[Mimedefang] Custom Configuration

[Kevin A. McGrail]

Aleksander is exactly right but I would do one thing differently.  I use the
code/idea that Brian Landers wrote to create an access file for sendmail for
the LDAP work.  We enhanced it and it's very stable and in place on multiple
servers now for almost a year.

http://www.peregrinehw.com/downloads/ldap/

Basics behind it are to connect to an LDAP server every five minutes and
generate an access.db file that can sendmail can use to deny recipients
without calling a milter, etc.

This in turn let's us also use the BAD_RCPT Throttle which in turn let's us
monitor the logs to block IP addresses for a 90-minute window that seem to
be doing email harvesting/dictionary attacks.

Regards,
KAM


> Simply.  Install both Amavisd-new and MIMEDefang, and define both in
> sendmail.mc.  Sendmail will call them in order you put them in .mc file.
>   Second filter will see changes made by the first filter.  In your
> case, it seems it would be best to call MIMEDefang first, and
> amavisd-new second (no point doing expensive aniti-virus/spam if mail is
> going to be rejected earlier because of invalid envelop, plus you save
> some bandwith since message body is not transffered).
>
> In MIMEDefang, you would use filter_sender (to check sender's address),
> filter_recipient (to check if recipient is valid, do not drop entire
> email here, simply reject recipients that are invalid here, mail can
> have more than one, and some might be valid), and filter_end (to check
> headers).  You'd probably need to install some LDAP perl modules.  If
> you are going to have persistent connection to LDAP server, make sure it
> is made from filter_init.