[Mimedefang] Patch for new function: send_quarantine_notifications_quick

Oliver Schulze L. oliver at samera.com.py
Tue Jan 23 13:35:51 EST 2007 

Hi,
recently I started to quarantine spam while I was
testing the SA BotNet plugin.
I needed to get a quick report on the quarantined email in order
to visually confirm that the email was a spam,
so I modified the function send_quarantine_notifications
and created the function send_quarantine_notifications_quick($$)

The most importan info I need was:
Quarentine dir  : in order to get the original email
Relay host      : in order to see if it was a DUL client
Sender          : in order to detect auto-generated emails

The quarentine email report looks like this:
--------------------------------------------
Quarentine host : mail.example.com
Quarentine dir  : /var/spool/MD-Quarantine/qdir-2007-01-23-15.15.57-001
Quarentine parts: 0
Relay host      : 83-131-72-252.adsl.net.t-com.hr (83.131.72.252)
MessageID       : l0NIFkkx022594
Sender          : '<andrew9wzk at earthlink.net>'
Recipient       : user at example.com
Recipient       : user2 at example.com
Messages        :

    This is an email with hits over 15:
    hits: 46.796
    SA Tests:
BAYES_99,BOTNET,BOTNET_CLIENT,BOTNET_CLIENTWORDS,BOTNET_IPINHOSTNAME,DNS_FROM_RFC_ABUSE,FORGED_RCVD_HELO,INVALID_DATE,MORE_SEX,RCVD_IN_SORBS_DUL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL,WHY_WAIT
--------------------------------------------

After the "Messages" word, all users comments added with:
action_quarantine_entire_message()
are printed

I attach the patch and maybe it can help someone else too.

HTH
Oliver

-- 
Oliver Schulze L.   | Get my e-mail after a captcha in:
Asuncion - Paraguay | http://tinymailto.com/oliver 

-------------- next part --------------
--- mimedefang.pl	2007-01-23 15:24:21.000000000 -0300
+++ mimedefang.pl.ori	2007-01-23 15:23:15.000000000 -0300
@@ -1842,96 +1842,6 @@
 }
 
 #***********************************************************************
-# %PROCEDURE: send_quarantine_notifications_quick
-# %ARGUMENTS:
-#  send_headers -- print the original headers in the notification
-#  send_warnings -- print the warnings in the notification
-# %RETURNS:
-#  Nothing
-# %DESCRIPTION:
-#  Sends a quick quarantine notification message, 
-#  if anything was quarantined. The format is formated for easy reading
-#***********************************************************************
-sub send_quarantine_notifications_quick ($$) {
-	my($send_headers, $send_warnings) = @_;
-	$send_headers=0 if (!defined($send_headers));
-	$send_warnings=0 if (!defined($send_warnings));
-
-	# If there are not quarantined parts, return
-	# else, e-mail a report
-	if (($QuarantineCount <= 0) && ($EntireMessageQuarantined = 0)) {
-		return;
-	}
-	
-	my($body);
-	$body = "From: $DaemonName <$DaemonAddress>\n";
-	$body .= "To: \"$AdminName\" <$AdminAddress>\n";
-	$body .= gen_date_msgid_headers();
-	$body .= "Auto-Submitted: auto-generated\n";
-	$body .= "MIME-Version: 1.0\nContent-Type: text/plain\n";
-	$body .= "Precedence: bulk\n";
-	$body .= "Subject: $QuarantineSubject\n\n";
-
-	$body .= "Quarentine host : " . get_host_name() . "\n";
-	$body .= "Quarentine dir  : $QuarantineSubdir\n";
-  $body .= "Quarentine parts: $QuarantineCount\n";
-	$body .= "Relay host      : $RelayHostname ($RelayAddr)\n";
-	$body .= "MessageID       : $QueueID\n" if ($QueueID ne "NOQUEUE");
-	$body .= "Sender          : '$Sender'\n" if defined($Sender);
-	if ($EntireMessageQuarantined) {
-		$body .= "Entire email    : $QuarantineSubdir/ENTIRE_MESSAGE\n";
-	}
-
-	my($recip);
-	foreach $recip (@Recipients) {
-		$body .= "Recipient       : $recip\n";
-	}
-	my $donemsg = 0;
-	my $i;
-	for ($i=0; $i<=$QuarantineCount; $i++) {
-		if (open(IN, "<$QuarantineSubdir/MSG.$i")) {
-			if (!$donemsg) {
-				$body .= "Messages        :\n";
-				$donemsg = 1;
-			}
-			while(<IN>) {
-				$body .= $_;
-			}
-			close(IN);
-		}
-	}
-	if ($donemsg) {
-		$body .= "\n";
-	}
-
-	if($send_headers) {
-		if (open(IN, "<$QuarantineSubdir/HEADERS")) {
-			$body .= "\n----------\nHere are the message headers:\n";
-			while(<IN>) {
-				$body .= $_;
-			}
-			close(IN);
-		}
-		for ($i=1; $i<=$QuarantineCount; $i++) {
-			if (open(IN, "<$QuarantineSubdir/PART.$i.HEADERS")) {
-				$body .= "\n----------\nHere are the headers for quarantined part $i:\n";
-				while(<IN>) {
-					$body .= $_;
-				}
-				close(IN);
-			}
-		}
-	}
-	if($send_warnings) {
-		if ($#Warnings >= 0) {
-			$body .= "\n----------\nHere are the warning details:\n\n";
-			$body .= "@Warnings";
-		}
-	}
-	send_mail($DaemonAddress, $DaemonName, $AdminAddress, $body);
-}
-
-#***********************************************************************
 # %PROCEDURE: signal_complete
 # %ARGUMENTS:
 #  None

More information about the MIMEDefang mailing list