"Lumpp, Wolfgang" wrote:
>
> Hi,
> I'm looking for the To: address.
> But in case of mailing-lists in the To: header I find the address of the
> mailing-list. The realy address which I could use for the command, is the
> envelope-to.
> Following is the script, which I use.
> The problematic parts are prefixed with "PROBLEM"
>
> In the part, where the mail goes back to exim, is the main problem.
> Exim deliver the mail to the To: header, but in case of mailing-lists I
> produce a mail-loop
> Regards
> Wolfgang
>
> #!/bin/sh
>
> ###################################################################
> # Inflex - Bidirectional Email scanner
> #
> # Inflex-exim 0.1.5-E
> #
> # Inflex for Exim by Justin "jus" Stanford - designed for use with
> # the Exim MTA (www.exim.org) version 3.xx (tested with 3.12).
> #
> # E-mail any questions or suggestions to jus@???
> # regarding inflex-exim. Please read INSTALL to correctly set up
> # inflex-exim for use on your machine.
> #
> # Inflex-exim was tested on a FreeBSD 3.4-STABLE mail server running
> # Exim 3.12, performing both local delivery and relaying, using
> # Network Associate's McAfee uvscan (/usr/ports/security/uvscan for
> # FreeBSD users). Inflex-exim should run equally as well on Linux or
> # other unix type systems.
> #
> #
> # Inflex is copyright to Mr Paul L Daniels.
> #
> # You are free to use and distribute Inflex as per the GPL licence
> # agreement.
> #
> # All alterations and addtions should be sent to Paul L Daniels
> # at jdaniels@???
> #
> # This program was created with the assistance of looking at
> # AmaVis. It's purpose is to provide a one-stop scanning
> # point for all emails, both inbound and outbound, irrespective
> # of the method required for the final delivery
> #
> # Written by Paul/Jack L Daniels
> # 07/01/2000 [heheh, y2k compliant ;)]
> #
> #
> # CHANGES -
> #
> # 0.1.5-E - 11/05/2000
> # .Inflex-exim, based on Inflex 0.1.5.
> # .Due to current limitations in exim, the recipient of a
> # blocked email will not be notified, only the sender.
> #
> # 0.1.5 - 04/04/2000
> # .Removed '7' out of the Minflex flags
> # .Provided both relaying and non-relaying version of .cf
> # .Updated FAQ with some useful hints re McAfee
> # .Inserted filename block specifically for the I LOVE YOU
> virus
> # .
> # 0.1.4 - 17/01/2000
> # .Fixed up reported blocked directory
> # .Replaced hard-coded sendmail cmd line with a more
> # generic one.
> # .Added Ability to turn on/off various sections of scanner
> # ie, file type, file name, antivirus
> # .Ability to turn on/off sending of various proponents of
> # the messages to various people when a block is performed
> # .Minor typos in sender,receiver messages
> # .X-header addition
> #
> # 0.1.3 - 13/01/2000
> # .Made blocked emails get moved to a blocked$$ directory
> # .Added Exim mailout support
> #
> # 0.1.2 - 10/01/2000
> # .Changed version format, to match that of typical
> # LINUX based systems.
> # .Added support for McAfee and Sophos AntiVirus packages
> # .Cleaned up logging
> # .changed directory naming to inflex$$ rather than av$$
> # .Made common apps such as find, file, grep become vars
> # in the script so as to make things easier for
> # alteration later on.
> # .Altered AntiVirus sections to report either a success
> # or failure rather than requiring later in the script
> # to decipher the dozens of possible exit codes from
> # all of the various AV apps.
> #
> #########################################################################
>
> #
> # Our systemwide INFLEX Log file
> #
> logfile=/var/log/inflexlog
>
> #
> #
> # Options to turn on/off various bits of Inflex scanning
> #
> # Use either y [for yes] or n [for no]
> #
> scanforvirus=y
> scanforfiletype=y
> scanforfilename=y
> scanfortext=y
>
> #
> # Options for delivery of email to various people whom
> # might want to hear that their email has been blocked
> #
>
> # Receiver msg's disabled by default due to current limitations in exim
> # which disable this feature
>
> deliverSenderAVmsg=y
> deliverReceiverAVmsg=n
> deliverSenderBLmsg=y
> deliverReceiverBLmsg=n
> deliverRootmsg=y
>
> #
> # Options for composition of actual outgoing email
> #
> # Unless you have formail running this option will not work and neither
> # will inflex-exim. Only enable it if you are sure it is working and have
> # specified the correct path to it above
> #
> appendXheader=y
> Xheader="X-scanner: scanned by Virus-scanner (Mail is clean!)"
