New version of bogofilter-milter.pl

Tom Anderson tanderso at oac-design.com
Thu Aug 2 09:46:02 CEST 2007 

I have a new patch for you for whitelisting particular mail servers,
such as localhost.  This lets you avoid classifying and rejecting stuff
from postmaster, et al, and allowing forwards from another server
without having to finagle in the magic string somehow.

Tom


Jonathan Kamens wrote:
> Comments in-line.
> 
> On 07/30/2007 07:15 PM, Tom Anderson wrote:
>> Comments in-line...
>>
>> Jonathan Kamens wrote:
>>   
>>> The change from 'mail' to 'LOG_MAIL' in the openlog call is wrong, 
>>> according to the Sys::Syslog documentation on my machine.  The 
>>> documentation says that you can use either a facility string, e.g., 
>>> 'mail', or a facility macro /without/ quotes, e.g., LOG_MAIL.  It 
>>> doesn't say that you're allowed to use 'LOG_MAIL' in quotes.  While it's 
>>> interesting that that works for you :-), since it's contraindicated by 
>>> the documentation and specifying 'mail' works just fine for me, I don't 
>>> think I can accept that patch.  Could you dig a little deeper and see if 
>>> you can figure out what's going on at your end?  What version of Perl 
>>> are you using (what does "perl -v" return)?  What version of Sys::Syslog 
>>> are you using (what does "perl -e 'use Sys::Syslog; print 
>>> $Sys::Syslog::Version;'" return)?
>>>     
>>
>> Seems to me like using "LOG_MAIL" is correct given the docs:
>> ...
>>   
> This looks like a difference between the version of Sys::Syslog you're 
> using and the one I'm using.  I'm using 0.18, but an earlier version, 
> 0.13, is shipped with Perl.  It looks to me like they got more "liberal" 
> about log facilities in most recent version.  Since it appears that the 
> 'LOG_MAIL' you suggested is compatible with both 0.13 and 0.18, I've 
> modified the script as you suggested to use that string, even though 
> it's not the syntax recommended by the Sys::Syslog man page for version 
> 0.18.
> 
>> Sure, you can use my name/email.  Please make the email 
>> neo+bogofilter-milter at orderamidchaos.com.  Here are some comments you 
>> can append to the top (just an altered version of your comments):
>>   
> Thanks, I've put an updated version of your gentoo script as well as an 
> updated version of bogofilter-milter.pl up on my home page 
> (http://stuff.mit.edu/~jik/).
> 
>> BTW, here's another issue I was having that you may or may not know 
>> something about.  When I put the bogofilter-milter below clamav in my 
>> sendmail.mc, everything works fine, but when I put clamav under it, it 
>> says the socket is unsafe.  Any ideas?
>>
>> Jul 30 19:10:50 [sm-mta] l6UNATfp026297: Milter (bogofilter-milter): 
>> local socket name /var/run/bogofilter-milter.sock unsafe
>> Jul 30 19:10:50 [sm-mta] l6UNATfp026297: Milter (bogofilter-milter): to 
>> error state
>>   
> Is it possible that the clamav milter is changing the permissions on 
> bogofilter-milter.sock?  Other than that, I have no guesses, sorry.  
> Perhaps ask about it in comp.mail.sendmail?
> 
>   jik

-------------- next part --------------
c27 28
# IO::Stringy, Socket, Net::CIDR.  Before using this script, search
# for CONFIGURABLE SETTINGS and configure them appropriately for your
# site.
.
a80
# Whitelist any IP addresses or ranges from this filter
our @whitelist = ("127.0.0.1");

.
a199
use Socket;
use Net::CIDR;
.
a212
 'connect' => \&my_connect_callback,
.
a235
# convert whitelist into CIDR notation
our @cidr_list = ();
foreach my $IP (@whitelist) {
  if (not eval {@cidr_list = Net::CIDR::cidradd ($IP, @cidr_list)}) {
    &die("Error processing whitelist: \"$IP\" is not a valid IP address or range.");
  }
}

.
a264
sub my_connect_callback {
    my $ctx = shift; # milter context object
    my $hostname = shift;       # The connection's host name.
    my $sockaddr_in = shift;    # AF_INET portion of the host address, from getpeername(2) syscall
    my ($port,$ipaddr) = Socket::unpack_sockaddr_in($sockaddr_in) or &die("Could not unpack socket address: $!");
    $ipaddr = Socket::inet_ntoa($ipaddr); # translates it into a standard IPv4 address

    &debuglog("my_connect_callback: entering with hostname=$hostname, ipaddr=$ipaddr, port=$port");

    # check if the connecting server is listed in the whitelist
    if (scalar @whitelist)
    {
        if (eval {Net::CIDR::cidrlookup($ipaddr, @cidr_list)}) {
          syslog('info', '%s', "$ipaddr is in the whitelist, so this email is being accepted unfiltered.");
          $ctx -> setpriv(undef);
          return SMFIS_ACCEPT;
        }
        #else { syslog('info', '%s', "$ipaddr is not in the whitelist"); }
    }

    $ctx->setpriv(undef);
    &debuglog("my_connect_callback: return CONTINUE with undef");
    return SMFIS_CONTINUE;
}

.

More information about the bogofilter mailing list