Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smapd, procmail, and sendmail for hub filtering

From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Fri, 12 May 2000 14:39:50 -0400
On Fri, May 05, 2000 at 09:00:46PM -0500, Sean A. Walberg wrote:

In light of the recent email worms, I'd like to be able to filter out
stuff like attachments on my sendmail gateway.  All solutions point to
procmail, however they all use it as the local delivery mechanism.

However, my sendmail server doesn't have any mailboxes on it, as it
accepts the mail from the world and then resends it to internal machines
based on the domain (ie mailertables and MX), so I can't use the local
delivery feature.  The example in the procmail manpage for my
configuration requires an explicit domain, so it's only good for incoming
mail and the domains are static.

What I thought was to use smap to accept the mail, and then smapd would
pipe it through procmail which could filter and then pipe through sendmail
(instead of directly through sendmail).  Has anyone done this or know of
someone who has?  Is there a better way of doing what I'm attempting?


This is frequently done, with no change to 'smapd', and no use of
'procmail'.

Have 'smap' move incoming mail to a different directory.  Write a quick
wrapper program which, for each file in that directory, runs the active
code checker on it and, if clean, passes it on to the regular 'smapd'
directory, and then calls 'smapd'.  Call this wrapper program from
'cron', instead of 'smapd'.

You may find a pointer to such a program at one of the mirrors to
www.fwtk.org.

The interesting and tricky policy question is - what to do about the
mail messages that don't pass?  Probably the best thing is to have a
human vet them [using sendmail and mutt, not MS Outlook!].  They can
then be sent right on, cleaned out and sent on, rejected with a letter,
sent to the Cybercops, or whatever.

-- 
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Previous By Date Next
Previous By Thread Next

Current thread: