Configure auto_whitelist senders.
This commit is contained in:
Stuart Gathman
@@ -1,6 +1,9 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
# A simple milter that has grown quite a bit.
|
# A simple milter that has grown quite a bit.
|
||||||
# $Log$
|
# $Log$
|
||||||
|
# Revision 1.34 2005/10/19 21:07:49 customdesigned
|
||||||
|
# access.db stores keys in lower case
|
||||||
|
#
|
||||||
# Revision 1.33 2005/10/19 19:37:50 customdesigned
|
# Revision 1.33 2005/10/19 19:37:50 customdesigned
|
||||||
# Train screener on whitelisted messages.
|
# Train screener on whitelisted messages.
|
||||||
#
|
#
|
||||||
@@ -349,6 +352,7 @@ dspam_users = {}
|
|||||||
dspam_userdir = None
|
dspam_userdir = None
|
||||||
dspam_exempt = {}
|
dspam_exempt = {}
|
||||||
dspam_whitelist = {}
|
dspam_whitelist = {}
|
||||||
|
whitelist_senders = {}
|
||||||
dspam_screener = ()
|
dspam_screener = ()
|
||||||
dspam_internal = True # True if internal mail should be dspammed
|
dspam_internal = True # True if internal mail should be dspammed
|
||||||
dspam_reject = ()
|
dspam_reject = ()
|
||||||
@@ -497,6 +501,8 @@ def read_config(list):
|
|||||||
# dspam section
|
# dspam section
|
||||||
global dspam_dict, dspam_users, dspam_userdir, dspam_exempt, dspam_internal
|
global dspam_dict, dspam_users, dspam_userdir, dspam_exempt, dspam_internal
|
||||||
global dspam_screener,dspam_whitelist,dspam_reject,dspam_sizelimit
|
global dspam_screener,dspam_whitelist,dspam_reject,dspam_sizelimit
|
||||||
|
global whitelist_senders
|
||||||
|
whitelist_senders = cp.getaddrset('dspam','whitelist_senders')
|
||||||
dspam_dict = cp.getdefault('dspam','dspam_dict')
|
dspam_dict = cp.getdefault('dspam','dspam_dict')
|
||||||
dspam_exempt = cp.getaddrset('dspam','dspam_exempt')
|
dspam_exempt = cp.getaddrset('dspam','dspam_exempt')
|
||||||
dspam_whitelist = cp.getaddrset('dspam','dspam_whitelist')
|
dspam_whitelist = cp.getaddrset('dspam','dspam_whitelist')
|
||||||
@@ -828,6 +834,7 @@ class bmsMilter(Milter.Milter):
|
|||||||
self.new_headers = []
|
self.new_headers = []
|
||||||
self.recipients = []
|
self.recipients = []
|
||||||
self.cbv_needed = None
|
self.cbv_needed = None
|
||||||
|
self.whitelist_sender = False
|
||||||
t = parse_addr(f)
|
t = parse_addr(f)
|
||||||
if len(t) == 2: t[1] = t[1].lower()
|
if len(t) == 2: t[1] = t[1].lower()
|
||||||
self.canon_from = '@'.join(t)
|
self.canon_from = '@'.join(t)
|
||||||
@@ -872,17 +879,22 @@ class bmsMilter(Milter.Milter):
|
|||||||
self.log("REJECT: spam from self",pat)
|
self.log("REJECT: spam from self",pat)
|
||||||
self.setreply('550','5.7.1','I hate talking to myself.')
|
self.setreply('550','5.7.1','I hate talking to myself.')
|
||||||
return Milter.REJECT
|
return Milter.REJECT
|
||||||
elif internal_domains:
|
else:
|
||||||
for pat in internal_domains:
|
if internal_domains:
|
||||||
if fnmatchcase(domain,pat): break
|
for pat in internal_domains:
|
||||||
else:
|
if fnmatchcase(domain,pat): break
|
||||||
self.log("REJECT: zombie PC at ",self.connectip," sending MAIL FROM ",
|
else:
|
||||||
self.canon_from)
|
self.log("REJECT: zombie PC at ",self.connectip,
|
||||||
self.setreply('550','5.7.1',
|
" sending MAIL FROM ",self.canon_from)
|
||||||
'Your PC is using an unauthorized MAIL FROM.',
|
self.setreply('550','5.7.1',
|
||||||
'It is either badly misconfigured or controlled by organized crime.'
|
'Your PC is using an unauthorized MAIL FROM.',
|
||||||
)
|
'It is either badly misconfigured or controlled by organized crime.'
