SMTP Proxies
Pages: 1, 2
Profiles and Viruses
Each profile is an ASCII text file that contains a set of rules indicating
what messagewall should look for when it is reading the data
portion of a packet. The configuration file uses the Medium
profile by default, which looks like this:
% cd /usr/local/etc/messagewall/
% more Medium
reject_score=1
dnsbl=1,list.dsbl.org
dnsbl=1,bl.spamcop.net
rmx_required=1,1
filename_reject=1,.exe
filename_reject=1,.pif
filename_reject=1,.scr
filename_reject=1,.vbs
filename_reject=1,.bat
filename_reject=1,.com
filename_reject=1,.shs
filename_reject=1,.wsc
header_rejecti=1,Precedence:junk
header_rejecti=1,X-Mailer:Microsoft CDO
header_rejecti=1,X-Mailer:eGroups Message Poster
header_rejecti=1,X-Mailer:Delphi Mailing System
header_rejecti=1,X-Mailer:diffondi
header_rejecti=1,X-Mailer:RoryMAILER
header_rejecti=1,X-Mailer:GreenRider
header_rejecti=1,X-Mailer:GoldMine
header_rejecti=1,X-Mailer:MailPro
header_rejecti=1,X-Mailer:charset(89)
header_rejecti=1,X-Mailer:MailWorkZ
header_rejecti=1,X-Mailer:bulk
virus_scan=1,virus.patternsNote that the file is composed of variables followed by values. Explanations
of each variable and examples of possible values are given in man
messagewall_profiles. Most of the values are straightforward. For
example, the filename_reject variable indicates which attachments
should be discarded. In this profile, any attachment with an extension of
exe, pif, scr, vbs,
bat, com, shs, or wsc will
be rejected. One could easily follow the format and add his or her own lines for
extensions that should also be rejected.
If you've ever configured a spam filter such as procmail,
you'll recognize the header_rejecti variable. The values indicate
what to look for in an email message's header. If that value is found, the
message will be rejected as spam.
Unsurprisingly, the virus_scan variable tells
messagewall to scan for viruses as long as this value is turned on
or set to 1. You should note that, like all SMTP proxies,
messagewall relies upon a separate virus-scanning product.
messagewall follows the Open AntiVirus format.
Remember copying the default virus patterns earlier? These virus definitions will get you started, but you will still want to download the latest virus definitions. If you're the curious type, the format is in ASCII text, meaning you can take a look at the virus definition file.
Simply save the downloaded file to:
/usr/local/etc/messagewall/virus.patternsAlternately, you can use any antivirus product that supports the Open AntiVirus format. Keep in mind when choosing an antivirus product that most are free for personal use, but cost for business or commercial use.
Before we leave the default profile, you should take the time to check out the settings in the other available profiles. If you find a profile that is better suited to your network's needs, don't forget to edit messagewall.conf to reflect the desired profile.
Okay, you've chosen a profile, you've selected an antivirus product and
downloaded its latest definitions. To start messagewall, simply
type:
% messagewallmessagewall must be started as root in order to bind to the
specified address on port 25. However, once the port is bound, it will enter
the chroot and assume the identity of the mwall user.
Note that you'll lose your prompt when you start messagewall and
will see a series of messages:
STARTUP/STATUS: loaded profile Extreme
STARTUP/STATUS: loaded profile Medium Plus
STARTUP/STATUS: loaded profile Light
STARTUP/STATUS: loaded profile Relay
STARTUP/STATUS: loaded profile Warning
STARTUP/STATUS: loaded profile Medium
STARTUP/STATUS: loaded profile Reject
STARTUP/STATUS: loaded profile Strong
STARTUP/STATUS: loaded profile Light Plus
STARTUP/STATUS: loaded profile Strong Plus
STARTUP/STATUS: loaded profile None
{0} PROCESS/STATUS: start
{0} [0] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [1] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [2] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [3] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [4] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [0] BACKEND/STATUS: connection established
{0} [1] BACKEND/STATUS: connection established
{0} [2] BACKEND/STATUS: connection established
{0} [3] BACKEND/STATUS: connection established
{0} [4] BACKEND/STATUS: connection establishedYou can further verify that messagewall is listening for
connections by telnetting to port 25 using the IP address you specified in your
configuration file:
$ telnet 1.2.3.4 25
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
220 example.com MessageWall 1.0.8 (You may not relay)Other Utilities
Finally, there are two other utilities that were installed with
messagewall. messagewallctl is used to interact with
messagewall once it is running. It has its own manpage; type
messagewallctl to receive its list of possible commands.
Virus definitions are usually updated on a daily basis. You'll need to make
messagewall aware that the definitions have changed, but you don't
want to stop the service in order to do so. Instead, simply type:
% messagewallctl reload-virusThis is the most common usage of messagewallctl. Refer to its
manpage to see its other usages.
The other utility is messagewallstats. To use this handy
utility, first create an empty file to hold the statistics. I've decided to
create one in the chroot:
% touch ~mwall/messagewallstatsThen start messagewall, telling it to redirect its statistical
output to this file:
% messagewall > ~mwall/messagewallstatsNow, whenever you want to view the statistics:
$ messagewallstats ~mwall/messagewallstats | moreAs you can see, I was pretty anxious and viewed my stats before any email
actually arrived and had a chance to be acted upon by
messagewall:
Client Connections: 0
QUIT: 0
Disconnect: 0
Disconnect inside DATA: 0
Bare LF: 0
Idle Timeout: 0
Too many errors: 0
Client TLS Attempts: 0
Success: 0
Overflows: 0
Per-IP Overflows: 0
Backend Overflows: 0
Backend Rejection Overflows: 0
Backend connection attempts: 0
Success: 0
TLS: 0
Invalid MAIL characters: 0
Invalid RCPT characters: 0
Client Messages: 0
Bare LF inside DATA: 0
8bit inside DATA: 0
Rejected by Profile: 0
Completely Received: 0
Sent to Backend: 0
Accepted by Backend: 0
Messages Rejected by Filter: 0
Failed To/CC: 0
Failed From: 0
Matched DNSBL: 0
Matched Domain DNSBL: 0
Matched DNSDCC: 0
Reverse Path MX/A lookup timed out: 0
Reverse DNS lookup timed out: 0
Failed Reverse Path MX/A: 0
Failed Reverse DNS: 0
Failed Body check: 0
Failed Header check: 0
Illegal attachment filename: 0
Virus: 0
No accepted MIME parts: 0
Missing MIME boundary: 0
Too many parts: 0
Illegal multipart encoding: 0
Unknown MIME encoding: 0
Invalid QP encoding: 0
Invalid base64 encoding: 0
Mail Traffic
Bytes received: 0
Bytes rejected: 0
Bytes accepted: 0This should get you started with messagewall. For further
information, there is an FAQ and an archive of the mailing lists at the messagewall home page.
Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.
Read more FreeBSD Basics columns.
Return to the BSD DevCenter.
You must be logged in to the O'Reilly Network to post a talkback.
Showing messages 1 through 2 of 2.
one of my users are getting this bounce when sending out a mass mail from our Volunteer dept - to all volunteers of zoo atlanta.
The effected emial hosts are AOL , Hotmail and Earthlink accounts....Can you explain what the above mwall message indicates..thanks