[Mimedefang] Problem with quarantine.pl

Paul Murphy pmurphy at ionixpharma.com
Wed Jul 21 10:46:16 EDT 2004 

> I have tried using this script. Since my localsmtp and remotesmtp server 
> are same machine, I am having problems with mail filtering.

The script was designed to be used on a mail gateway where outgoing mail either
is sent via the localhost or a smart host, and incoming mail is forwarded to
Exchange or something similar, so the localsmtp server is assumed to be
different from the system running the script.
 
> If I allow all mails from localhost by using filter_sender with $ip check, 
> I am not able to quarantine mails sent from the server. Our users have 
> login access to the mail server.

> Can any body please suggest a way around this.

Removing user access to your mail server would be the easiest approach, but may
not be practical or politically acceptable.

One possible approach would be to have the quarantine script add a header when
re-sending the message, or to have it prefix the subject, and then have your
filter check whether this is in place.

For send_partial, adding a header is relatively simple, by using MIME::Lite's
"add" method, but send_entire subroutine uses Net::SMTP because all of the
necessary information is already in the message array, so you'd have to manually
process the @msg array to insert a header or change the subject line.

In either case, you'll have to partially re-write the script to achieve what you
want, and then work out a way to generate a flag which can't be discovered and
spoofed by your users, such as having a database of MsgID/flag pairs which is
added to when a message is quarantined, and from which quarantine.pl can pull
the flag to add before releasing the message.  If the database is only available
to the defang user, it would be relatively secure.

Best Wishes,

Paul.
__________________________________________________
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788

_______________________________________________________________________
DISCLAIMER:
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
_______________________________________________________________________

More information about the MIMEDefang mailing list