|
||||||
return Milter.REJECT
|
)
|
||||||
|
return Milter.REJECT
|
||||||
|
wl_users = whitelist_senders.get(domain,())
|
||||||
|
if user in wl_users or '' in wl_users:
|
||||||
|
self.whitelist_sender = True
|
||||||
|
|
||||||
self.rejectvirus = domain in reject_virus_from
|
self.rejectvirus = domain in reject_virus_from
|
||||||
if user in wiretap_users.get(domain,()):
|
if user in wiretap_users.get(domain,()):
|
||||||
self.add_recipient(wiretap_dest)
|
self.add_recipient(wiretap_dest)
|
||||||
@@ -1089,7 +1101,7 @@ class bmsMilter(Milter.Milter):
|
|||||||
self.hidepath = True
|
self.hidepath = True
|
||||||
if not domain in dspam_reject:
|
if not domain in dspam_reject:
|
||||||
self.reject_spam = False
|
self.reject_spam = False
|
||||||
if self.internal_connection:
|
if self.internal_connection and self.whitelist_sender:
|
||||||
if internal_domains:
|
if internal_domains:
|
||||||
for pat in internal_domains:
|
for pat in internal_domains:
|
||||||
if fnmatchcase(domain,pat): break
|
if fnmatchcase(domain,pat): break
|
||||||
|
|||||||
+9
-3
@@ -8,7 +8,7 @@ tempdir = /var/log/milter/save
|
|||||||
log_headers = 0
|
log_headers = 0
|
||||||
# connection ips and hostnames are matched against this glob style list
|
# connection ips and hostnames are matched against this glob style list
|
||||||
# to recognize internal senders.
|
# to recognize internal senders.
|
||||||
;internal_connect = 192.168.*.*
|
;internal_connect = 192.168.*.*,127.*
|
||||||
|
|
||||||
# mail that is not an internal_connect and claims to be from an
|
# mail that is not an internal_connect and claims to be from an
|
||||||
# internal domain is rejected. Furthermore, internal mail that
|
# internal domain is rejected. Furthermore, internal mail that
|
||||||
@@ -17,7 +17,7 @@ log_headers = 0
|
|||||||
# flexible. However, SPF is not currently checked for outgoing
|
# flexible. However, SPF is not currently checked for outgoing
|
||||||
# (internal_connect) mail because it doesn't yet handle authorizing
|
# (internal_connect) mail because it doesn't yet handle authorizing
|
||||||
# internal IPs locally.
|
# internal IPs locally.
|
||||||
;internal_domains = mycorp.com
|
;internal_domains = mycorp.com,localhost.localdomain
|
||||||
|
|
||||||
# connections from a trusted relay can trust the first Received header
|
# connections from a trusted relay can trust the first Received header
|
||||||
# SPF checks are bypassed for internal connections and trusted relays.
|
# SPF checks are bypassed for internal connections and trusted relays.
|
||||||
@@ -146,7 +146,13 @@ blind = 1
|
|||||||
# only EXTERNAL messages are dspam filtered
|
# only EXTERNAL messages are dspam filtered
|
||||||
;dspam_dict=/var/lib/dspam/moderator.dict
|
;dspam_dict=/var/lib/dspam/moderator.dict
|
||||||
|
|
||||||
# Opt-opt recipients from dspam screening and header triage
|
# Recipients of mail sent from these senders are added to the auto_whitelist.
|
||||||
|
# Auto_whitelisted senders with an SPF PASS are never rejected by dspam, and
|
||||||
|
# messages from auto_whitelisted senders will be used to train screener
|
||||||
|
# dictionaries as innocent mail.
|
||||||
|
;whitelist_senders = @mycorp.com
|
||||||
|
|
||||||
|
# Opt-out recipients entirely from dspam screening and header triage
|
||||||
;dspam_exempt=getitall@mycorp.com
|
;dspam_exempt=getitall@mycorp.com
|
||||||
# Do not scan mail (ostensibly) from these senders
|
# Do not scan mail (ostensibly) from these senders
|
||||||
;dspam_whitelist=getitall@sender.com
|
;dspam_whitelist=getitall@sender.com
|
||||||
|
|||||||
+4
-1
@@ -169,7 +169,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
/usr/share/sendmail-cf/hack/rhsbl.m4
|
/usr/share/sendmail-cf/hack/rhsbl.m4
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
|
* Fri Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1
|
||||||
|
- Fix SPF policy via sendmail access map (case insensitive keys).
|
||||||
|
- Auto whitelist senders
|
||||||
|
* Thu Oct 12 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
|
||||||
- Keep screened honeypot mail, but optionally discard honeypot only mail.
|
- Keep screened honeypot mail, but optionally discard honeypot only mail.
|
||||||
- spf_accept_fail option for braindead SPF senders (treats fail like softfail)
|
- spf_accept_fail option for braindead SPF senders (treats fail like softfail)
|
||||||
- Consider SMTP AUTH connections internal.
|
- Consider SMTP AUTH connections internal.
|
||||||
|
|||||||
Reference in New Issue
Block a user