[Mimedefang] Including archetypal filters to include in release?

Philip Prindeville philipp_subx at redfish-solutions.com
Mon Jan 9 18:21:58 EST 2006


Hi.

I'm new to the list (but not spam fighting), so please bear with me.

I recently installed mimedefang-2.54 (thanks Axel for making the necessary
Perl modules available as .rpms) on FC3.

I made the following changes to mimedefang-filter, adding:

my %badnetworks = {
    '58.71.0.0/17'      => 'REJECT',
    '62.117.127.0/25'   => 'REJECT',
    '66.165.224.0/20'   => 'REJECT',
    '69.72.128.0/17'    => 'REJECT',
    '69.240.0.0/12'     => 'REJECT',
    '82.208.169.0'      => 'REJECT',
    '84.13.0.0/17'      => 'REJECT',
    '198.59.0.0/15'     => 'REJECT',
    '212.145.160.0/21'  => 'REJECT',
    '212.145.192.0/20'  => 'REJECT',
    '216.191.0.0/16'    => 'REJECT',
    '217.165.0.0/21'    => 'REJECT',
    '217.165.32.0/22'   => 'REJECT',
    '218.78.0.0/15'     => 'REJECT',
    '218.80.0.0/14'     => 'REJECT',
    '222.136.0.0/11'    => 'REJECT',
    # local mail
    '127.0.0.1/32'      => 'ACCEPT',
    '192.168.1.0/24'    => 'ACCEPT',
    # wildcard action
    '0.0.0.0/0'         => 'ACCEPT',
};

sub filter_relay($$) {
    my ($hostname, $hostip) = @_;

    $hostip = inet_aton($hostip);

    while (my ($lhs, $action) = each %badnetworks) {
        my ($net, $length) = split('/', $lhs);

        $net = inet_aton($net);

        my $mask = (0xffffffff << (32 - $length)) & 0xffffffff;

        if (($hostip & $mask) == $net) {
            my $msg = ($action eq 'ACCEPT') ? 'OK'
                       : "This network is blacklisted";

            return ($action, $msg);
        }
    }

    # we shouldn't hit this, but if we do... default action is to accept
    return ('ACCEPT', "OK");
}

sub filter_sender($$$$) {
    my ($sender, $hostip, $hostname, $helo) = @_;

    # dotted quads need to be bracketed
    if ($helo =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/) {
        return ('REJECT', "Incorrect format for address-literal");
    }

    # ok, got the format right... now is the address correct?
    # this might be wrong if our clients are behind a NATting gateway;
    # if that's the case, we need to preface this with accepting everyone
    # whose $hostip matches a certain address or address range
    if ($helo =~ /^\[(\d{1,3})\.(\d{1,3}).(\d{1,3})\.(\d{1,3})\]$/) {
        if ($helo ne "[$hostip]") {
            return ('REJECT',
                    "Header forgery attempt, [$hostip] claims to be $helo");
        }
    }

    # doesn't contain any dots...
    if (index($helo, '.') == -1) {
        return ('REJECT', "Expected fully-qualified domain name");
    }

    return ('ACCEPT', "OK");
}



Anyone have any suggestions or comments about how this could be improved?

If we could refine this, it might be handy to incorporate into a future 
release...  Perhaps
the code could be gated by a configuration variable or two?  Note also 
that I rewrote the
code in filter_sender slightly, since IP addresses are always supposed 
to be bracketed.

Also...  The HOWTO is slightly out of date, since it doesn't include the 
init.d/ script for
mimedefang...  And the .spec should probably include:

chkconfig --level 5 mimedefang on

To enable it when installing.

Thanks,

-Philip




More information about the MIMEDefang mailing list