Author: Alexey Sereda (news@ant.kiev.ua)
Purpose: E-mail traffic filter for Linux
Realisation: Perl
About
BASTION is a Perl-script, that filtered e-mail traffic between mail server Sendmail and local mail agent Procmail to remove suspicious messages. Script discover dangerous attachments (executive files etc.) and most suspicious HTML-tags in message, remove dangerous message, notify sender and recepient and copied message in storage to further analise.
Also script support "black list" option.
Installation
Script installation very simple and consist several steps:
- You copy file 'BASTION' in appropriate directory (usually - /usr/local/sbin)
- If need, create separate directory for configurations files (usually - /usr/local/etc/bastion) (Except version 4)
- Change file 'sendmail.cf' as shown below. (usually it locate in /etc).
- Make sure, that pathes in 'sendmail.cf' and in 'bastion'-script identical. ATTENTION! Variable $LECAR - must consist directory name, which will consider subdirectory 'tmp' as storage for suspicious messages.
- Restart daemon 'sendmail'.
Canges in 'sendmail.cf':
Before changes
Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qShP, S=10/30, R=20/40,
T=DNS/RFC822/X-Unix,
A=procmail -a $h -d $u
After changes
Mlocal, P=/usr/local/bin/bastion, F=lsDFMAw5/|@qShP, S=10/30, R=20/40,
T=DNS/RFC822/X-Unix,
A=bastion -a $h -d $u
To "black list" option ON, change variable '$chnongrata' to '1' and create e-mail list in file 'nongrata' (Option not support in version 4).
For filter statistic view, copy file 'fltstat.cgi' (rename recomended) to directory '/cgi-bin/' you Web-server.
Changed or add filtering conditions you can through variable '$VIRAVOID'.
Notify me about all errors and problems.
Good luck!
Download script:
Version 1.1.0 - simple version for further development.
Version 2.1.0 - most advanced version with several added options.
Version 3.0.0 - added analyse content attached files.
Version 4.1.0 - programm code well structured, not needed any configure files. Add suport "friendly domains", for which apply less strongly filtering rules.
Download necessary CPAN:
CPAN Mail-Sendmail-0.78 for mailing notifications.
CPAN MIME::Base64 for decoding filenames in "local" languages.
New version contain advanced tools to fight against spam and addon for analyse content attached files to avoid possible channel distribute viruses.
Alexey Sereda
news@ant.kiev.ua