[Mimedefang] Including archetypal filters to include in release?
Philip Prindeville
philipp_subx at redfish-solutions.com
Mon Jan 9 18:21:58 EST 2006
Hi.
I'm new to the list (but not spam fighting), so please bear with me.
I recently installed mimedefang-2.54 (thanks Axel for making the necessary
Perl modules available as .rpms) on FC3.
I made the following changes to mimedefang-filter, adding:
my %badnetworks = {
'58.71.0.0/17' => 'REJECT',
'62.117.127.0/25' => 'REJECT',
'66.165.224.0/20' => 'REJECT',
'69.72.128.0/17' => 'REJECT',
'69.240.0.0/12' => 'REJECT',
'82.208.169.0' => 'REJECT',
'84.13.0.0/17' => 'REJECT',
'198.59.0.0/15' => 'REJECT',
'212.145.160.0/21' => 'REJECT',
'212.145.192.0/20' => 'REJECT',
'216.191.0.0/16' => 'REJECT',
'217.165.0.0/21' => 'REJECT',
'217.165.32.0/22' => 'REJECT',
'218.78.0.0/15' => 'REJECT',
'218.80.0.0/14' => 'REJECT',
'222.136.0.0/11' => 'REJECT',
# local mail
'127.0.0.1/32' => 'ACCEPT',
'192.168.1.0/24' => 'ACCEPT',
# wildcard action
'0.0.0.0/0' => 'ACCEPT',
};
sub filter_relay($$) {
my ($hostname, $hostip) = @_;
$hostip = inet_aton($hostip);
while (my ($lhs, $action) = each %badnetworks) {
my ($net, $length) = split('/', $lhs);
$net = inet_aton($net);
my $mask = (0xffffffff << (32 - $length)) & 0xffffffff;
if (($hostip & $mask) == $net) {
my $msg = ($action eq 'ACCEPT') ? 'OK'
: "This network is blacklisted";
return ($action, $msg);
}
}
# we shouldn't hit this, but if we do... default action is to accept
return ('ACCEPT', "OK");
}
sub filter_sender($$$$) {
my ($sender, $hostip, $hostname, $helo) = @_;
# dotted quads need to be bracketed
if ($helo =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) {
return ('REJECT', "Incorrect format for address-literal");
}
# ok, got the format right... now is the address correct?
# this might be wrong if our clients are behind a NATting gateway;
# if that's the case, we need to preface this with accepting everyone
# whose $hostip matches a certain address or address range
if ($helo =~ /^\[(\d{1,3})\.(\d{1,3}).(\d{1,3})\.(\d{1,3})\]$/) {
if ($helo ne "[$hostip]") {
return ('REJECT',
"Header forgery attempt, [$hostip] claims to be $helo");
}
}
# doesn't contain any dots...
if (index($helo, '.') == -1) {
return ('REJECT', "Expected fully-qualified domain name");
}
return ('ACCEPT', "OK");
}
Anyone have any suggestions or comments about how this could be improved?
If we could refine this, it might be handy to incorporate into a future
release... Perhaps
the code could be gated by a configuration variable or two? Note also
that I rewrote the
code in filter_sender slightly, since IP addresses are always supposed
to be bracketed.
Also... The HOWTO is slightly out of date, since it doesn't include the
init.d/ script for
mimedefang... And the .spec should probably include:
chkconfig --level 5 mimedefang on
To enable it when installing.
Thanks,
-Philip
More information about the MIMEDefang
mailing list