Custom Reject Protocol
Purpose:
Quick implementation of interface for passing email messages for
scanning by MPP. Client passes email message to MPP, MPP scans it and
returns scanning result back to client. No message data (headers or
body) modification or routing decision will be made by MPP in this
schema. The interface will be based on SMTP/LMTP protocol. Client will
obtain scanning result from server's response on end-of-data SMTP
command. The response will be always with 550 code which mean
rejection. The response will contain text with scanning result.
Implementation:
Admin specifies rejection text with the help of template. Template
could contain macros that will be substituted by scan results. Template
consists of mandatory and conditional arts. Mandatory part will always
be present. One or more conditional parts will follow after mandatory
part if corresponding condition is true. Conditional parts are
separated with spaces.
Response will be returned for single user. For multi-group and multi-recipient processing it is recommended to use LMTP.
The following options specify rejection text:
<smtp_rejection_tpl> - Specifies template for mandatory part of rejection text.
<smtp_rejection_tpl_if_virus>
<smtp_rejection_tpl_if_spam>
<smtp_rejection_tpl_if_harass>
<smtp_rejection_tpl_if_unauth>
<smtp_rejection_tpl_if_error>
<smtp_rejection_tpl_if_max_recursion>
<smtp_rejection_tpl_if_max_size>
<smtp_rejection_tpl_if_acl>
<smtp_rejection_tpl_if_encrypted>
<smtp_rejection_tpl_if_malformed>
<smtp_rejection_tpl_if_bl>
<smtp_rejection_tpl_if_rbl> }}
Specifies template for conditional part of rejection text that will
appear only in case of corresponding condition: scan state has flag
defined by suffix of the option. All actions in "default" group should
be set to "reject", including "on_clean", except "on_archive_success"
and "on_empty_message".
The following macros can be specified within mandatory or any of conditional parts:
%INTERNALID% - Internal ID of the message. This is to search in MPP logs for transaction flow.
%GROUP% - MPP group that was used to scan the message.
%STATE% - Substituted with comma-separated list of scan states. Full
list is the following:
virus,spam,harass,unauth,error,max_recursion,max_size,acl,
encrypted,malformed,bl,rbl
%VIRUSLIST% - Substituted with comma-separated list of found viruses.
%SPAMSCORE% - Spam score for the message as returned by a scanner.
%SPAMLEVEL% - Spam level for the message. This could be "low", "medium" or "high" or empty string.
%HARASSSCORE% - Harass score for the message.
How to use Custom Reject Protocol feature with your application
This feature is available since MPP 3.3.93.
Custom configuration file with 'Custom Reject Protocol' options enabled is available from: ftp://ftp.raeinternet.com/pub/mpp3/beta/mppd-client.conf.xml
Multiple mppd instances can be started now in the same time, each
using a different configuration file and another PID file location.
Configuration file and PID file location should be provided as options
for mppd.
ln -s /usr/local/MPP/mppd /usr/local/MPP/mppd-client
Start: /usr/local/MPP/mppd-client -f /usr/local/MPP/mppd-client.conf.xml -p /var/run/mppd-client.pid
Stop: /usr/local/MPP/mppd-client -s -p /var/run/mppd-client.pid
Restart: /usr/local/MPP/mppd-client -r -p /var/run/mppd-client.pid
'Custom Reject Protocol' would work only when "email_server" is set
to "postfix". Please find bellow a list of options which should be
defined in mppd.conf.xml (or mppd-client.conf.xml):
<mppd>
<common>
.....
<email_server>postfix</email_server>
<email_server_in_protocol>lmtp</email_server_in_protocol>
<log_dirlog_template>/var/log/MPP/$YEAR$$MONTH$$DAY$-client.log</log_dirlog_template>
.....
</common>
<group id="default">
......
