BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


SMTP Proxies
Pages: 1, 2

Profiles and Viruses

Each profile is an ASCII text file that contains a set of rules indicating what messagewall should look for when it is reading the data portion of a packet. The configuration file uses the Medium profile by default, which looks like this:



% cd /usr/local/etc/messagewall/
% more Medium
reject_score=1
dnsbl=1,list.dsbl.org
dnsbl=1,bl.spamcop.net
rmx_required=1,1
filename_reject=1,.exe
filename_reject=1,.pif
filename_reject=1,.scr
filename_reject=1,.vbs
filename_reject=1,.bat
filename_reject=1,.com
filename_reject=1,.shs
filename_reject=1,.wsc
header_rejecti=1,Precedence:junk
header_rejecti=1,X-Mailer:Microsoft CDO
header_rejecti=1,X-Mailer:eGroups Message Poster
header_rejecti=1,X-Mailer:Delphi Mailing System
header_rejecti=1,X-Mailer:diffondi
header_rejecti=1,X-Mailer:RoryMAILER
header_rejecti=1,X-Mailer:GreenRider
header_rejecti=1,X-Mailer:GoldMine
header_rejecti=1,X-Mailer:MailPro
header_rejecti=1,X-Mailer:charset(89)
header_rejecti=1,X-Mailer:MailWorkZ
header_rejecti=1,X-Mailer:bulk
virus_scan=1,virus.patterns

Note that the file is composed of variables followed by values. Explanations of each variable and examples of possible values are given in man messagewall_profiles. Most of the values are straightforward. For example, the filename_reject variable indicates which attachments should be discarded. In this profile, any attachment with an extension of exe, pif, scr, vbs, bat, com, shs, or wsc will be rejected. One could easily follow the format and add his or her own lines for extensions that should also be rejected.

If you've ever configured a spam filter such as procmail, you'll recognize the header_rejecti variable. The values indicate what to look for in an email message's header. If that value is found, the message will be rejected as spam.

Unsurprisingly, the virus_scan variable tells messagewall to scan for viruses as long as this value is turned on or set to 1. You should note that, like all SMTP proxies, messagewall relies upon a separate virus-scanning product. messagewall follows the Open AntiVirus format.

Remember copying the default virus patterns earlier? These virus definitions will get you started, but you will still want to download the latest virus definitions. If you're the curious type, the format is in ASCII text, meaning you can take a look at the virus definition file.

Simply save the downloaded file to:

/usr/local/etc/messagewall/virus.patterns

Alternately, you can use any antivirus product that supports the Open AntiVirus format. Keep in mind when choosing an antivirus product that most are free for personal use, but cost for business or commercial use.

Before we leave the default profile, you should take the time to check out the settings in the other available profiles. If you find a profile that is better suited to your network's needs, don't forget to edit messagewall.conf to reflect the desired profile.

Okay, you've chosen a profile, you've selected an antivirus product and downloaded its latest definitions. To start messagewall, simply type:

% messagewall

messagewall must be started as root in order to bind to the specified address on port 25. However, once the port is bound, it will enter the chroot and assume the identity of the mwall user. Note that you'll lose your prompt when you start messagewall and will see a series of messages:

STARTUP/STATUS: loaded profile Extreme
STARTUP/STATUS: loaded profile Medium Plus
STARTUP/STATUS: loaded profile Light
STARTUP/STATUS: loaded profile Relay
STARTUP/STATUS: loaded profile Warning
STARTUP/STATUS: loaded profile Medium
STARTUP/STATUS: loaded profile Reject
STARTUP/STATUS: loaded profile Strong
STARTUP/STATUS: loaded profile Light Plus
STARTUP/STATUS: loaded profile Strong Plus
STARTUP/STATUS: loaded profile None
{0} PROCESS/STATUS: start
{0} [0] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [1] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [2] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [3] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [4] BACKEND/STATUS: connect to 127.0.0.1 started
{0} [0] BACKEND/STATUS: connection established
{0} [1] BACKEND/STATUS: connection established
{0} [2] BACKEND/STATUS: connection established
{0} [3] BACKEND/STATUS: connection established
{0} [4] BACKEND/STATUS: connection established

You can further verify that messagewall is listening for connections by telnetting to port 25 using the IP address you specified in your configuration file:

$ telnet 1.2.3.4 25
Trying 1.2.3.4...
Connected to 1.2.3.4.
Escape character is '^]'.
220 example.com MessageWall 1.0.8 (You may not relay)

Other Utilities

Finally, there are two other utilities that were installed with messagewall. messagewallctl is used to interact with messagewall once it is running. It has its own manpage; type messagewallctl to receive its list of possible commands.

Virus definitions are usually updated on a daily basis. You'll need to make messagewall aware that the definitions have changed, but you don't want to stop the service in order to do so. Instead, simply type:

% messagewallctl reload-virus

This is the most common usage of messagewallctl. Refer to its manpage to see its other usages.

The other utility is messagewallstats. To use this handy utility, first create an empty file to hold the statistics. I've decided to create one in the chroot:

% touch ~mwall/messagewallstats

Then start messagewall, telling it to redirect its statistical output to this file:

% messagewall > ~mwall/messagewallstats

Now, whenever you want to view the statistics:

$ messagewallstats ~mwall/messagewallstats | more

As you can see, I was pretty anxious and viewed my stats before any email actually arrived and had a chance to be acted upon by messagewall:

Client Connections: 0
QUIT: 0
Disconnect: 0
Disconnect inside DATA: 0
Bare LF: 0
Idle Timeout: 0
Too many errors: 0

Client TLS Attempts: 0
Success: 0

Overflows: 0
Per-IP Overflows: 0

Backend Overflows: 0
Backend Rejection Overflows: 0

Backend connection attempts: 0
Success: 0
TLS: 0

Invalid MAIL characters: 0
Invalid RCPT characters: 0

Client Messages: 0
Bare LF inside DATA: 0
8bit inside DATA: 0
Rejected by Profile: 0
Completely Received: 0
Sent to Backend: 0
Accepted by Backend: 0

Messages Rejected by Filter: 0
Failed To/CC: 0
Failed From: 0
Matched DNSBL: 0
Matched Domain DNSBL: 0
Matched DNSDCC: 0
Reverse Path MX/A lookup timed out: 0
Reverse DNS lookup timed out: 0
Failed Reverse Path MX/A: 0
Failed Reverse DNS: 0
Failed Body check: 0
Failed Header check: 0
Illegal attachment filename: 0
Virus: 0
No accepted MIME parts: 0
Missing MIME boundary: 0
Too many parts: 0
Illegal multipart encoding: 0
Unknown MIME encoding: 0
Invalid QP encoding: 0
Invalid base64 encoding: 0

Mail Traffic
Bytes received: 0
Bytes rejected: 0
Bytes accepted: 0

This should get you started with messagewall. For further information, there is an FAQ and an archive of the mailing lists at the messagewall home page.

Dru Lavigne is a network and systems administrator, IT instructor, author and international speaker. She has over a decade of experience administering and teaching Netware, Microsoft, Cisco, Checkpoint, SCO, Solaris, Linux, and BSD systems. A prolific author, she pens the popular FreeBSD Basics column for O'Reilly and is author of BSD Hacks and The Best of FreeBSD Basics.


Read more FreeBSD Basics columns.

Return to the BSD DevCenter.




Sponsored by: