[Mimedefang] Whitelisting Outbound E-Mail Addresses
wrolf.courtney at donovandata.com
wrolf.courtney at donovandata.com
Wed Jun 9 12:49:38 EDT 2004
Eliminating my LDAP stuff (customers are listed in an LDAP database) and
eliminating the stuff related to syncing the database between the two mail
servers:
/etc/cron.d/mail_whitelist:
# run mail whitelisting tool every 15 minutes
PATH=/sbin:/bin:/usr/sbin:/usr/bin
*/15 * * * * root /usr/local/sbin/generate_mail_access
/usr/local/sbin/generate_mail_access:
#!/bin/bash
# Catch any new destination addresses of mail sent out from Donovan
# and permit it in incoming addresses.
#
# Wrolf Courtney 6/13/2002
#
# Updated to use hostname -s WC 5/18/2004
PATH=/usr/local/sbin/:$PATH
cd /etc/mail
maillog2access > access.maillog.$$
comm -23 access.maillog.$$ access.maillog.`hostname -s` | makemap -r -o
hash access.db
sort -u access.maillog.$$ access.maillog.`hostname -s` -o
access.maillog.`hostname -s`
rm access.maillog.$$
/usr/local/sbin/maillog2access:
#
# Outputs to addresses of mail sent out from Donovan
#
# Wrolf Courtney 6/12/2002
#
# Can be used to add to mail access database:
#
# maillog2access | makemap -r -o hash /etc/mail/access.db
#
# Minor improvents.
# Need to Eliminate bounce addresses. Ignore messages that are from <>,
# since these are bounces. WC 6/13/2002
#
# Allow parameter for maillog, defaults to /var/log/maillog
#
# Only whitelist stuff from smtp.donovandata.com
#
# WC 12/13/2002 Whitelist stuff from smtp_tpny01.donovandata.com
# WC 5/2/2002 Whitelist stuff from *.donovandata.com
FILES=$*
[ $# -eq 0 ] && FILES=/var/log/maillog
perl -nae '
$OUTBOUND{$F[5]} = $F[5] if (/relay=.*\.donovandata\.com/ ||
/relay=smtp_tpny01\.talentpartners\.com/) && ! /from=\<\>/;
print "$1\n" if ! /relay=smtp.donovandata.com/ &&
! /relay=smtp_tpny01.talentpartners.com/ &&
! /relay=mail\d+.messagelabs.com/ &&
! /relay=cluster1.us.messagelabs.com/ &&
! /relay=.* \[168\.238\.\d+\.\d+\]/ &&
/stat=Sent/ &&
/ to=(<\S+>).*/ &&
$OUTBOUND{$F[5]};
' $FILES |
perl -pe '$_ = lc;s/,/\n/g' |
perl -pe 's/^<//;s/>$//;' |
grep -i -v '%' |
grep -i -v '!' |
grep -i -v '^@' |
grep -i -v '^owner' |
grep -i -v 'bounce' |
grep -v -e '-.*-.*-' |
#egrep -v -e '[0-9]{5,}' |
sort -u |
perl -ne 'chomp;print "From:$_ RELAY\n"'
and finally in mimedefang-filter, before and inside sub filter_end():
use DB_File;
# If SpamAssassin found SPAM, append report. We do it as a separate
# attachment of type text/plain
sub filter_end ($) {
my($entity) = @_;
# If you want quarantine reports, uncomment next line
# send_quarantine_notifications();
# IMPORTANT NOTE: YOU MUST CALL send_quarantine_notifications() AFTER
# ANY PARTS HAVE BEEN QUARANTINED. SO IF YOU MODIFY THIS FILTER TO
# QUARANTINE SPAM, REWORK THE LOGIC TO CALL
send_quarantine_notifications()
# AT THE END!!!
# No sense doing any extra work
return if message_rejected();
# WC 9/3/2003
# Do not spam check e-mail whitelisted in /etc/mail/access.db
my $access_db = "/etc/mail/access.db";
tie %access_hash, 'DB_File', $access_db, O_RDONLY;
my $LHS = $Sender; $LHS =~ s/^<//; $LHS =~ s/>$//;
$LHS = 'from:' . lc($LHS);
$RHS = $access_hash{$LHS};
md_graphdefang_log('access', $LHS, $RHS) if defined($RHS) and $RHS ne
'';
untie %access_hash;
return if defined($RHS) and $RHS =~ /^RELAY|^OK/;
mimedefang-bounces at lists.roaringpenguin.com wrote on 06/09/2004 04:18:20
AM:
> Hi Wrolf,
>
> I don't suppose you could share the code you have used to do this. It
> sounds very similar to something I have tried to do, and for the same
> reasons, the DNSBL lists are sometimes too aggressive. My perl is pretty
> weak, and although I'm managing to add domains, like you to the
> access.db file, I feel I could go about it in a better way.
>
> Cheers,
>
> Richard
>
> >
> >
> >For a long time now (before implementing MIMEDefang) I have implemented
> >site-wide whitelisting of the to address of any outbound e-mail.
> >
> >It is reasonable to assume that if one of my users sends someone mail,
then
> >they want a reply.
> >
> >Since my users are a community of interest (corporation), it is also
quite
> >likely that someone else here would want e-mails from that person.
> >
> >I implemented this using the access.db feature of Sendmail, with scripts
> >every five minutes scanning the logs and adding new entries. It really
got
> >around the problem of overly aggressive DNSBLs - I used to get into
> >explaining what a DNSBL (RBL) is to administrators at our customers and
> >suppliers, had to manually whitelist their server, etc.
> >
> >Users very rarely call me over this now, since if they fail to get an
> >initial e -mail sent to them from a customer, they first try sending one
> >out. This is a good strategy anyway (customer may have typoed their
> >address, etc.)
> >
> >I would love to see this integrated into MIMEDefang.
> >
> >Wrolf
> >
> >_______________________________________________
> >Visit http://www.mimedefang.org and http://www.canit.ca
> >MIMEDefang mailing list
> >MIMEDefang at lists.roaringpenguin.com
> >http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> >
> >
> >
>
> --
> Richard Whelan
> Senior Systems Administrator
> PIPEX
>
> Direct: +44 (0) 1865 381568
> Mobile: +44 (0) 7786 276020
>
> website: http://www.pipex.net/
>
> This e-mail is subject to: http://www.pipex.net/disclaimer.html
>
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
More information about the MIMEDefang
mailing list