Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
P
pymilter
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Container registry
Model registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
misc
pymilter
Commits
3a1c964f
Commit
3a1c964f
authored
19 years ago
by
Stuart Gathman
Browse files
Options
Downloads
Patches
Plain Diff
Configure auto_whitelist senders.
parent
36ae390f
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
bms.py
+24
-12
24 additions, 12 deletions
bms.py
milter.cfg
+9
-3
9 additions, 3 deletions
milter.cfg
milter.spec
+4
-1
4 additions, 1 deletion
milter.spec
with
37 additions
and
16 deletions
bms.py
+
24
−
12
View file @
3a1c964f
#!/usr/bin/env python
# A simple milter that has grown quite a bit.
# $Log$
# Revision 1.34 2005/10/19 21:07:49 customdesigned
# access.db stores keys in lower case
#
# Revision 1.33 2005/10/19 19:37:50 customdesigned
# Train screener on whitelisted messages.
#
...
...
@@ -349,6 +352,7 @@ dspam_users = {}
dspam_userdir
=
None
dspam_exempt
=
{}
dspam_whitelist
=
{}
whitelist_senders
=
{}
dspam_screener
=
()
dspam_internal
=
True
# True if internal mail should be dspammed
dspam_reject
=
()
...
...
@@ -497,6 +501,8 @@ def read_config(list):
# dspam section
global
dspam_dict
,
dspam_users
,
dspam_userdir
,
dspam_exempt
,
dspam_internal
global
dspam_screener
,
dspam_whitelist
,
dspam_reject
,
dspam_sizelimit
global
whitelist_senders
whitelist_senders
=
cp
.
getaddrset
(
'
dspam
'
,
'
whitelist_senders
'
)
dspam_dict
=
cp
.
getdefault
(
'
dspam
'
,
'
dspam_dict
'
)
dspam_exempt
=
cp
.
getaddrset
(
'
dspam
'
,
'
dspam_exempt
'
)
dspam_whitelist
=
cp
.
getaddrset
(
'
dspam
'
,
'
dspam_whitelist
'
)
...
...
@@ -828,6 +834,7 @@ class bmsMilter(Milter.Milter):
self
.
new_headers
=
[]
self
.
recipients
=
[]
self
.
cbv_needed
=
None
self
.
whitelist_sender
=
False
t
=
parse_addr
(
f
)
if
len
(
t
)
==
2
:
t
[
1
]
=
t
[
1
].
lower
()
self
.
canon_from
=
'
@
'
.
join
(
t
)
...
...
@@ -872,17 +879,22 @@ class bmsMilter(Milter.Milter):
self
.
log
(
"
REJECT: spam from self
"
,
pat
)
self
.
setreply
(
'
550
'
,
'
5.7.1
'
,
'
I hate talking to myself.
'
)
return
Milter
.
REJECT
elif
internal_domains
:
else
:
if
internal_domains
:
for
pat
in
internal_domains
:
if
fnmatchcase
(
domain
,
pat
):
break
else
:
self
.
log
(
"
REJECT: zombie PC at
"
,
self
.
connectip
,
"
sending MAIL FROM
"
,
self
.
canon_from
)
self
.
log
(
"
REJECT: zombie PC at
"
,
self
.
connectip
,
"
sending MAIL FROM
"
,
self
.
canon_from
)
self
.
setreply
(
'
550
'
,
'
5.7.1
'
,
'
Your PC is using an unauthorized MAIL FROM.
'
,
'
It is either badly misconfigured or controlled by organized crime.
'
)
return
Milter
.
REJECT
wl_users
=
whitelist_senders
.
get
(
domain
,())
if
user
in
wl_users
or
''
in
wl_users
:
self
.
whitelist_sender
=
True
self
.
rejectvirus
=
domain
in
reject_virus_from
if
user
in
wiretap_users
.
get
(
domain
,()):
self
.
add_recipient
(
wiretap_dest
)
...
...
@@ -1089,7 +1101,7 @@ class bmsMilter(Milter.Milter):
self
.
hidepath
=
True
if
not
domain
in
dspam_reject
:
self
.
reject_spam
=
False
if
self
.
internal_connection
:
if
self
.
internal_connection
and
self
.
whitelist_sender
:
if
internal_domains
:
for
pat
in
internal_domains
:
if
fnmatchcase
(
domain
,
pat
):
break
...
...
This diff is collapsed.
Click to expand it.
milter.cfg
+
9
−
3
View file @
3a1c964f
...
...
@@ -8,7 +8,7 @@ tempdir = /var/log/milter/save
log_headers
=
0
# connection ips and hostnames are matched against this glob style list
# to recognize internal senders.
;internal_connect = 192.168.*.*
;internal_connect = 192.168.*.*
,127.*
# mail that is not an internal_connect and claims to be from an
# internal domain is rejected. Furthermore, internal mail that
...
...
@@ -17,7 +17,7 @@ log_headers = 0
# flexible. However, SPF is not currently checked for outgoing
# (internal_connect) mail because it doesn't yet handle authorizing
# internal IPs locally.
;internal_domains = mycorp.com
;internal_domains = mycorp.com
,localhost.localdomain
# connections from a trusted relay can trust the first Received header
# SPF checks are bypassed for internal connections and trusted relays.
...
...
@@ -146,7 +146,13 @@ blind = 1
# only EXTERNAL messages are dspam filtered
;dspam_dict=/var/lib/dspam/moderator.dict
# Opt-opt recipients from dspam screening and header triage
# Recipients of mail sent from these senders are added to the auto_whitelist.
# Auto_whitelisted senders with an SPF PASS are never rejected by dspam, and
# messages from auto_whitelisted senders will be used to train screener
# dictionaries as innocent mail.
;whitelist_senders = @mycorp.com
# Opt-out recipients entirely from dspam screening and header triage
;dspam_exempt=getitall@mycorp.com
# Do not scan mail (ostensibly) from these senders
;dspam_whitelist=getitall@sender.com
...
...
This diff is collapsed.
Click to expand it.
milter.spec
+
4
−
1
View file @
3a1c964f
...
...
@@ -169,7 +169,10 @@ rm -rf $RPM_BUILD_ROOT
/usr/share/sendmail-cf/hack/rhsbl.m4
%changelog
* Fri Jul 15 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
* Fri Oct 20 2005 Stuart Gathman <stuart@bmsi.com> 0.8.4-1
- Fix SPF policy via sendmail access map (case insensitive keys).
- Auto whitelist senders
* Thu Oct 12 2005 Stuart Gathman <stuart@bmsi.com> 0.8.3-1
- Keep screened honeypot mail, but optionally discard honeypot only mail.
- spf_accept_fail option for braindead SPF senders (treats fail like softfail)
- Consider SMTP AUTH connections internal.
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment