[Mimedefang] Bypass MD+SA filtering by domain name
Liang, Warren
wliang at infocrossing.com
Thu Oct 14 16:26:51 EDT 2004
Good morning,
I use the stream_by_domain method to configure MIMEDefang+Spamassassin to
bypass filtering all incoming emails (attachment and SPAM) by the domain
name. I thought, the commands
if (stream_by_domain()) {
return;
}
if (canonicalize_email($Domain) eq 'eastcoast.com') {
return("ACCEPT_AND_NO_MORE_FILTERING", "ok");
}
should be in procedure "sub filter_begin". However, when I put them over
there, MIMEDefang still blocks the test.ade attachment. I leave
stream_by_domain in the "sub filter_begin" and move rest commands to "sub
filter". MD does let test.ade through and all eastcoast.com users receive
the attachment.
Following is the partial /etc/mail/mimedefang-filter file.
...
sub canonicalize_email ($) {
my ($email) = @_;
$email =~ s/^<//;
$email =~ s/>$//;
$email = lc($email);
####################
sub filter_begin () {
##
if (stream_by_domain()) {
return;
}
##
#---------------------------------------------------------------------------
-----
# It blocks .ade attachment
### if (canonicalize_email($Domain) eq 'eastcoast.com') {
### return("ACCEPT_AND_NO_MORE_FILTERING", "ok");
### }
#---------------------------------------------------------------------------
------
#
# ALWAYS drop messages with suspicious chars in headers
if ($SuspiciousCharsInHeaders) {
md_graphdefang_log('suspicious_chars');
action_quarantine_entire_message("..........");
# Do NOT allow message to reach recipient(s)
return action_discard();
}
}
#***********************************************************************
# %PROCEDURE: filter
#***********************************************************************
sub filter ($$$$) {
my($entity, $fname, $ext, $type) = @_;
#++++++++++++++++++++++++++++++++++++++++++++
# Successfully bypasses attachment check and recipient at eastcoast.com
receives .ade attachment
if (canonicalize_email($Domain) eq 'eastcoast.com') {
return("ACCEPT_AND_NO_MORE_FILTERING", "ok");
}
#+++++++++++++++++++++++++++++++++++++++++++++
return if message_rejected(); # Avoid unnecessary work
# Block message/partial parts
if (lc($type) eq "message/partial") {
md_graphdefang_log('message/partial');
action_bounce("MIME type message/partial not accepted here");
return action_discard();
}
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
return action_quarantine($entity, "..........");
}
# eml is bad if it's not multipart
if (re_match($entity, '\.eml')) {
md_graphdefang_log('non_multipart');
return action_quarantine($entity, ".......");
}
# Clean up HTML if Anomy::HTMLCleaner is installed.
if ($Features{"HTMLCleaner"}) {
if ($type eq "text/html") {
return anomy_clean_html($entity);
}
}
return action_accept();
}
My goal is to bypass Spam filtering as well. I send a spammed (GTUBE string)
mail to recipient at @eastcoast.com. MD+SA filter and discard the spammed
email. Does the stream_by_domain method work?
Thanks,
Warren
More information about the MIMEDefang
mailing list