Configure auto_whitelist senders.
This commit is contained in:
Stuart Gathman
@@ -1,6 +1,9 @@
|
||||
#!/usr/bin/env python
|
||||
# A simple milter that has grown quite a bit.
|
||||
# $Log$
|
||||
# Revision 1.34 2005/10/19 21:07:49 customdesigned
|
||||
# access.db stores keys in lower case
|
||||
#
|
||||
# Revision 1.33 2005/10/19 19:37:50 customdesigned
|
||||
# Train screener on whitelisted messages.
|
||||
#
|
||||
@@ -349,6 +352,7 @@ dspam_users = {}
|
||||
dspam_userdir = None
|
||||
dspam_exempt = {}
|
||||
dspam_whitelist = {}
|
||||
whitelist_senders = {}
|
||||
dspam_screener = ()
|
||||
dspam_internal = True # True if internal mail should be dspammed
|
||||
dspam_reject = ()
|
||||
@@ -497,6 +501,8 @@ def read_config(list):
|
||||
# dspam section
|
||||
global dspam_dict, dspam_users, dspam_userdir, dspam_exempt, dspam_internal
|
||||
global dspam_screener,dspam_whitelist,dspam_reject,dspam_sizelimit
|
||||
global whitelist_senders
|
||||
whitelist_senders = cp.getaddrset('dspam','whitelist_senders')
|
||||
dspam_dict = cp.getdefault('dspam','dspam_dict')
|
||||
dspam_exempt = cp.getaddrset('dspam','dspam_exempt')
|
||||
dspam_whitelist = cp.getaddrset('dspam','dspam_whitelist')
|
||||
@@ -828,6 +834,7 @@ class bmsMilter(Milter.Milter):
|
||||
self.new_headers = []
|
||||
self.recipients = []
|
||||
self.cbv_needed = None
|
||||
self.whitelist_sender = False
|
||||
t = parse_addr(f)
|
||||
if len(t) == 2: t[1] = t[1].lower()
|
||||
self.canon_from = '@'.join(t)
|
||||
@@ -872,17 +879,22 @@ class bmsMilter(Milter.Milter):
|
||||
self.log("REJECT: spam from self",pat)
|
||||
self.setreply('550','5.7.1','I hate talking to myself.')
|
||||
return Milter.REJECT
|
||||
elif internal_domains:
|
||||
else:
|
||||
if internal_domains:
|
||||
for pat in internal_domains:
|
||||
if fnmatchcase(domain,pat): break
|
||||
else:
|
||||
self.log("REJECT: zombie PC at ",self.connectip," sending MAIL FROM ",
|
||||
self.canon_from)
|
||||
self.log("REJECT: zombie PC at ",self.connectip,
|
||||
" sending MAIL FROM ",self.canon_from)
|
||||
self.setreply('550','5.7.1',
|
||||
'Your PC is using an unauthorized MAIL FROM.',
|
||||
'It is either badly misconfigured or controlled by organized crime.'
|
||||
)
|
||||
return Milter.REJECT
|
||||
wl_users = whitelist_senders.get(domain,())
|
||||
if user in wl_users or '' in wl_users:
|
||||
self.whitelist_sender = True
|
||||
|
||||
self.rejectvirus = domain in reject_virus_from
|
||||
if user in wiretap_users.get(domain,()):
|
||||
self.add_recipient(wiretap_dest)
|
||||
@@ -1089,7 +1101,7 @@ class bmsMilter(Milter.Milter):
|
||||
self.hidepath = True
|
||||
if not domain in dspam_reject:
|
||||
self.reject_spam = False
|
||||
if self.internal_connection:
|
||||
if self.internal_connection and self.whitelist_sender:
|
||||
if internal_domains:
|
||||
for pat in internal_domains:
|
||||
if fnmatchcase(domain,pat): break
|
||||
|
||||
+9
-3
@@ -8,7 +8,7 @@ tempdir = /var/log/milter/save
|
||||
log_headers = 0
|
||||
# connection ips and hostnames are matched against this glob style list
|
||||
# to recognize internal senders.
|
||||
;internal_connect = 192.168.*.*
|
||||
;internal_connect = 192.168.*.*,127.*
|
||||
|
||||
# mail that is not an internal_connect and claims to be from an
|
||||
# internal domain is rejected. Furthermore, internal mail that
|
||||
@@ -17,7 +17,7 @@ log_headers = 0
|
||||
# flexible. However, SPF is not currently checked for outgoing
|
||||
# (internal_connect) mail because it doesn't yet handle authorizing
|
||||
# internal IPs locally.
|
||||
;internal_domains = mycorp.com
|
||||
;internal_domains = mycorp.com,localhost.localdomain
|
||||
|
||||
# connections from a trusted relay can trust the first Received header
|
||||
# SPF checks are bypassed for internal connections and trusted relays.
|
||||
@@ -146,7 +146,13 @@ blind = 1
|
||||
# only EXTERNAL messages are dspam filtered
|
||||
;dspam_dict=/var/lib/dspam/moderator.dict
|
||||
|
||||
# Opt-opt recipients from dspam screening and header triage
|
||||
# Recipients of mail sent from these senders are added to the auto_whitelist.
|
||||
# Auto_whitelisted senders with an SPF PASS are never rejected by dspam, and
|
||||
# messages from auto_whitelisted senders will be used to train screener
|
||||
# dictionaries as innocent mail.
|
||||
;whitelist_senders = @mycorp.com
|
||||
|
||||
# Opt-out recipients entirely from dspam screening and header triage
|
||||
;dspam_exempt=getitall@mycorp.com
|
||||
# Do not scan mail (ostensibly) from these senders
|
||||
;dspam_whitelist=getitall@sender.com
|
||||
|
||||
+4
-1
@@ -169,7 +169,10 @@ rm -rf $RPM_BUILD_ROOT
|
||||
/usr/share/sendmail-cf/hack/rhsbl.m4
|
||||
|
||||
%changelog
|
||||
* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
|
||||
* Fri Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1
|
||||
- Fix SPF policy via sendmail access map (case insensitive keys).
|
||||
- Auto whitelist senders
|
||||
* Thu Oct 12 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
|
||||
- Keep screened honeypot mail, but optionally discard honeypot only mail.
|
||||
- spf_accept_fail option for braindead SPF senders (treats fail like softfail)
|
||||
- Consider SMTP AUTH connections internal.
|
||||
|
||||
Reference in New Issue
Block a user