Hi there,
On Thu, 28 May 2020, David Beecher via clamav-users wrote:
> ... [sendmail milter] for ... keyword in a subject line ...
As Mr. Beecher wrote, you can do this without a milter, if you're
prepared to wrestle with Sendmail's configuration and syntax.
> I was going to set up milter but it appears most of the information on
> milter and all of it's archives were deleted some time ago.
There's still plenty of information. Look in the sendmail source tree
for libmilter/docs/ for example; I'm slowly working on improving those
docs at the moment - grab the latest snapshot (see below).
> ... I ran across clamav as a milter for sendmail and thought I might
> be able to adapt it. I need something that is very fast and lightweight
> ...
As others have said, ClamAV does not well fit your stated requirements
for something fast and lightweight. It does however provide its own
milter - and it's not necessarily trivial to feed clamd from a milter.
> ... if it sees the word "excelsior" in the subject line, it rejects...
My preference generally is to block the sources of spam and malicious
mail rather than to attempt to identify every individual unwanted mail
piece. Generally I find that more effective, although it takes a lot
of work to get to the point where it's automatic. You might find the
offending mails all come from the same source or small set of sources,
in which case it might be faster and lighter weight to drop packets
before the MTA even sees them using something like nftables/iptables.
You'll of course be aware that the target word in your Subject: header
is, er, subject to change. I have hundreds of such targets, and if it
is acceptable to you to have just one, well, it makes me wonder what
it is that you're doing that the rest of us aren't... :/
> ... I am fluent in C and assembler. I just haven't been able to
> find a framework milter or documentation other than a book on
> amazon. ...
If that's the Costales/Flynt book, it's fifteen years old and there
have been some significant changes in the milter API since then. See
the Sendmail distribution's RELEASE_NOTES file for the most important.
There's an example milter written in C in the Sendmail source, at
file:///.../sendmail-8.xx.x/libmilter/docs/sample.html
If you're proficient in C you can easily adapt it but some of the
niceties of the milter API aren't at first - if ever - obvious.
> I am running Sendmail 8.12 or newer.
This is the most important reason for my posting to you. Sendmail's
version 8.12 was released nearly twenty years ago. You should not be
using any version of Sendmail as old as that - there have been several
security issues since then, and the current version of the milter API
(version 6) did not even appear until Sendmail version 8.14. Sendmail
8.15.2 is now five years old, and in development I'm working on 8.16.0.
I've improved the milter documentation a little, and although there's
more work to do and no release date for 8.16.0 yet there are snapshots
on Proofpoint's ftp server. I won't post a link here so the bots don't
scrape it but you can find it fairly easily.
PGNet Dev via clamav-users wrote:
> ...
> http....benzedrine.ch/milter-regex.html
> works very nicely here for early/simple/fast match & reject.
> ...
Agreed that milter-regex may do what the OP wants, and had I not moved
entirely to my own milters, if there is one milter which I would still
be using it would be milter-regex. Of all the milters that I've used,
milter-regex was by far the quickest and least painful to reconfigure
when it was necessary to respond to new sources of unwanted mail. It
only failed to deliver for me in the more complex decisions, which was
inevitable because of the SMTP specification and the milter API and is
no reflection on the design nor coding of the milter. The main reason
that I stopped using published milters and started writing my own was
the patchy support for IPv6, but growing complexity was another. At
one time I was using seven different milters, so between them, IPv6,
and their varying takes on configuration, things became unmanageable.
Sendmail is fine with IPv6 of course, as is Sendmail's libmilter. It
is almost always necessary to use libmilter when working with milters
written in C, and it may introduce restrictions of its own, which the
MTA itself does not. The Sendmail documentation is not IMO a shining
example of clarity but the information is there if you dig hard enough
and for long enough.
In the milter world things don't seem to move fast. The milter.org
Website is long defunct but there are many what I call "me-too" sites
which contain information of various currency and accuracy, some of it
plainly plagiarized. Some milters have been copied and re-published;
sometimes the results don't seem to be an improvement.
David Beecher via clamav-users wrote:
> ...
> you need neither a milter nor ClamAV for this simple task.
> ...
Agreed (all:).
iulian via clamav-users wrote:
> ...
> If you already have implemented SpamAssassin ...
> ...
The OP wants something fast and lightweight. SpamAssassin is neither.
Finally:
You _can_ use the Sendmail milter interface without using Sendmail's
libmilter, and I do that in Perl. That's not fast and lightweight
either, but it might be useful for you to see how it's done if you
want to learn more about the milter interface. It will only really
help you if you're reasonably familiar with Perl.
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
signature.asc (0.81 KB)