[Mimedefang] set mimedefang to not scan authenticated users

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Fri Apr 18 02:57:38 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 17 Apr 2008, maillist wrote:

> I know very little about Perl, so maybe I have something out of order here.

OK, but in order to use MIMEDefang efficiently, you're going to either
learn Perl or hire someone for adopting / evolving your filter.

> Here is what I have...
>
> sub defang_warning {
[OK]
> }

You cannot have two functions of the same name + in order to get called,
they have to reside outside of other functions.

see man mimedefang-filter for documentation

The regex matching of the ip is syntactically OK, but does not do what you want.
The %SendmailMacros hash is not available in filter_relay, moreover,
authentification has not taken place, yet, if I remember correctly.

sub filter_relay {
   my ($ip, $name) = @_;

   if($ip =~ /\A(?:127\.0\.0\.1|10\.0\.1\.)/) {
     return('ACCEPT_AND_NO_MORE_FILTERING', "ok");
   } else {
     return ('CONTINUE', "ok");
   }
}

# Note: This snippet is more or less taken from the man page
sub filter_sender {
 	my($sender, $ip, $hostname, $helo) = @_;
 	read_commands_file();	# Get %SendmailMacros hash
 	### notice: This assumes authentication without realm!
 	if($SendmailMacros{'auth_authen'}) {	# authentificated
 		return('ACCEPT_AND_NO_MORE_FILTERING', "ok");
 	}
# If you just want to do both checks in one functions
# use the check from filter_relay() here
#	if($ip =~ /\A(?:127\.|10\.0\.1\.)/) {
#		msg locally submitted or resent
#		return('ACCEPT_AND_NO_MORE_FILTERING', "ok");
#	}
# No need to test for full 127.0.0.1 in most cases, network 127. is very 
# small usually

 	return ('CONTINUE', "ok");
}

Also note the remarks in the man page:
filter_sender(): "Note that for this check to
        take place, you must use the -s flag with mimedefang."
filter_relay(): "Note  that
        for this check to take place, you must use the -r flag with mimedefang."

Otherwise does two functions are not called at all. Adopt your init.d 
script.

> sub filter_end {
> my($entity) = @_;
> return if message_rejected();
>
> if ($Features{"SpamAssassin"}) {
>   if (-s "./INPUTMSG" < 100*1024) {
>     my($hits, $req, $names, $report) = spam_assassin_check();
>     my($score);

Next if() is added by you.

>     if ($hits >= $req) {
>       action_add_header("X-Orig-Rcpts", join(", ", @Recipients));
>       foreach $recip (@Recipients) {
>       delete_recipient($recip);
>     }
>
>     add_recipient('spamdrop at my_domain.com');
>   }

Next if() is default, right? Because both conditions are the same,
you can merge the blocks.
>   if ($hits >= $req) {
>     action_change_header("X-Spam-Score", "$hits ($score) $names");

Unless you use the external graphdefang utility, comment the call
>     md_graphdefang_log('spam', $hits, $RelayAddr);

Because you re-route the mail to a spamdrop and no native user gets the
message, I'd NOT add the SPAM report. Will the (human?) SPAM processor
read this report for other reasons than simple curiosity? If you release
the message to a native user, this report will bother him/her, I guess.
>     action_add_part($entity, "text/plain", "-suggest",
>     "$report\n", "SpamAssassinReport.txt", "inline");
>   }
>   else {
>     action_delete_header("X-Spam-Score");
>   }
> }
> }

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFICEZk5ThHZhj8SBwRAnFiAJ9sOlofxYEoCMLYXNduEf1FR2jajQCdFsE9
fbQq4ul/hWUMg9NYLWTvBpk=
=NtWJ
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list