[Mimedefang] Rejecting e-mails with blank CC: and Reply-To:
Scott Nelson
sbnelson at thermeon.com
Wed Apr 11 15:13:44 EDT 2012
On Apr 11, 2012, at 1:49 PM, David F. Skoll wrote:
> You need to
> post your filter code if you expect any help.
I thought I posted enough, but here is the full thing, only some comments removed to make it smaller:
# -*- Perl -*-
$AdminAddress = 'postmaster at thermeon.com';
$AdminName = "Thermeon Postmaster";
$DaemonAddress = 'mimedefang at thermeon.com';
$AddWarningsInline = 0;
md_graphdefang_log_enable('mail', 1);
$Stupidity{"NoMultipleInlines"} = 0;
$ClamdSock = "/var/run/clamav/clamd.sock";
detect_and_load_perl_modules();
sub filter_bad_filename {
my($entity) = @_;
my($bad_exts, $re);
return 0; # pretend all is well but bypass checking files.
# Bad extensions
$bad_exts = '(ade|adp|app|asd|asf|asx|bas|bat|chm|cmd|com|cpl|crt|dll|exe|fxp|hlp|hta|hto|inf|ini|ins|isp|jse?|lib|lnk|mdb|mde|msc|msi|msp|mst|ocx|pcd|pif|prg|reg|scr|sct|sh|shb|shs|sys|url|vb|vbe|vbs|vcs|vxd|wmd|wms|wmz|wsc|wsf|wsh|\{[^\}]+\})';
# Do not allow:
# - CLSIDs {foobarbaz}
# - bad extensions (possibly with trailing dots) at end
$re = '\.' . $bad_exts . '\.*$';
return 1 if (re_match($entity, $re));
# Look inside ZIP files
if (re_match($entity, '\.zip$') and
$Features{"Archive::Zip"}) {
my $bh = $entity->bodyhandle();
if (defined($bh)) {
my $path = $bh->path();
if (defined($path)) {
return re_match_in_zip_directory($path, $re);
}
}
}
return 0;
}
sub has_spam_words {
my $text = shift;
return $text =~ /eprospector|groupon|priceline|nytimes|recycle|diversity|cincom|grainger|casino|techrepublic|ientry\.com|businesscards|barkoff|swiss|refinance|b21pubs\.com|directbuy|pharma|flyzik|coupon|<dating>|watches|harte-hanks|lorman|ocmetro|pills|viagra|wallstreet|pimsleur|jupiter|x10|lasik|visiontoamerica|RX-Store|prevention\.delivery\.net|patriotupdate|investmentu|internationalliving|healthiernews|earlytorise|conservativeactionalerts|personalliberty|secretsline|penis|\.info>/i;
}
sub filter_sender {
my ($sender, $ip, $hostname, $helo) = @_;
if (has_spam_words($sender)) {
return ('REJECT', 'Message rejected.');
}
return ('CONTINUE', "ok");
}
sub filter_begin {
my($entity) = @_;
if ($SuspiciousCharsInHeaders) {
md_graphdefang_log('suspicious_chars');
# action_quarantine_entire_message("Message quarantined because of suspicious characters in headers");
# Do NOT allow message to reach recipient(s)
return action_discard();
}
if (open(HEADERS, "<HEADERS")) {
while(<HEADERS>) {
next unless /^(To|From|Cc|Subject):/i;
if (has_spam_words($_)) {
md_syslog('notice',"$1: header had a spam word in it: $_\n");
return action_discard();
}
}
close(HEADERS);
} else {
md_syslog('err',"couldn't open HEADERS temp file: $!\n");
}
md_copy_orig_msg_to_work_dir_as_mbox_file();
my($code, $category, $action) = message_contains_virus();
$FoundVirus = ($category eq "virus");
if ($FoundVirus) {
md_graphdefang_log('virus', $VirusName, $RelayAddr);
md_syslog('warning', "Discarding because of virus $VirusName");
return action_discard();
}
}
sub filter {
my($entity, $fname, $ext, $type) = @_;
return if message_rejected(); # Avoid unnecessary work
if (lc($type) eq "message/partial") {
md_graphdefang_log('message/partial');
action_bounce("MIME type message/partial not accepted here");
return action_discard();
}
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
return action_drop_with_warning("An attachment named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
}
return action_accept();
}
sub filter_multipart {
my($entity, $fname, $ext, $type) = @_;
return if message_rejected(); # Avoid unnecessary work
if (filter_bad_filename($entity)) {
md_graphdefang_log('bad_filename', $fname, $type);
action_notify_administrator("A MULTIPART attachment of type $type, named $fname was dropped.\n");
return action_drop_with_warning("An attachment of type $type, named $fname was removed from this document as it\nconstituted a security hazard. If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
}
if (lc($type) eq "message/partial") {
md_graphdefang_log('message/partial');
action_bounce("MIME type message/partial not accepted here");
return;
}
return action_accept();
}
sub defang_warning {
my($oldfname, $fname) = @_;
return
"An attachment named '$oldfname' was converted to '$fname'.\n" .
"To recover the file, right-click on the attachment and Save As\n" .
"'$oldfname'\n";
}
sub filter_end {
my($entity) = @_;
return if message_rejected();
if ($Features{"SpamAssassin"}) {
if (-s "./INPUTMSG" < 100*1024) {
my($hits, $req, $names, $report) = spam_assassin_check();
my $stars = "*" x (($hits < 40) ? int($hits) : 40);
action_change_header("X-Spam-Score", "$hits ($stars) $names");
if ($hits >= $req) {
action_bounce("Message looks like spam: $hits ($stars) $names");
md_graphdefang_log('spam', $hits, $RelayAddr);
}
}
}
md_graphdefang_log('mail_in');
}
1;
More information about the MIMEDefang
mailing list