<actions>
<on_clean>reject</on_clean>
<on_unauthorized_header>reject</on_unauthorized_header>
<on_unauthorized_attachment>reject</on_unauthorized_attachment>
<on_unauthorized_content>reject</on_unauthorized_content>
<on_infection>reject</on_infection>
<on_disinfection_failure>reject</on_disinfection_failure>
<on_scanning_error>reject</on_scanning_error>
<on_encrypted_message>reject</on_encrypted_message>
<on_malformed_message>reject</on_malformed_message>
<on_quarantine_failure>reject</on_quarantine_failure>
<on_quarantine_success>reject</on_quarantine_success>
<on_error>reject</on_error>
<on_ldap_failure>continue</on_ldap_failure>
<on_archive_failure>reject</on_archive_failure>
<on_archive_success>pass</on_archive_success>
<on_forward>discard</on_forward>
<on_empty_message>scan</on_empty_message>
<on_rbl_violation>discard</on_rbl_violation>
<on_rbl_failure>pass</on_rbl_failure>
</actions>
......
<smtp_rejection_tpl>INTERNALID=%INTERNALID% GROUP=%GROUP% STATE=%STATE%</smtp_rejection_tpl>
<smtp_rejection_tpl_if_virus>VIRUSLIST=%VIRUSLIST%</smtp_rejection_tpl_if_virus>
<smtp_rejection_tpl_if_spam>SPAMLEVEL=%SPAMLEVEL% SPAMSCORE=%SPAMSCORE%</smtp_rejection_tpl_if_spam>
<smtp_rejection_tpl_if_harass>HARASSSCORE=%HARASSSCORE%</smtp_rejection_tpl_if_harass>
<!--
<smtp_rejection_tpl_if_unauth></smtp_rejection_tpl_if_unauth>
<smtp_rejection_tpl_if_error></smtp_rejection_tpl_if_error>
<smtp_rejection_tpl_if_max_recursion></smtp_rejection_tpl_if_max_recursion>
<smtp_rejection_tpl_if_max_size></smtp_rejection_tpl_if_max_size>
<smtp_rejection_tpl_if_acl></smtp_rejection_tpl_if_acl>
<smtp_rejection_tpl_if_encrypted></smtp_rejection_tpl_if_encrypted>
<smtp_rejection_tpl_if_malformed></smtp_rejection_tpl_if_malformed>
<smtp_rejection_tpl_if_bl></smtp_rejection_tpl_if_bl>
<smtp_rejection_tpl_if_rbl></smtp_rejection_tpl_if_rbl>
-->
</group>
</mppd>
Client application should connect to localhost:10025 (can be
changed with "email_server_in_socket" option - default for Postfix is
localhost:10025) and pass the mail using LMTP/SMTP (as defined with
"email_server_protocol").
'Example LMTP session'
220 mppd
LHLO client_hostname
250-mppd
250 XFORWARD NAME ADDR PROTO HELO SOURCE
XFORWARD NAME=virus_sender.example.com ADDR=127.0.0.3
250 OK
MAIL FROM: virus@virus_sender.example.com
250 Sender ok
RCPT TO: someone@mydomain.com
250 Recipient ok
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Subject: Virus test
Message-ID: <web-239593@localhost>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="_===239593====localhost===_"
This is a multi-part MIME message
--_===239593====localhost===_
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
test
--_===239593====localhost===_
Content-Type: application/octet-stream
Content-Disposition: attachment;
filename="eicar.com"
Content-Transfer-Encoding: base64
WDVPIVAlQEFQWzRcUFpYNTQoUF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1U
RVNULUZJTEUhJEgrSCoNCg==
--_===239593====localhost===_--
.
550 INTERNALID=00002cab46539dd70001 GROUP=default STATE=virus VIRUSLIST=Eicar-Test-Signature
Client application should parse: "550 INTERNALID=00002cab46539dd70001 GROUP=default STATE=virus VIRUSLIST=Eicar-Test-Signature".
The answer depends on macros defined by smtp_rejection_tpl_* options.
