Project Spam
From Frederick Chapleau Wiki
Contents |
Great, but... why?
Simple: More than 99% of spam per day, and the mail server was really in the juice. So, I decided to stop it before it goes to the mail server, and before changing the entire mail system.
Overview
Dark areas are custom functions, or custom code that were not included or provided by others.
Software Requirements
- An intermediate mail server, PostFix in this scenario.
- Integration of the MailScanner MTA
- Setup of Mailwatch, that is using MySql
- Setup of the SQL Whitelist for MailWatch Mailscanner Function
- Pre-configurated final Mail Server (Microsoft Exchange in this case)
How To
The objective
- Have an intermediate Mail server that will filter all email to pre-defined domain
- Temporarily store all rejected email, to be able to white list them, and review them
- Use the only active directory User and Password, that is, single sign-on
- Automatically build a whitelist based, on the sent emails.
- Have a scalable solution.
- Reuse the company's database server to store logs.
What have to be done
Adapt your setup to meet the diagram's software, this is all out-of-the-box standard installation. After, set your final email server to relay every email thru the intermediate MTA. This is done, in exchange by setting the Smart Host property of the Virtual SMTP Server to the internal address of the intermediate MTA. Secondly, modify the intermediate MTA (in this case postfix) to use DNS to relay all un-relayed domain, but only for internal mail server (we do not want to be an open relay). At Last, modify your SQLWhiteList.pm with the custom code provided. This will automatically add a whitelist from address for each emails that are sent thru each of the mailserver that are whitelisted.
Custom Code
SQLWhiteList.pm
Modify the sub LookupList.
sub LookupList { my($message, $BlackWhite) = @_; return 0 unless $message; # Sanity check the input # Find the "from" address and the first "to" address my($from, $fromdomain, @todomain, $todomain, @to, $to, $ip); $from = $message->{from}; $fromdomain = $message->{fromdomain}; @todomain = @{$message->{todomain}}; $todomain = $todomain[0]; @to = @{$message->{to}}; $to = $to[0]; $ip = $message->{clientip}; if( $BlackWhite->{$to}{$from}){ MailScanner::Log::InfoLog("to and from are whitelisted."); return 1; } if($BlackWhite->{$to}{$fromdomain}){ MailScanner::Log::InfoLog("to and fromdomain are whitelisted."); return 1; } if($BlackWhite->{$to}{$ip}){ MailScanner::Log::InfoLog("to and ip are whitelisted."); return 1; } if($BlackWhite->{$to}{'default'}){ MailScanner::Log::InfoLog("to is whitelisted."); return 1; } if($BlackWhite->{$todomain}{$from}){ MailScanner::Log::InfoLog("todomain and from are whitelisted."); return 1; } if($BlackWhite->{$todomain}{$fromdomain}){ MailScanner::Log::InfoLog("todomain and fromdomain are whitelisted."); return 1; } if($BlackWhite->{$todomain}{$ip}){ MailScanner::Log::InfoLog("todomain and ip are whitelisted."); return 1; } if($BlackWhite->{$todomain}{'default'}){ MailScanner::Log::InfoLog("todomain is whitelisted."); return 1; } MailScanner::Log::InfoLog("[%s] is evaluated.", $to); my($dbh, $awl, $sql); my($db_name) = 'DBNAME'; my($db_host) = 'HOSTNAME'; my($db_user) = 'USERNAME'; my($db_pass) = 'PASSWORD'; $dbh = DBI->connect("DBI:mysql:database=$db_name;host=$db_host", $db_user, $db_pass, {PrintError => 0}); if( $BlackWhite->{'default'}{$ip} ){ $sql = "REPLACE INTO whitelist (to_address,to_domain,from_address) VALUES ('default','default',?)"; $awl = $dbh->prepare($sql); $awl->execute($to); $awl->finish(); $dbh->disconnect(); MailScanner::Log::InfoLog("[%s] was added to the whitelist.", $to); return 1; } if($BlackWhite->{'default'}{$from}){ MailScanner::Log::InfoLog("from is whitelisted."); return 1; } if($BlackWhite->{'default'}{$fromdomain}){ MailScanner::Log::InfoLog("fromdomain is whitelisted."); return 1; } # It is not in the list return 0; }
