/var/spool/MD-Quarantine/>Back to quarantine directory</a>

</body>
</html>
EOF
-------

The qdirhelper script:
  rm -r -f $1

The qdirhelper script needs to be listed in sudoers:
   apache  ALL= NOPASSWD:/usr/local/bin/qdirhelper

------------------------

I think that does it.

Let me know if there are any questions.  Be aware that I use the digest
feature of this list, so I might not answer right away.

Troy Carpenter
troy at carpenter.cx



-----Original Message-----
Date: Thu, 1 Apr 2004 11:31:59 +0100
From: "Paul Murphy" <pmurphy at ionixpharma.com>
Subject: [Mimedefang] Quarantine management - anyone else working on
	this?
To: <mimedefang at lists.roaringpenguin.com>
Message-ID:
	
<B078C3A33484CB4CAE40CE379FBAE90FBAED39 at exchange1.local.ionix.com>
Content-Type: text/plain; charset="us-ascii"

Hi,

I've been working on a CGI program to assist with managing the
quarantine folders, which is now working but nowhere near ready for
public inspection.

The system consists of two Perl CGI scripts - one to display the message
details for all quarantined messages (and to approve/delete them) and
the other to inspect the quarantined message, and a cron job to sort out
the permissions on the qdirs so that the CGI scripts can read the files.

Before I invest too much time in this, is there anything else out there
to assist with this task?

Best Wishes,

Paul.
__________________________________________________
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788

More information about the MIMEDefang mailing list