* Re: [9fans] upas+scanmail question
@ 2002-03-13 15:23 presotto
0 siblings, 0 replies; 5+ messages in thread
From: presotto @ 2002-03-13 15:23 UTC (permalink / raw)
To: 9fans
By the way, the /bin/upas/vf in the qmail.in from my last message is
just a filter that wraps any attachments that could conceivably be
executable in a second header and tacks .suspect onto any
filename in the header. For example:
--NextPart_Webmail_9m3u9jl4l_16870_1015946096
Content-Type: multipart/mixed;
boundary="upas-uivwmswboqpteailkqnhbmxmyb"
Content-Disposition: inline
This is a multi-part message in MIME format.
--upas-uivwmswboqpteailkqnhbmxmyb
Content-Disposition: inline
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
The following attachment had content that we can't
prove to be harmless. To avoid possible automatic
execution, we changed the content headers.
The original header was:
Content-Type: application/msword; name="MM66.doc"
Content-Transfer-Encoding: base64
--upas-uivwmswboqpteailkqnhbmxmyb
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="MM66.doc.suspect"
Content-Transfer-Encoding: base64
We forward a lot of mail read by internal microsoft systems and we
don't want to be the vector for viruses. With this extra goo,
they at least have to save away the attachment with a different
name and then execute it by hand. It's less likely that they'll
do that without thinking since its a pain. Just clicking on a
.exe attachment it too darned easy.
We don't look for the actual signature of known viruses, its too
hard to stay ahead of the viruses without a full time person
keeping track. However, if someone wants, it would be a reasonable
thing to do.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] upas+scanmail question
@ 2002-03-14 13:55 rob pike
0 siblings, 0 replies; 5+ messages in thread
From: rob pike @ 2002-03-14 13:55 UTC (permalink / raw)
To: 9fans
> What does /mail/lib/haspercent look like?
#!/bin/rc
{
echo ''$1'' is an illegal address.
echo We don''t relay mail to addresses containing a %.
echo
echo '=================================================='
echo
sed 1d
} | upasname=/dev/null mail -s 'illegal address' $2
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] upas+scanmail question
@ 2002-03-14 8:27 nigel
0 siblings, 0 replies; 5+ messages in thread
From: nigel @ 2002-03-14 8:27 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 45 bytes --]
What does /mail/lib/haspercent look like?
[-- Attachment #2: Type: message/rfc822, Size: 4450 bytes --]
[-- Attachment #2.1.1: Type: text/plain, Size: 877 bytes --]
The way bobf did it here was to bind a different rewrite onto
/mail/lib/rewrite into smtp's name space (in /rc/bin/service/tcp25)
that queues everything into a queue for scan mail:
% cat /rc/bin/service.alt/tcp25
#!/bin/rc
#smtp serv net incalldir user
user=`{cat /dev/user}
bind -c /mail/lib/rewrite.in /mail/lib/rewrite
exec upas/smtpd -n $3
% cat /mail/lib/rewrite.in
# reject any address with a % because spammers might try to relay through us using
# it and an internal machine
.*%.* | "/mail/lib/haspercent '&' '\s'"
# everything else gets queued for the spam filter
.* | "/mail/lib/qmail.in '\s' 'net!achille' '&'"
% cat /mail/lib/qmail.in
#!/bin/rc
sender=$1
shift
addr=$1
shift
/bin/upas/vf | upas/scanmail -s -n /mail/queue mail $sender $addr $* || exit 1
upas/runq /mail/queue /mail/lib/remotemail</dev/null>/dev/null >[2=1]
exit 0
[-- Attachment #2.1.2: Type: message/rfc822, Size: 2076 bytes --]
From: Fco.J.Ballesteros <nemo@plan9.escet.urjc.es>
To: 9fans@cse.psu.edu
Subject: [9fans] upas+scanmail question
Date: Wed, 13 Mar 2002 12:10:31 +0100
Message-ID: <20020313111043.EAAD219995@mail.cse.psu.edu>
Hi,
I'm trying to use scanmail to filter spam. If I understand it,
/mail/lib/qmail calls scanmail to filter spam and then runq .
But for incomming mail, smtpd calls upas/send, which uses /mail/lib/rewrite to
see what to do. Now, if my mailhost is plan9.escet.urjc.es, rewrite
translates plan9.escet.urjc.es!nemo to local!nemo, and the entry for
local!nemo tells upas/send to add the mail to /mail/box/nemo/mbox, without
using qmail at all.
