Implement Access Control List With MailScanner???
Walt Wyndroski
wdwrn at FRIENDLYCITY.NET
Tue Jul 6 18:59:52 IST 2004
Let me rephrase. BTW, I have read the README and EXAMPLES files quite
closely. The blacklist and whitelist rules files only let you determine what
is definitely spam or definitely not spam. For what I am wanting to do, you
have to create a rule for something to make sure it gets marked as
definitely spam. Then you have to go to the spam.actions.rules and specify
some other rules for what you want to do with that spam. What I am wanting
is one place to arbitrarily do that.
Unless I read the EXAMPLES and README wrong, when matching cidr networks,
you can only make a positive match. I need to make a negative match. For
instance: "NOT 10.1.1.". Julian is using Perl regexes to do the matches,
which I am presuming he is using =~ to begin the regexes. Off the top of my
head, I only know to use !~ to make a negative regex.
If I those two tools, I could do the following easily:
From: <mydomain or any other domain> and From: NOT<cidr block>
FORWARD,DELETE
or
To: <some other domain> and From: <some specific ip or host> DELETE (this
would allow this host to send to other domains but not the domain listed in
this rule)
I'm just trying to get some fine-tuned control easily. There is probably an
easier way to do this with the current rulesets. I am simply approaching the
problem from my most common frame of reference: routing ACL's. Up until now,
the current ruleset structure has worked wonderfully for me.
Regards,
Walt Wyndroski
----- Original Message -----
From: "Derek Winkler" <dwinkler at ALGORITHlMICS.COM>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, July 06, 2004 11:46 AM
Subject: Re: Implement Access Control List With MailScanner???
> You need to read README and EXAMPLES in the rules directory, you can do
this
> already.
>
> A rule can contain an 'and' and two conditions.
>
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
> > Behalf Of Walt Wyndroski
> > Sent: Tuesday, July 06, 2004 10:11 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Implement Access Control List With MailScanner???
> >
> >
> > Simple semantics :) User is a shorter word. :) Actually they
> > are customers.
> >
> > I am going to look into SPF for my domain as suggested from a
> > post a couple
> > of days ago. However, I would still like to see some type of
> > ACL method in
> > MailScanner. I think it would be handy to some type of
> > ruleset as follows:
> >
> > From:/To:/FromOrTo: <domain> From: <cidr block or ip>
> > <deliver/delete/store/etc.>
> >
> > That could give some really fine control over some situations.
> >
> > Walt Wyndroski
> >
> > ----- Original Message -----
> > From: "Ken A" <ka at PACIFIC.NET>
> > To: <MAILSCANNER at JISCMAIL.AC.UK>
> > Sent: Friday, July 02, 2004 11:10 AM
> > Subject: Re: Implement Access Control List With MailScanner???
> >
> >
> > > Walt Wyndroski wrote:
> > >
> > > > Here is some more information on my setup:
> > > >
> > > > 1) Over 3000 users.
> > > > 2) I allow relaying only for the 8 Class C networks which
> > we use/serve.
> > > > 3) I DO NOT allow relaying for my domain name.
> > > > 4) Roaming users can user our web interface if they wish
> > to send mail as
> > > > being from our domain.
> > > > 5) I am blocking outbound and inbound port 25 for all of
> > my network
> > except
> > > > for my mail server obviously, my T-1 customers, and
> > static ip customers.
> > So
> > > > doing SMTP auth will not be a wise choice for me as some
> > of our users
> > who
> > > > connect to remote mail servers must relay through ours.
> > This prevent
> > virus
> > > > infected email from being spewed out from our networks or least
> > minimizes
> > > > it.
> > > > 6) Unfortunately, the security of my mail server and
> > network must come
> > > > before the needs of any roaming users which I may or may not have.
> > Security
> > > > is inversely proprortional to convenience.
> > >
> > > And convenience is directly proportional to customer
> > satisfaction.. But
> > > I notice you call them 'users' not 'customers', so perhaps
> > that's not an
> > > issue. :-)
> > > Ken
> > >
> > >
> > > > Walt Wyndroski
> > > >
> > > > ----- Original Message -----
> > > > From: "Alex Neuman" <alex at nkpanama.com>
> > > > To: <MAILSCANNER at JISCMAIL.AC.UK>
> > > > Sent: Thursday, July 01, 2004 10:10 PM
> > > > Subject: Re: Implement Access Control List With MailScanner???
> > > >
> > > >
> > > >
> > > >>This would break compatibility for roaming users.
> > > >>
> > > >>-----Original Message-----
> > > >>From: MailScanner mailing list
> > [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> > > >
> > > > Behalf
> > > >
> > > >>Of Walt Wyndroski
> > > >>Sent: Thursday, July 01, 2004 4:42 PM
> > > >>To: MAILSCANNER at JISCMAIL.AC.UK
> > > >>Subject: Re: Implement Access Control List With MailScanner???
