MIMEDefang

From Wikislax

Revision as of 07:51, 8 July 2012 by WikiSysop (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

What is MIMEDefang ?

MIMEDefang is a plugin specific to the Sendmail Milter interface and affords scanning modifying filtering or bouncing mails while they are being received by sendmail.

MIMEDefang consist of four major components: mimedefang, mimedefang-multiplexor, mimedefang.pl, and mimedefang-filter. MIMEDefang, written in C, splits incoming messages into parts. Mimedefang-multiplexor creates and manages a pool of perl processes that execute mimedefang.pl, a perl script.

Installing MIMEDefang

MIMEDefang requires a few perl modules that can be installed as below :

# perl -MCPAN -e shell
. . .
cpan> install Digest::SHA1
cpan> install IO::Stringy
cpan> install MailTool
cpan> install MIME::Tools
cpan> install MIME::Base64
cpan> install Unix::Syslog

Download MIMEDefang untar and install as below. Mickey Hill's MIMEDefang HOWTO includes detailed installation information and tips.

# tar -C /usr/local -xvf mimedefang-x.y.tar.gz
# cd /usr/local
# chown -R root:root mimedefang-x.y
# cd mimedefang-x.y
# ./configure --help | less
# ./configure --libdir=/usr/local/lib64 \
--mandir=/usr/local/man --with-user=milter
# make
# make install
# make clean
# cd /var/spool
# mkdir -m 700 MIMEDefang
# chown milter:milter MIMEDefang
# mkdir -m 700 MD-Quarantine
# chown milter:milter MD-Quarantine

Configuring MIMEDefang

MIMEDefang uses a single configuration file in /etc/mail/sa-mimedefang.cf. Add the lines below for DCC Pyzor and Bayes. The bayes_path seems required for SpamAssassin to find the Bayes database :

use_dcc 1
dcc_timeout 10
dcc_path /usr/local/bin/dccproc

use_pyzor 1
pyzor_timeout 10
pyzor_path /usr/local/bin/pyzor

# Set Bayes parameters
#
use_bayes 1
use_learner 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_auto_expire 1
bayes_file_mode 700
bayes_expiry_max_db_size 150000
bayes_path /var/spool/MD-Quarantine/.spamassassin/bayes

#   Set headers which may provide inappropriate cues to the Bayesian classifier
#
bayes_ignore_header X-Scanned-By
bayes_ignore_header X-Spam-Check
bayes_ignore_header X-Spam-Score
bayes_ignore_header X-Probably-Spam-Tag

/etc/mail/mimedefang-filter is a perl fragment read by mimedefang.pl where customization can take place. Be sure to check man mimedefang-filter. Global variable $SALocalTestsOnly has a default value of 1 to to disable Receive, RBL and Razor tests. Add line $SALocalTestsOnly = 0; at the beginning of mimedefang-filter to enable these tests. The code snipet below extracted from filter_end in mimedefang-filter calls for a few interesting comments:

# Spam checks if SpamAssassin is installed
if ($Features{"SpamAssassin"}) {
    if (-s "./INPUTMSG" < 100*1024) {
        # Only scan messages smaller than 100kB.  Larger messages
        # are extremely unlikely to be spam, and SpamAssassin is
        # dreadfully slow on very large messages.
        my($hits, $req, $names, $report) = spam_assassin_check();
        my($score);
        if ($hits < 40) {
            $score = "*" x int($hits);
        } else {
            $score = "*" x 40;
        }
        # We add a header which looks like this:
        # X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
        # The number of asterisks in parens is the integer part
        # of the spam score clamped to a maximum of 40.
        # MUA filters can easily be written to trigger on a
        # minimum number of asterisks...
        if ($hits >= $req) {
            action_change_header("X-Spam-Score", "$hits ($score) $names");
            md_graphdefang_log('spam', $hits, $RelayAddr);
            # If you find the SA report useful, add it, I guess...
            action_add_part($entity, "text/plain", "-suggest",
                            "$report\n",
                          "SpamAssassinReport.txt", "inline");
            # action_quarantine_entire_message("$hits ($score) $names");
            action_sm_quarantine("$hits ($score) $names");
            # send_quarantine_notifications();
            # action_discard();
        } else {
            # Delete any existing X-Spam-Score header?
            # action_delete_header("X-Spam-Score");
        }

There is nothing special to configure in Sendmail to use the quarantine feature. mailq -qQ affords viewing the content of the quarantine queue, sendmail -qQ -qIsubstr -Q affords unquarantining a specific mail.

Note : if anything goes wrong it is possible to get all SpamAssassin debug information in the maillog file by adding a debug => 1, parameter when creating the SpamAssassin object in function spam_assassin_init of /usr/local/bin/mimedefang.pl :

#***********************************************************************
# %PROCEDURE: spam_assassin_init
# %ARGUMENTS:
#  config -- optional spamassassin config file
# %RETURNS:
#  A Mail::SpamAssassin object.
# %DESCRIPTION:
#  Scans message using SpamAssassin (http://www.spamassassin.org)
#***********************************************************************
sub spam_assassin_init (;$) {
    my($config) = @_;
    my $LOCAL_RULES_DIR = '/etc/mail/spamassassin';
    my $LOCAL_STATE_DIR = '/var/lib';

    . . .

        my $sa_args = {
                debug              => 1,
                local_tests_only   => $SALocalTestsOnly,
                dont_copy_prefs    => 1,
                userprefs_filename => $config,
                user_dir           => $Features{'Path:QUARANTINEDIR'},
        };

Running MIMEDefang

MIMEDefang must be started before and stopped after sendmail. Copy the init-script provided under /etc/rc.d then call it from rc.sendmail.

# cp examples/init-script /etc/rc.d/rc.mimedefang
# vi /etc/rc.d/rc.sendmail
. . .
# Start sendmail:
sendmail_start() {
  /etc/rc.d/rc.mimedefang start
  if [ -x /usr/sbin/sendmail ]; then
    echo "Starting sendmail MTA daemon:  /usr/sbin/sendmail -L sm-mta -bd -q25m"
    /usr/sbin/sendmail -L sm-mta -bd -q25m
    echo "Starting sendmail MSP queue runner:  /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m"
    /usr/sbin/sendmail -L sm-msp-queue -Ac -q25m
  fi
}

# Stop sendmail:
sendmail_stop() {
  killall sendmail
  /etc/rc.d/rc.mimedefang stop
}
. . .
<esc>
:x

However, at this stage MIMEDefang is not ready to work yet, as the Sendmail Milter interface needs to be installed and configured first.


ClamAV Main Page Milter
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox