[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Spam Quarantine Work
|
From: |
Tony Shadwick |
|
Subject: |
Re: Spam Quarantine Work |
|
Date: |
Mon, 29 Mar 2004 19:26:28 +0000 (GMT) |
So much for not using procmail. I deleted the .forward file and gave each
user .procmailrc like this:
:0:
| address@hidden
That fixes the sendmail -bv problem and resolves the user correctly, but
the whole point was not having to call procmail on every message, and
we're still having to do so with this work-around.
Tony Shadwick
Manager of Internet Services
Strategic Technology Group
314-872-3000 x105
On Mon, 29 Mar 2004, Tony Shadwick wrote:
> This isn't precisely a spamass-milt issue, but I thought I'd share as it
> might interest others.
>
> As I pointed out last week, I'm working on a spam and virus quarantine so
> that messages tagged as spam but below the reject threshold are funneled
> through a script and saved to a quarantine directory, and then every 6-8
> hours the users will get a digest message that has a preview of each piece
> of spam, and the option to recover any messages that were false positives.
> This winds up being a better solution of pop3 mail servers, and I'm really
> trying to mimic the functionality of the Baracuda Spam Firewall (MSRP:
> ~$1800)...just throught I'd look for some consutructive critism, feedback,
> or for someone to point out that I'm re-inventing the wheel.
>
> I got my inspiration for this from this document:
>
> http://www.cs.ait.ac.th/laboratory/email/quarantine.shtml
>
> Of course I'm making my best effort to keep procmail out of it, and use
> straight Perl code. :) Warning however, DDH ahead (DDH == Damn Dirty
> Hack).
>
> First off, I've created an alias for sendmail:
>
> quarantine: "| /usr/local/sbin/quarantine_spam.pl"
>
> Ran newaliases, and then created the following script with the above name:
>
> --- begin code ---
>
> #!/usr/bin/perl
>
> # The following two variables must be writable by your sendmail user.
> # Probably mailnull.
>
> # Where is the spam quarantine directory located?
> $quarantine = "/path/to/quarantine";
>
> # Log messages that for some reason mail is either not local, or
> undeliverable.
> $log = "/path/to/logfile";
>
> # Get the message.
> # DDH - have to undefine $/ from \n to get the full message, and set it
> # back so that it can be used appropriately later on.
>
> undef $/;
> $message = <ARGV>;
> $/ = "\n";
>
> # Variables needed to correctly save the file.
> ## PID
> $pid=$$;
>
> ## Addresee
> $message =~ /X-Spam-Orig-To: <(.*)>/gi;
> $addressee = $1;
>
> ## Get a timestamp.
> $today = time();
>
> ## Output file format.
> $out = "$quarantine/$user-spam.$today.$pid";
>
>
> $sendmail_output = `/usr/sbin/sendmail -bv $addressee`;
>
> if ($sendmail_output =~ /deliverable: mailer local, user /){
> $user = $';
> chomp($user);
> }
> else {
> print "This message is either undeliverable, or not local. Exiting.\n";
> open LOG, ">>$log" or die "Cannot open $log for write :$!";
> print LOG "Message bound for $addressee failed and had\nthe following
> sendmail output:\n\n$sendmail_output\n\nmThe message body
> follows:\n\n$message\n\n";
> print LOG "-----------------------------------------\n\n";
> close(LOG);
> exit();
> }
>
> open OUT, ">$out" or die "Cannot open $out for write :$!";
> print OUT $message;
> close(OUT);
>
> --- end code ---
>
> Spamass-milter has -b -i 127.0.0.0/32 and -i my.real.ip.address/32 all
> passed on the command line, so that messages sent from the system to the
> system won't get filtered, which will be important when people go to
> recover the messages.
>
> Here are the gotcha's I've come across so far:
>
> I'm the only try 'local' user on the system in my company. Everyone else
> is on an exchange server, so the user accounts exist, with .forwards in
> their home directories, the idea being that filtering would occur, their
> user_prefs would get read, and then the message would get passed to
> Exchange. This doesn't happen apparently, as when I put this in place, it
> only worked for me. A look at the logfile and sendmail's outpt told me
> right away why:
>
> Notice: -bv may give misleading output for non-privileged user
> address@hidden deliverable: mailer esmtp, host
> router.stg-stl.com., user address@hidden
>
> Sendmail is being too smart for it's own good. When sendmail -bv gets
> run, it's look at the user's .forward file. :-\. Not to mention the fact
> that spamass-milter is already resolving local users. Perhaps you've gone
> about it differently, and could add an option header like
> X-Spam-Orig-To-LocalUser: ? That way we're not doing work twice for each
> spam message?
>
> The cron'ed scripts on the aforementioned site could more or less be
> dropped in at this point. The only thing left for me to do is set this
> script up to have two subroutines: quarantine and retrieve, again
> bypassing a need for procmail. I'm not sure how to do that exactly,
> either that or when sending out the digest message, have a Reply-To:
> header in there and set another alias as retreive-spam: "| mynewscript"
> and have that do the retrieval.
>
> So any useful suggestions? I wonder how baracuda handles users, since
> NONE of them are local. My wife has one at her office, and when she first
> sets the box up (it's linux with spamcop, spamassassin, amavisd, and some
> other optional blacklists) it has no idea what users are there, and the
> first time it sends out a digest message, they're prompted to go to a web
> page and bookmark it, and this page allows their user account to be
> created, and to tweak SA, amavisd, and what blacklists they wish to use or
> not. They also retrieve messages from a web interface as opposed to an
> e-mail response as used here, but that's really just semantics.
>
> Any ideas?
>
> Tony Shadwick
> Manager of Internet Services
> Strategic Technology Group
> 314-872-3000 x105
>
>
>
> _______________________________________________
> Spamass-milt-list mailing list
> address@hidden
> http://mail.nongnu.org/mailman/listinfo/spamass-milt-list
>