> > > >>
> > > >>Actually, this thought just occured to me: The rulesets
> > in MailScanner
> > are
> > > >>structured as From:, FromOrTo:, To:, FromAndTo:. If I could use
> > > >
> > > > FromAndFrom:
> > > >
> > > >>then I could build a rule as follows:
> > > >>
> > > >>From: mydomain.com From: <IP or Subnet> Accept
> > > >>From: mydomain.com From: 0.0.0.0/0 Deny
> > > >>
> > > >>OR:
> > > >>
> > > >>Can I use rulesets within rulesets? For instance, in the
> > blacklist.rules
> > > >>could I put:
> > > >>
> > > >>From: mydomain.com /etc/MailScanner/rules/mydomain.com.txt
> > > >>
> > > >>And inside "/etc/MailScanner/rules/mydomain.com.txt" I would put:
> > > >>
> > > >>From: <my subnet(s)> NO
> > > >>From: default YES or From: /!(<my
> > subnet(s)>)/ YES
> > > >>
> > > >>What do you all think?
> > > >>
> > > >>Walt Wyndroski
> > > >>
> > > >>
> > > >>
> > > >>----- Original Message -----
> > > >>From: "Walt Wyndroski" <wdwrn at friendlycity.net>
> > > >>To: <MAILSCANNER at JISCMAIL.AC.UK>
> > > >>Sent: Thursday, July 01, 2004 5:05 PM
> > > >>Subject: Implement Access Control List With MailScanner???
> > > >>
> > > >>
> > > >>
> > > >>>Hello all,
> > > >>> I've been doing some serious googling over the 2-3
> > days about how
> > to
> > > >>>implement a type of ACL (access control list) for
> > Sendmail which would
> > > >>
> > > >>help
> > > >>
> > > >>>in preventing the spoofing of my domain to my users. The
> > only thing I
> > > >
> > > > can
> > > >
> > > >>>find are rulesets which are inserted direclty into the
> > sendmail.cf,
> > > >
> > > > which
> > > >
> > > >>is
> > > >>
> > > >>>something that I really want to avoid. I was hoping
> > MailScanner would
> > > >>
> > > >>allow
> > > >>
> > > >>>me to do this. Here is my setup:
> > > >>>
> > > >>> Kernel Version 2.4.22-1.2194.nptlsmp
> > > >>>SendMail RPM Version sendmail-8.12.10-1.1.1
> > > >>>Procmail RPM Version procmail-3.22-11
> > > >>>MailScanner RPM Version mailscanner-4.30.2-1
> > > >>>
> > > >>>If an email arrives at my mail server with the from header as
> > > >>
> > > >>user at mydomain,
> > > >>
> > > >>>I need to further look at the message to see if the
> > message originated
> > > >>
> > > >>from
> > > >>
> > > >>>one of the subnets for which I relay. If it did, I'll
> > accept it. If it
> > > >>>didn't, I'll discard it. If anyone knows of a Sendmail
> > m4 rule for
> > this,
> > > >>>please point me in the right direction and accept my
> > apologies for
> > being
> > > >>
> > > >>on
> > > >>
> > > >>>the wrong list. :) Otherwise, if MailScanner can already
> > do this or if
> > > >>>someone has already written a custom function for this,
> > please point me
> > > >
> > > > in
> > > >
> > > >>>the right direction.
> > > >>>
> > > >>>Walt Wyndroski
> > > >>>
> > > >>>-------------------------- MailScanner list
> > ----------------------
> > > >>>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > > >>>Before posting, please see the Most Asked Questions at
> > > >>>http://www.mailscanner.biz/maq/ and the archives at
> > > >>>http://www.jiscmail.ac.uk/lists/mailscanner.html
> > > >>
> > > >>-------------------------- MailScanner list ----------------------
> > > >>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > > >>Before posting, please see the Most Asked Questions at
> > > >>http://www.mailscanner.biz/maq/ and the archives at
> > > >>http://www.jiscmail.ac.uk/lists/mailscanner.html
> > > >>
> > > >>-------------------------- MailScanner list ----------------------
> > > >>To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > > >>Before posting, please see the Most Asked Questions at
> > > >>http://www.mailscanner.biz/maq/ and the archives at
> > > >>http://www.jiscmail.ac.uk/lists/mailscanner.html
> > > >
> > > >
> > > > -------------------------- MailScanner list ----------------------
> > > > To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > > > Before posting, please see the Most Asked Questions at
> > > > http://www.mailscanner.biz/maq/ and the archives at
> > > > http://www.jiscmail.ac.uk/lists/mailscanner.html
> > > >
> > > >
> > >
> > > -------------------------- MailScanner list ----------------------
> > > To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > > Before posting, please see the Most Asked Questions at
> > > http://www.mailscanner.biz/maq/ and the archives at
> > > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
> > -------------------------- MailScanner list ----------------------
> > To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> > Before posting, please see the Most Asked Questions at
> > http://www.mailscanner.biz/maq/ and the archives at
> > http://www.jiscmail.ac.uk/lists/mailscanner.html
> >
>
> This email and any files transmitted with it are confidential and
> proprietary to Algorithmics Incorporated and its affiliates
> ("Algorithmics"). If received in error, use is prohibited. Please
destroy,
> and notify sender. Sender does not waive confidentiality or privilege.
> Internet communications cannot be guaranteed to be timely, secure, error
or
> virus-free. Algorithmics does not accept liability for any errors or
> omissions. Any commitment intended to bind Algorithmics must be reduced
to
> writing and signed by an authorized signatory.
>
> -------------------------- MailScanner list ----------------------
> To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/ and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list