I came across for a project that I am working on a great tool managing email passing through a sendmail MTA. It is called MIMEDefang and is highly extensible and flexible utility that can let you do many things to an Email messages as it passes through your MTA. These things include functionality that is available in other mail Utilities (such as Amavis ect.) like spam filtering, anti virus scanning, and extension type filtering. This is not all that MIMEDefang is limited to it uses Perl create filters and you are able to pass the mail thriough the filters and execute the filter against the mail message. So for example not only could you scan the email for a virus, but if the message happens to contain a virus then you can quarantine this email to an account for further inspection or convert the mail content to HTML and then instead of sending the original message body change the content to a message informing you of the virus and a link to a safe version of the message body content.
This is not I am here to take you through but an example of how cool the MIMEDefang Utility is . In this document I am going to take you through an example of how to create an MTA filter that will control the size of attachments leaving your network without inconveniencing users with bounce back errors. The way that this will be done is by using MIMEDefang to look at the size of the attachment then using the return action_replace_with_url() function to replace the attachment with a URL to where the file is stored online.
I have generated this Proof of concept on RHEL 5 so this how to will be an example on how to do this using RHEL 5, though this document should directly translate to other versions of RHEL using up2date commands instead of RHEL and also to Fedora. If you are using another *nix distribution you can either attempt to locate the packages for your distribution or install from source using a great how-to document i found at mickeyhill.com http://mickeyhill.com/mimedefang-howto/ this document will take you in great detail of how MIMEDefang works. Also I have not tested the from source install.
The packages that you will require to have installed for sendmail are sendmail, sendmail-cf and sendmail-devel. All of these packages are available through the default RHEL channel in the Red Hat Network. The can be installed using the yum command as illustrated bellow.
# yum install sendmail
# yum install sendmail-cf
# yum install sendmail-devel
The sendmail-cf package makes configuring sendmail and then formatting all of the config pages a much simpler process and the sendmail-devel package contains all of the milter functionality for sendmail which is an API that sendmail and MIMEDefang use to communicate. If you would like to know more on how the milter API works a great starting point is http://www.milter.org
The next step is to configure the Sendmail MTA to listen on an address other than local host and to point it to the MIMEDefang mail filter. As mentioned above you need to ensure that you have installed the correct packages or compiled in the Milter API into sendmail.
To have sendmail use Mime defang as an INPUT_MAIL_FILTER. This tells sendmail to send all mail through the specified filter. To do this open up the file sendmail.mc and then add the line bellow.
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, T=S:5m;R:5m')
I added this line on line 174 just above the mailer commands. once this is done you need to rebuild the sendmail.cf file. This can be done as illustrated bellow.
Fedora/RedHat:
# make -C /etc/mail
# /etc/init.d/sendmail restart
Other Distro:
# /var/tmp/sendmail-version/cf/cf/
# m4 ../m4/cf.m4 sendmail.mc > /etc/mail/sendmail.cf
# /etc/init.d/sendmail restart
Now sendmail will be sending all mail through MIMEDefang, if the MIMEDefang daemon crashes sendmail will still run. this can be changed by adding a T=F option to the INPUT_MAIL_FILTER statement in the sendmail.mc file. Next we need to configure MIMEDefang on what to do with the mail when it is given a message from Sendmail. To configure this we need to edit the /etc/mail/mimedefang-filter.
The mimedefang-filter file is the file where we configure the behaviour of MIMEDefang. This file is a Perl fragment that is called by the MIMEDefang daemon for each message. In this Proof of concept example we will only be using a single filter statement to check the attachment size and then eithe move the attachment to a specified folder or pass through and be sent as normal.
In this example attachments that are over the limit in this example 1MB the attachment is moved to the directory /tmp/captured_mailfiles. During this process the file name of the attachment is replaced with a SHA1 has as the file name this is to avoid copying over file names that are duplicates and making it harder to find other files in the directory. MIMEDefang also creates a hidden file in the same directory with the same name as the file, this file contains the original attachment file name. Then a URL that links to this file is then written to an attachment and attached to the original email. The filter script is as follows.
sub filter ($$$$) {
my($entity, $fname, $ext, $type) = @_;
if (defined($fname)) {
$size = (stat($entity->bodyhandle->path))[7];
if ($size > 1000000) {
return action_replace_with_url($entity,
"/tmp/captured_mailfiles",
"http://domain.com/captured_mailfiles",
($fname? "\"$fname\"" : "Attachment").
" relocated:\n\n_URL_",
$fname # extra data to save
);
}
}
}
This script looks within the break down of the message that MIMEDefang has done and looks to see if the variable $fname (file name of the attachment) exists. If there is an attachment the script then colates the size of the attachment and compares it to the value in the if startement if ($size > …… the decimal value in there represents in bytes. Changing this value will change the size of attachments that the filter will let through. When the set threshhold is breached in this statement the value of the action_replace_with_url function is returned. Theses are the 4 required arguements for the function.
Within the example code above I am using a 5 arguement which allows you to save extra data into a hidden file of the same name. In this example I am saving the origional file name as this allows easy searching for the file if need be. These is also a sixth arguement that is also optional and that is a salt string for the SHA1 hash this will help to disquise the SAH1 has calculation from being calculated on your machine.
The action_replace_with_url function requires 4 parameters the first being the $entity variable which is an internal variable to MIMEDefang. this contains the parsed-and-decoded MIME message. The document root is the second arguement, this is where MIMEDefang will save files to. The third arguement is the web root directoiry this is a web URL that will relate to the directory where the files are being saved. The fourth arguement is the message that will be placed into the attachment if an attachment is to big, the _URL_ statement in the message is where the URL to the removed file will be placed in your message.
The way that I added this code to the mimedefang-filter script was to delete everything after the comments block for the filter. In my default configuration file this was on line 105. Remember before deleting anything backup the file.
Now that you have all of this in it is time to start mimedefang.
When starting MIMEDefang from the init script you will se that it does some syntax checking this will allow you to make sure that the example is compatible withthe version you have installed.
Checking filter syntax: OK
Starting mimedefang-multiplexor: [ OK ]
Starting mimedefang: [ OK ]
Following these steps should give you a simple way to manage large attachments leaving your orginisation and ensure that they are accessible for the intended recipients. I will be taking this example further as I get the opertunity to do so and I will pass these new changes on to you as either another paper or an update to this one. Stay tuned to my blog http://www.puredistortion.com for news or email me at feedback puredistortion com.
