From Wikislax

Jump to: navigation, search


What is MIMEDefang ?

MIMEDefang is a plugin specific to the Sendmail Milter interface and affords scanning modifying filtering or bouncing mails while they are being received by sendmail.

MIMEDefang consist of four major components: mimedefang, mimedefang-multiplexor, mimedefang.pl, and mimedefang-filter. MIMEDefang, written in C, splits incoming messages into parts. Mimedefang-multiplexor creates and manages a pool of perl processes that execute mimedefang.pl, a perl script.

Installing MIMEDefang

MIMEDefang requires a few perl modules that can be installed as below :

# perl -MCPAN -e shell
. . .
cpan> install Digest::SHA1
cpan> install IO::Stringy
cpan> install MailTool
cpan> install MIME::Tools
cpan> install MIME::Base64
cpan> install Unix::Syslog

Download MIMEDefang untar and install as below. Mickey Hill's MIMEDefang HOWTO includes detailed installation information and tips.

# tar -C /usr/local -xvf mimedefang-x.y.tar.gz
# cd /usr/local
# chown -R root:root mimedefang-x.y
# cd mimedefang-x.y
# ./configure --help | less
# ./configure --libdir=/usr/local/lib64 \
--mandir=/usr/local/man --with-user=milter
# make
# make install
# make clean
# cd /var/spool
# mkdir -m 700 MIMEDefang
# chown milter:milter MIMEDefang
# mkdir -m 700 MD-Quarantine
# chown milter:milter MD-Quarantine

Configuring MIMEDefang

MIMEDefang uses a single configuration file in /etc/mail/sa-mimedefang.cf. Add the lines below for DCC Pyzor and Bayes. The bayes_path seems required for SpamAssassin to find the Bayes database :

use_dcc 1
dcc_timeout 10
dcc_path /usr/local/bin/dccproc

use_pyzor 1
pyzor_timeout 10
pyzor_path /usr/local/bin/pyzor

# Set Bayes parameters
use_bayes 1
use_learner 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_auto_expire 1
bayes_file_mode 700
bayes_expiry_max_db_size 150000
bayes_path /var/spool/MD-Quarantine/.spamassassin/bayes

#   Set headers which may provide inappropriate cues to the Bayesian classifier
bayes_ignore_header X-Scanned-By
bayes_ignore_header X-Spam-Check
bayes_ignore_header X-Spam-Score
bayes_ignore_header X-Probably-Spam-Tag

/etc/mail/mimedefang-filter is a perl fragment read by mimedefang.pl where customization can take place. Be sure to check man mimedefang-filter. Global variable $SALocalTestsOnly has a default value of 1 to to disable Receive, RBL and Razor tests. Add line $SALocalTestsOnly = 0; at the beginning of mimedefang-filter to enable these tests. The code snipet below extracted from filter_end in mimedefang-filter calls for a few interesting comments:

# Spam checks if SpamAssassin is installed
if ($Features{"SpamAssassin"}) {
    if (-s "./INPUTMSG" < 100*1024) {
        # Only scan messages smaller than 100kB.  Larger messages
        # are extremely unlikely to be spam, and SpamAssassin is
        # dreadfully slow on very large messages.
        my($hits, $req, $names, $report) = spam_assassin_check();
        if ($hits < 40) {
            $score = "*" x int($hits);
        } else {
            $score = "*" x 40;
        # We add a header which looks like this:
        # X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
        # The number of asterisks in parens is the integer part
        # of the spam score clamped to a maximum of 40.
        # MUA filters can easily be written to trigger on a
        # minimum number of asterisks...
        if ($hits >= $req) {
            action_change_header("X-Spam-Score", "$hits ($score) $names");
            md_graphdefang_log('spam', $hits, $RelayAddr);
            # If you find the SA report useful, add it, I guess...
            action_add_part($entity, "text/plain", "-suggest",
                          "SpamAssassinReport.txt", "inline");
            # action_quarantine_entire_message("$hits ($score) $names");
            action_sm_quarantine("$hits ($score) $names");
            # send_quarantine_notifications();
            # action_discard();
        } else {
            # Delete any existing X-Spam-Score header?
            # action_delete_header("X-Spam-Score");

There is nothing special to configure in Sendmail to use the quarantine feature. mailq -qQ affords viewing the content of the quarantine queue, sendmail -qQ -qIsubstr -Q affords unquarantining a specific mail.

Note : if anything goes wrong it is possible to get all SpamAssassin debug information in the maillog file by adding a debug => 1, parameter when creating the SpamAssassin object in function spam_assassin_init of /usr/local/bin/mimedefang.pl :

# %PROCEDURE: spam_assassin_init
#  config -- optional spamassassin config file
#  A Mail::SpamAssassin object.
#  Scans message using SpamAssassin (http://www.spamassassin.org)
sub spam_assassin_init (;$) {
    my($config) = @_;
    my $LOCAL_RULES_DIR = '/etc/mail/spamassassin';
    my $LOCAL_STATE_DIR = '/var/lib';

    . . .

        my $sa_args = {
                debug              => 1,
                local_tests_only   => $SALocalTestsOnly,
                dont_copy_prefs    => 1,
                userprefs_filename => $config,
                user_dir           => $Features{'Path:QUARANTINEDIR'},

Running MIMEDefang

MIMEDefang must be started before and stopped after sendmail. Copy the init-script provided under /etc/rc.d then call it from rc.sendmail.

# cp examples/init-script /etc/rc.d/rc.mimedefang
# vi /etc/rc.d/rc.sendmail
. . .
# Start sendmail:
sendmail_start() {
  /etc/rc.d/rc.mimedefang start
  sleep 1
  if [ -x /usr/sbin/sendmail ]; then
    echo "Starting sendmail MTA daemon:  /usr/sbin/sendmail -L sm-mta -bd -q25m"
    /usr/sbin/sendmail -L sm-mta -bd -q25m
    echo "Starting sendmail MSP queue runner:  /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m"
    /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m

# Stop sendmail:
sendmail_stop() {
  killall sendmail
  /etc/rc.d/rc.mimedefang stop
. . .

However, at this stage MIMEDefang is not ready to work yet, as the Sendmail Milter interface needs to be installed and configured first.

ClamAV Main Page Milter
Personal tools