Check internal_domains for outgoing mail.
This commit is contained in:
Stuart Gathman
@@ -1,6 +1,9 @@
|
|||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
# A simple milter that has grown quite a bit.
|
# A simple milter that has grown quite a bit.
|
||||||
# $Log$
|
# $Log$
|
||||||
|
# Revision 1.8 2005/06/06 18:24:59 customdesigned
|
||||||
|
# Properly log exceptions from pydspam
|
||||||
|
#
|
||||||
# Revision 1.7 2005/06/04 19:41:16 customdesigned
|
# Revision 1.7 2005/06/04 19:41:16 customdesigned
|
||||||
# Fix bugs from testing RPM
|
# Fix bugs from testing RPM
|
||||||
#
|
#
|
||||||
@@ -620,6 +623,17 @@ class bmsMilter(Milter.Milter):
|
|||||||
self.log("REJECT: spam from self",pat)
|
self.log("REJECT: spam from self",pat)
|
||||||
self.setreply('550','5.7.1','I hate talking to myself.')
|
self.setreply('550','5.7.1','I hate talking to myself.')
|
||||||
return Milter.REJECT
|
return Milter.REJECT
|
||||||
|
elif internal_domains:
|
||||||
|
for pat in internal_domains:
|
||||||
|
if fnmatchcase(domain,pat): break
|
||||||
|
else:
|
||||||
|
self.log("REJECT: zombie PC at ",self.connectip," sending MAIL FROM ",
|
||||||
|
self.canon_from)
|
||||||
|
self.setreply('550','5.7.1','Get rid of your virus!',
|
||||||
|
'Your PC is using an unauthorized MAIL FROM.',
|
||||||
|
'It is either badly misconfigured or controlled by organized crime.'
|
||||||
|
)
|
||||||
|
return Milter.REJECT
|
||||||
self.rejectvirus = domain in reject_virus_from
|
self.rejectvirus = domain in reject_virus_from
|
||||||
if user in wiretap_users.get(domain,()):
|
if user in wiretap_users.get(domain,()):
|
||||||
self.add_recipient(wiretap_dest)
|
self.add_recipient(wiretap_dest)
|
||||||
@@ -638,6 +652,8 @@ class bmsMilter(Milter.Milter):
|
|||||||
if not (self.internal_connection or self.trusted_relay) \
|
if not (self.internal_connection or self.trusted_relay) \
|
||||||
and self.connectip and spf:
|
and self.connectip and spf:
|
||||||
return self.check_spf()
|
return self.check_spf()
|
||||||
|
if self.internal_connection:
|
||||||
|
pass
|
||||||
return Milter.CONTINUE
|
return Milter.CONTINUE
|
||||||
|
|
||||||
def check_spf(self):
|
def check_spf(self):
|
||||||
|
|||||||
+13
-8
@@ -1,25 +1,29 @@
|
|||||||
[milter]
|
[milter]