>
> #
> # Get our temporary directory name... from the process ID
> # which is about as good as any random number
> #
> pid="inflex$$"
> tmpdir=/var/tmp/${pid}
> blockdir=/var/tmp/Blocked$$
>
> #
> # Our mail-specific logfiles
> #
> locallog=${tmpdir}/logfile
> badfileslog=${tmpdir}/badfileslog
> fsavlog=${tmpdir}/fsavlog
> envtest=${tmpdir}/envtest
> #
> # Our message files
> #
> sendermsg=${tmpdir}/sendermsg
> recvmsg=${tmpdir}/recvmsg
> blockmsg=${tmpdir}/blockmsg
>
> #
> # setup our commonly used files
> #
> test=/usr/bin/test
> mail=/usr/bin/mail
> grep=/usr/bin/grep
> file=/usr/bin/file
> find=/usr/bin/find
> touch=/usr/bin/touch
> metamail=/usr/bin/metamail
> formail=/usr/bin/formail
>
> #
> # Our MAIL PROGRAMS
> #
> exim=/usr/local/software/exim/bin/exim
>
> #
> # Our Virus Scanners
> #
> # Uncomment and specify the correct path for the scanner you wish to use.
> # NA's McAfee uvscan is default, inflex-exim 0.1.5-E has been tested and
> # verified with engine 3.x and 4.x.
> #
> #sophos=/usr/local/bin/sweep
> mcafee=/usr/local/uvscan/uvscan
> #fsav=/usr/local/fsav/fsav
>
> #
> # Setup who sent and who was supposed to receive all this
> #
> headto=$4
> sender=$3
> envelope=$2
> hostname=$1
>
> #
> # Who's going to receive all the bounced reports
> #
> administrator=root
>
> #
> # Make the directory
> #
> mkdir -p ${tmpdir}
> mkdir ${tmpdir}/unpacked
>
> #
> # Take standard input and create a file called RECEIVEDMAIL
> #
> cat > ${tmpdir}/receivedmail
> cat ${tmpdir}/receivedmail | ${formail} -f -x Envelope-to: > ${envtest}
> if [ -s ${envtest} ];
> then
> PROBLEM receiver=${envelope}
> else
> receiver=${headto}
> fi
>
> #
> # Start a log file, with the basic information of who/etc
> #
> echo "" >> ${locallog}
> echo "${pid} from:${sender} to:${receiver}" >> ${locallog}
>
> #
> # Setup the Metamil unpacking directory, else it'll unpack to /tmp
> #
> METAMAIL_TMPDIR=${tmpdir}/unpacked
> export METAMAIL_TMPDIR
>
> #
> # Unpack the newly arrived email
> #
> ${metamail} -r -q -x -w ${tmpdir}/receivedmail
>
> #
> # SCAN for files we don't really want people sending/receiving
> #
> #
> # First up, get a list of all the files we have in this metamail package
> #
> ${touch} ${badfileslog}
> ${find} ${tmpdir} -name '*' > ${tmpdir}/filelist1
>
> #
> # Now we run a magic-number file test on each of the files
> # this way we can get around people who have tried renaming
> # the files.
> #
> # The output from this is a full list of the files, and their
> # TYPE as per the /etc/magic file
> #
> ${file} -f ${tmpdir}/filelist1 > ${tmpdir}/fileresults
>
> if [ "a${scanforfiletype}" != "an" ];
> then
> #
> # Now we can search through the resultant file/type list as
> # generated from above, and we output the results to the
> # BADFILES list.
