MIMEDefang
From Wikislax
Contents |
What is MIMEDefang ?
MIMEDefang is a plugin specific to the Sendmail Milter interface and affords scanning modifying filtering or bouncing mails while they are being received by sendmail.
MIMEDefang consist of four major components: mimedefang, mimedefang-multiplexor, mimedefang.pl, and mimedefang-filter. MIMEDefang, written in C, splits incoming messages into parts. Mimedefang-multiplexor creates and manages a pool of perl processes that execute mimedefang.pl, a perl script.
Installing MIMEDefang
MIMEDefang requires a few perl modules that can be installed as below :
# perl -MCPAN -e shell . . . cpan> install Digest::SHA1 cpan> install IO::Stringy cpan> install MailTool cpan> install MIME::Tools cpan> install MIME::Base64 cpan> install Unix::Syslog
Download MIMEDefang untar and install as below. Mickey Hill's MIMEDefang HOWTO includes detailed installation information and tips.
# tar -C /usr/local -xvf mimedefang-x.y.tar.gz # cd /usr/local # chown -R root:root mimedefang-x.y # cd mimedefang-x.y # ./configure --help | less # ./configure --libdir=/usr/local/lib64 \ --mandir=/usr/local/man --with-user=milter # make # make install # make clean # cd /var/spool # mkdir -m 700 MIMEDefang # chown milter:milter MIMEDefang # mkdir -m 700 MD-Quarantine # chown milter:milter MD-Quarantine
Configuring MIMEDefang
MIMEDefang uses a single configuration file in /etc/mail/sa-mimedefang.cf. Add the lines below for DCC Pyzor and Bayes. The bayes_path seems required for SpamAssassin to find the Bayes database :
use_dcc 1 dcc_timeout 10 dcc_path /usr/local/bin/dccproc use_pyzor 1 pyzor_timeout 10 pyzor_path /usr/local/bin/pyzor # Set Bayes parameters # use_bayes 1 use_learner 1 use_bayes_rules 1 bayes_auto_learn 1 bayes_auto_expire 1 bayes_file_mode 700 bayes_expiry_max_db_size 150000 bayes_path /var/spool/MD-Quarantine/.spamassassin/bayes # Set headers which may provide inappropriate cues to the Bayesian classifier # bayes_ignore_header X-Scanned-By bayes_ignore_header X-Spam-Check bayes_ignore_header X-Spam-Score bayes_ignore_header X-Probably-Spam-Tag
/etc/mail/mimedefang-filter is a perl fragment read by mimedefang.pl where customization can take place. Be sure to check man mimedefang-filter. Global variable $SALocalTestsOnly has a default value of 1 to to disable Receive, RBL and Razor tests. Add line $SALocalTestsOnly = 0; at the beginning of mimedefang-filter to enable these tests. The code snipet below extracted from filter_end in mimedefang-filter calls for a few interesting comments:
- Messages of 100K or more are unlikely to be spam so are not scanned to avoid a waste of resources.
- The number of stars in X-Spam-Score is easy to use in your MUA rules to classify mail as ham or spam.
- We disabled the spamassassin report to collect spam unmodified for the Bayes module initialization.
- We added line action_sm_quarantine("$hits ($score) $names"); to test the Sendmail quarantine feature.
# Spam checks if SpamAssassin is installed
if ($Features{"SpamAssassin"}) {
if (-s "./INPUTMSG" < 100*1024) {
# Only scan messages smaller than 100kB. Larger messages
# are extremely unlikely to be spam, and SpamAssassin is
# dreadfully slow on very large messages.
my($hits, $req, $names, $report) = spam_assassin_check();
my($score);
if ($hits < 40) {
$score = "*" x int($hits);
} else {
$score = "*" x 40;
}
# We add a header which looks like this:
# X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
# The number of asterisks in parens is the integer part
# of the spam score clamped to a maximum of 40.
# MUA filters can easily be written to trigger on a
# minimum number of asterisks...
if ($hits >= $req) {
action_change_header("X-Spam-Score", "$hits ($score) $names");
md_graphdefang_log('spam', $hits, $RelayAddr);
# If you find the SA report useful, add it, I guess...
action_add_part($entity, "text/plain", "-suggest",
"$report\n",
"SpamAssassinReport.txt", "inline");
# action_quarantine_entire_message("$hits ($score) $names");
action_sm_quarantine("$hits ($score) $names");
# send_quarantine_notifications();
# action_discard();
} else {
# Delete any existing X-Spam-Score header?
# action_delete_header("X-Spam-Score");
}
There is nothing special to configure in Sendmail to use the quarantine feature. mailq -qQ affords viewing the content of the quarantine queue, sendmail -qQ -qIsubstr -Q affords unquarantining a specific mail.
Note : if anything goes wrong it is possible to get all SpamAssassin debug information in the maillog file by adding a debug => 1, parameter when creating the SpamAssassin object in function spam_assassin_init of /usr/local/bin/mimedefang.pl :
#*********************************************************************** # %PROCEDURE: spam_assassin_init # %ARGUMENTS: # config -- optional spamassassin config file # %RETURNS: # A Mail::SpamAssassin object. # %DESCRIPTION: # Scans message using SpamAssassin (http://www.spamassassin.org) #*********************************************************************** sub spam_assassin_init (;$) { my($config) = @_; my $LOCAL_RULES_DIR = '/etc/mail/spamassassin'; my $LOCAL_STATE_DIR = '/var/lib'; . . . my $sa_args = { debug => 1, local_tests_only => $SALocalTestsOnly, dont_copy_prefs => 1, userprefs_filename => $config, user_dir => $Features{'Path:QUARANTINEDIR'}, };
Running MIMEDefang
MIMEDefang must be started before and stopped after sendmail. Copy the init-script provided under /etc/rc.d then call it from rc.sendmail.
# cp examples/init-script /etc/rc.d/rc.mimedefang
# vi /etc/rc.d/rc.sendmail
. . .
# Start sendmail:
sendmail_start() {
/etc/rc.d/rc.mimedefang start
if [ -x /usr/sbin/sendmail ]; then
echo "Starting sendmail MTA daemon: /usr/sbin/sendmail -L sm-mta -bd -q25m"
/usr/sbin/sendmail -L sm-mta -bd -q25m
echo "Starting sendmail MSP queue runner: /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m"
/usr/sbin/sendmail -L sm-msp-queue -Ac -q25m
fi
}
# Stop sendmail:
sendmail_stop() {
killall sendmail
/etc/rc.d/rc.mimedefang stop
}
. . .
<esc>
:x
However, at this stage MIMEDefang is not ready to work yet, as the Sendmail Milter interface needs to be installed and configured first.
| ClamAV | Main Page | Milter |
