[Mimedefang] mimedefang filter sender using filter_sender
Prabin Acharya
mail at prabinacharya.com.np
Fri Jan 17 21:42:15 EST 2014
I've come across a situation at my work recently. My mailserver has
been compromised. We use sendmail with mimedefang. There was problem
of spam attacks a year ago but after having MD installed and running
it has been under control.
The scenario is: bogus users are using mailing address of my company
and sending spam messages. Most of the mails sent are undelivered and
we end up receiving hundreds of undelivered mails in our inbox. My
mimedefang filter has included my workplace mail domain as safe
sender. However some spam mails are such that sender fakes my
workplace domain too. I know my mail server is loose in terms of
security and there are tons of things to be done on it. But with
mimedefang already in place and running perfectly,I thought may be i
could tweak it to check on above scenario as well without making
changes to mail server(sendmail) itself.
I'm thinking of using thing like below:
by using filter_sender, i'd check on legitimate email
addresses that are allowed to pass through my mailserver. If the
sender address contains my domain, check for ip address of the sender,
if ip address belongs to my internal network pass it on, if not drop
the mail. If sender is outside my domain let it pass and let other
functions treat it. My filter_sender is as follows:
sub filter_sender(){
my($sender, $ip, $hostname, $helo)=@_;
$rg='.*?(@)(pmail\\.com.np)';
$iprg='(10)(\\.)(59)(\\.)(\\d+)(\\.)(\\d+)';
if($sender=~ m/$rg/is){
if($ip =~ m/$iprg/is){
return('CONTINUE',"safe");
else{
return('DISCARD',"forged");
}
}
else{
return('CONTINUE',"outside");
}
}
Could anyone suggest anything to it
--
regards,
Prabin Acharya
More information about the MIMEDefang
mailing list