> #
> ${grep} "MS-DOS executable" ${tmpdir}/fileresults >> ${badfileslog}
> #${grep} "PC bitmap data" ${tmpdir}/fileresults >> ${badfileslog}
> ${grep} "AVI" ${tmpdir}/fileresults >> ${badfileslog}
> ${grep} "MPEG" ${tmpdir}/fileresults >> ${badfileslog}
> ${grep} "WAVE" ${tmpdir}/fileresults >> ${badfileslog}
> else
> echo "Type scanning off." >> ${locallog}
> fi
>
>
>
> if [ "a${scanforfilename}" != "an" ];
> then
> #
> # Next we also scan for actual file names
> # This is VERY useful for if there is a know file that contains
> # a virus, but alas, our virus scanner can't pick it up
> #
> ${find} ${tmpdir} -name 'links.vbs' >> ${badfileslog}
> ${find} ${tmpdir} -name '*.mp3' >> ${badfileslog}
> ${find} ${tmpdir} -name '*.vbs' >> ${badfileslog}
> ${find} ${tmpdir} -name '*.com' >> ${badfileslog}
> ${find} ${tmpdir} -name '*.bat' >> ${badfileslog}
> ${find} ${tmpdir} -name '*.exe' >> ${badfileslog}
> ${find} ${tmpdir} -name '*.wsh' >> ${badfileslog}
> ${find} ${tmpdir} -name 'LOVE-LETTER-FOR-YOU*' >> ${badfileslog}
> else
> echo "Name scanning off." >> ${locallog}
> fi
>
>
> #
> # If any files tested positive in the above magic/name tests
> # then the badfileslist will be bigger than 0-bytes
> # Hence if so, set the scan status to say so!
> #
> if [ -s ${badfileslog} ];
> then
> badfilescan=1
> else
> badfilescan=0
> fi
>
> if [ "a${scanforvirus}" != "an" ];
> then
> #
> # SCAN those files for viruses!
> #
> # Blocking out emails by method of file type is good for
> # controlling the abuse of resources on your network. However
> # we also should be wise enough to take this opportunity whilst
> # we have a "foriegn" file in our network to SCAN it for a VIRUS!
> #
> # NOTE - We're using FPROT Antivirus here.... because I own
> # a copy of it. You could alter the following line to suit your
> # own preferred AntiVirus scanner software, but I find FProt quite
> # good, it also has a nice simple update utility which can be run
> # via CRON.
> #
> # --archive, unpack archived files, eg zip, lha, exe-zip
> # --list, display what we are scanning
> # --dumb, don't stop and ask questions, as the server cant answer
> # --auto, decide how to handle a virused file
> #
> # FPROT Exit codes ---
> # 0 - all clear
> # 1 - fsav failed for some reason, perhaps a broken .def file
> # 3 - virus was found.
> #
> if [ "a${fsav}" != "a" ]
> then
>
> #
> # FPROT
> #
> ${fsav} --archive --list --dumb --auto ${tmpdir}/unpacked/* >
> ${fsavlog} 2>&1
> fsavresult=$?
> if ${test} ${fsavresult} -eq 3
> then
> detectedvirus=1
> else
> detectedvirus=0
> fi
> fi
>
> #
> # SOPHOS
> #
>
> if [ "a${sophos}" != "a" ]
> then
> ${sophos} -nb -f -all -rec -ss -sc ${tmpdir}/unpacked > ${fsavlog}
> 2>&1
> fsavresult=$?
> if ${test} ${fsavresult} -ne 0
> then
> detectedvirus=1
> else
> detectedvirus=0
> fi
> fi
>
> #
> # McAfee / NAI - UVScan
> #
> if [ "a${mcafee}" != "a" ]
> then
> ${mcafee} --secure -rv --summary ${tmpdir}/unpacked > ${fsavlog}
> 2>&1
> fsavresult=$?
> if ${test} ${fsavresult} -eq 13
> then
> detectedvirus=1
> else
> detectedvirus=0
> fi
> fi
>
> else
> echo "Virus scanning off." >> ${fsavlog}
> detectedvirus=0
> fi
>
> #
> #
> # Now process the results of our above scans and tests.
We are getting tons of messages with empty Message-IDs, like so:
Message-ID: <>
This is screwing up my pop3 daemons UIDL implimentation, so users
keep downloading the same message over and over.
As far as I understand, Exim only injects a Message-ID if the mail
client does not add a Message-ID. Is there a way to get Exim to
create a valid Message-ID if the message has an empty one?
--
-Jason J. Horton <jason@???>
Fat Man in a Little Coat
Intercom Online Inc.
212.376.7440 | http://www.intercom.com
