OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: MS Outlook & Melissa Like Viruses
From: Bennett Todd (betrahul.net)
Date: Thu Apr 13 2000 - 14:14:50 CDT

As far as I know, supporting this sort of mail filtering is
somewhere on the todo list, not yet easy and simple.

If I had to do it today, I'd try and set up two completely separate
postfix installs, a receiving one and a sending one, and between
them I'd place a proxy that does the filtering work. I'd probably
rig the receiving one to be listening on port 25 and providing the
/usr/lib/sendmail interface, and to use a
relayhost=[127.0.0.1:portnum] invocation to get it to shove
everything into the filter. I'd probably write the filter in Perl,
and hit up CPAN for modules to help with the hard bits. It'd send
the filtered email to a second postfix, completely separate install,
listening on another non-standard port, which would then do the real
delivery. I'd filter these non-standard local ports with iptables or
ipchains or IP Filter or whatever works on the local OS.

Lessee, Net::SMTP from libnet takes care of the SMTP client side
for sending the filtered message on; Net::Daemon doesn't help
any with the SMTP server protocol, but given you only need to
reliably support one client, and it's a tolerant one:-), a brutally
hand-coded hack-till-it-works server probably wouldn't be too hard.

-Bennett

  • application/pgp-signature attachment: stored