So, should I use two different queues to put scanmail in the smtpd
received mail pipeline? (queue local mails using scanmail, the run the
queue to deliver all queued mails)
Or is there any obvious way to make upas/send filter the mail through
scanmail and then add the mails passing the filter to the user mail
box?
thanks in advance
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [9fans] upas+scanmail question
@ 2002-03-13 15:04 presotto
0 siblings, 0 replies; 5+ messages in thread
From: presotto @ 2002-03-13 15:04 UTC (permalink / raw)
To: 9fans
[-- Attachment #1: Type: text/plain, Size: 877 bytes --]
The way bobf did it here was to bind a different rewrite onto
/mail/lib/rewrite into smtp's name space (in /rc/bin/service/tcp25)
that queues everything into a queue for scan mail:
% cat /rc/bin/service.alt/tcp25
#!/bin/rc
#smtp serv net incalldir user
user=`{cat /dev/user}
bind -c /mail/lib/rewrite.in /mail/lib/rewrite
exec upas/smtpd -n $3
% cat /mail/lib/rewrite.in
# reject any address with a % because spammers might try to relay through us using
# it and an internal machine
.*%.* | "/mail/lib/haspercent '&' '\s'"
# everything else gets queued for the spam filter
.* | "/mail/lib/qmail.in '\s' 'net!achille' '&'"
% cat /mail/lib/qmail.in
#!/bin/rc
sender=$1
shift
addr=$1
shift
/bin/upas/vf | upas/scanmail -s -n /mail/queue mail $sender $addr $* || exit 1
upas/runq /mail/queue /mail/lib/remotemail</dev/null>/dev/null >[2=1]
exit 0
[-- Attachment #2: Type: message/rfc822, Size: 2076 bytes --]
From: Fco.J.Ballesteros <nemo@plan9.escet.urjc.es>
To: 9fans@cse.psu.edu
Subject: [9fans] upas+scanmail question
Date: Wed, 13 Mar 2002 12:10:31 +0100
Message-ID: <20020313111043.EAAD219995@mail.cse.psu.edu>
Hi,
I'm trying to use scanmail to filter spam. If I understand it,
/mail/lib/qmail calls scanmail to filter spam and then runq .
But for incomming mail, smtpd calls upas/send, which uses /mail/lib/rewrite to
see what to do. Now, if my mailhost is plan9.escet.urjc.es, rewrite
translates plan9.escet.urjc.es!nemo to local!nemo, and the entry for
local!nemo tells upas/send to add the mail to /mail/box/nemo/mbox, without
using qmail at all.
So, should I use two different queues to put scanmail in the smtpd
received mail pipeline? (queue local mails using scanmail, the run the
queue to deliver all queued mails)
Or is there any obvious way to make upas/send filter the mail through
scanmail and then add the mails passing the filter to the user mail
box?
thanks in advance
^ permalink raw reply [flat|nested] 5+ messages in thread
* [9fans] upas+scanmail question
@ 2002-03-13 11:10 Fco.J.Ballesteros
0 siblings, 0 replies; 5+ messages in thread
From: Fco.J.Ballesteros @ 2002-03-13 11:10 UTC (permalink / raw)
To: 9fans
Hi,
I'm trying to use scanmail to filter spam. If I understand it,
/mail/lib/qmail calls scanmail to filter spam and then runq .
But for incomming mail, smtpd calls upas/send, which uses /mail/lib/rewrite to
see what to do. Now, if my mailhost is plan9.escet.urjc.es, rewrite
translates plan9.escet.urjc.es!nemo to local!nemo, and the entry for
local!nemo tells upas/send to add the mail to /mail/box/nemo/mbox, without
using qmail at all.
So, should I use two different queues to put scanmail in the smtpd
received mail pipeline? (queue local mails using scanmail, the run the
queue to deliver all queued mails)
Or is there any obvious way to make upas/send filter the mail through
scanmail and then add the mails passing the filter to the user mail
box?
thanks in advance
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2002-03-14 13:55 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2002-03-13 15:23 [9fans] upas+scanmail question presotto
-- strict thread matches above, loose matches on Subject: below --
2002-03-14 13:55 rob pike
2002-03-14 8:27 nigel
2002-03-13 15:04 presotto
2002-03-13 11:10 Fco.J.Ballesteros
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).