|
||||||
# the socket used to communicate with sendmail. Must match sendmail.cf
|
# the socket used to communicate with sendmail. Must match sendmail.cf
|
||||||
;socket=/var/run/milter/pythonsock
|
socket=/var/run/milter/pythonsock
|
||||||
# where to save original copies of defanged and failed messages
|
# where to save original copies of defanged and failed messages
|
||||||
tempdir = /var/log/milter/save
|
tempdir = /var/log/milter/save
|
||||||
# how long to wait for a response from sendmail before giving up
|
# how long to wait for a response from sendmail before giving up
|
||||||
;timeout=600
|
;timeout=600
|
||||||
log_headers = 0
|
log_headers = 0
|
||||||
# connection ips and hostnames are matched against this glob style list
|
# connection ips and hostnames are matched against this glob style list
|
||||||
# to recognize internal senders
|
# to recognize internal senders.
|
||||||
;internal_connect = 192.168.*.*
|
;internal_connect = 192.168.*.*
|
||||||
|
|
||||||
# mail that is not an internal_connect and claims to be from an
|
# mail that is not an internal_connect and claims to be from an
|
||||||
# internal domain is rejected. You should enable SPF instead if you can.
|
# internal domain is rejected. Furthermore, internal mail that
|
||||||
# SPF is much more comprehensive and flexible.
|
# does not claim to be from an internal domain is rejected.
|
||||||
|
# You should enable SPF instead if you can. SPF is much more comprehensive and
|
||||||
|
# flexible. However, SPF is not currently checked for outgoing
|
||||||
|
# (internal_connect) mail because it doesn't yet handle authorizing
|
||||||
|
# internal IPs locally.
|
||||||
;internal_domains = mycorp.com
|
;internal_domains = mycorp.com
|
||||||
|
|
||||||
# connections from a trusted relay can trust the first Received header
|
# connections from a trusted relay can trust the first Received header
|
||||||
# SPF checks are bypassed for internal connections and trusted relays.
|
# SPF checks are bypassed for internal connections and trusted relays.
|
||||||
;trusted_relay = 1.2.3.4, 66.12.34.56
|
;trusted_relay = 1.2.3.4, 66.12.34.56
|
||||||
|
|
||||||
# reject external senders with hello names no legit external sender would use
|
# Reject external senders with hello names no legit external sender would use.
|
||||||
# SPF will do this also, but listing your own domain and mailserver here
|
# SPF will do this also, but listing your own domain and mailserver here
|
||||||
# will save some DNS lookups when rejecting certain viruses.
|
# will save some DNS lookups when rejecting certain viruses.
|
||||||
;hello_blacklist = mycorp.com, 66.12.34.56
|
;hello_blacklist = mycorp.com, 66.12.34.56
|
||||||
@@ -46,7 +50,7 @@ porn_words = penis, breast, pussy, horse cock, porn, xenical, diet pill, d1ck,
|
|||||||
p-e-n-i-s, hydrocodone, vicodin, xanax, vicod1n, x@nax, diazepam,
|
p-e-n-i-s, hydrocodone, vicodin, xanax, vicod1n, x@nax, diazepam,
|
||||||
v1@gra, xan@x, cialis, ci@lis, frëe, xãnax, valíum, vãlium, via-gra,
|
v1@gra, xan@x, cialis, ci@lis, frëe, xãnax, valíum, vãlium, via-gra,
|
||||||
x@n3x, vicod3n, penís, c0d1n, phentermine, en1arge, dip1oma, v1codin,
|
x@n3x, vicod3n, penís, c0d1n, phentermine, en1arge, dip1oma, v1codin,
|
||||||
valium, rolex, sexual
|
valium, rolex, sexual, fuck
|
||||||
# reject mail with these case sensitive strings in the subject
|
# reject mail with these case sensitive strings in the subject
|
||||||
spam_words = $$$, !!!, XXX, FREE, HGH
|
spam_words = $$$, !!!, XXX, FREE, HGH
|
||||||
# attachments with these extensions will be replaced with a warning
|
# attachments with these extensions will be replaced with a warning
|
||||||
@@ -76,9 +80,10 @@ reject_spoofed = 0
|
|||||||
;reject_neutral = aol.com
|
;reject_neutral = aol.com
|
||||||
# use a default (v=spf1 a/24 mx/24 ptr) when no SPF records are published
|
# use a default (v=spf1 a/24 mx/24 ptr) when no SPF records are published
|
||||||
;best_guess = 0
|
;best_guess = 0
|
||||||
# reject senders that have neither PTR nor SPF records, or DSN if false
|
# Reject senders that have neither PTR nor valid HELO nor SPF records, or send
|
||||||
|
# DSN otherwise
|
||||||
;reject_noptr = 0
|
;reject_noptr = 0
|
||||||
# always accept softfail from these domains, or DSN otherwise
|
# always accept softfail from these domains, or send DSN otherwise
|
||||||
;accept_softfail = bounces.amazon.com
|
;accept_softfail = bounces.amazon.com
|
||||||
|
|
||||||
# features intended to clean up outgoing mail
|
# features intended to clean up outgoing mail
|
||||||
|
|||||||
Reference in New Issue
Block a user