[Mimedefang] Bypass MD+SA filtering by domain name

Liang, Warren wliang at infocrossing.com
Thu Oct 14 16:26:51 EDT 2004 

Good morning,

I use the stream_by_domain method to configure MIMEDefang+Spamassassin to
bypass filtering all incoming emails (attachment and SPAM) by the domain
name. I thought, the commands
    if (stream_by_domain()) {
	return;
    }
    if (canonicalize_email($Domain) eq 'eastcoast.com') {
            return("ACCEPT_AND_NO_MORE_FILTERING", "ok");
   }
should be in procedure "sub filter_begin". However, when I put them over
there, MIMEDefang still blocks the test.ade attachment. I leave
stream_by_domain in the "sub filter_begin" and move rest commands to "sub
filter". MD does let test.ade through and all eastcoast.com users receive
the attachment.
Following is the partial /etc/mail/mimedefang-filter file.
...
sub canonicalize_email ($) {
    my ($email) = @_;
    $email =~ s/^<//;
    $email =~ s/>$//;
    $email = lc($email);
####################
sub filter_begin () {
##
    if (stream_by_domain()) {
	return;
    }
##
#---------------------------------------------------------------------------
-----
#    It blocks .ade attachment
###    if (canonicalize_email($Domain) eq 'eastcoast.com') {
###             return("ACCEPT_AND_NO_MORE_FILTERING", "ok");
###   }
#---------------------------------------------------------------------------
------
#
# ALWAYS drop messages with suspicious chars in headers
    if ($SuspiciousCharsInHeaders) {
        md_graphdefang_log('suspicious_chars');
	action_quarantine_entire_message("..........");
	# Do NOT allow message to reach recipient(s)
	return action_discard();
    }
}
#***********************************************************************
# %PROCEDURE: filter
#***********************************************************************
sub filter ($$$$) {
    my($entity, $fname, $ext, $type) = @_;
#++++++++++++++++++++++++++++++++++++++++++++
# Successfully bypasses attachment check and recipient at eastcoast.com
receives .ade attachment
    if (canonicalize_email($Domain) eq 'eastcoast.com') {
             return("ACCEPT_AND_NO_MORE_FILTERING", "ok");
    }
#+++++++++++++++++++++++++++++++++++++++++++++
    return if message_rejected(); # Avoid unnecessary work
    # Block message/partial parts
    if (lc($type) eq "message/partial") {
        md_graphdefang_log('message/partial');
	action_bounce("MIME type message/partial not accepted here");
	return action_discard();
    }
    if (filter_bad_filename($entity)) {
        md_graphdefang_log('bad_filename', $fname, $type);
	return action_quarantine($entity, "..........");
    }
    # eml is bad if it's not multipart
    if (re_match($entity, '\.eml')) {
        md_graphdefang_log('non_multipart');
	return action_quarantine($entity, ".......");
    }
    # Clean up HTML if Anomy::HTMLCleaner is installed.
    if ($Features{"HTMLCleaner"}) {
	if ($type eq "text/html") {
	    return anomy_clean_html($entity);
	}
    }
    return action_accept();
}

My goal is to bypass Spam filtering as well. I send a spammed (GTUBE string)
mail to recipient at @eastcoast.com. MD+SA filter and discard the spammed
email. Does the stream_by_domain method work?

Thanks,
Warren

More information about the MIMEDefang mailing list