Advanced Network Technologies (ANT)

Author: Alexey Sereda (news@ant.kiev.ua)

Purpose: E-mail traffic filter for Linux

Realisation: Perl

About

BASTION is a Perl-script, that filtered e-mail traffic between mail server Sendmail and local mail agent Procmail to remove suspicious messages. Script discover dangerous attachments (executive files etc.) and most suspicious HTML-tags in message, remove dangerous message, notify sender and recepient and copied message in storage to further analise.

Also script support "black list" option.

Installation

Script installation very simple and consist several steps:

You copy file 'BASTION' in appropriate directory (usually - /usr/local/sbin)
If need, create separate directory for configurations files (usually - /usr/local/etc/bastion) (Except version 4)
Change file 'sendmail.cf' as shown below. (usually it locate in /etc).
Make sure, that pathes in 'sendmail.cf' and in 'bastion'-script identical. ATTENTION! Variable $LECAR - must consist directory name, which will consider subdirectory 'tmp' as storage for suspicious messages.
Restart daemon 'sendmail'.

Canges in 'sendmail.cf':

Before changes

Mlocal, P=/usr/bin/procmail, F=lsDFMAw5:/|@qShP, S=10/30, R=20/40,

T=DNS/RFC822/X-Unix,

A=procmail -a $h -d $u

After changes

Mlocal, P=/usr/local/bin/bastion, F=lsDFMAw5/|@qShP, S=10/30, R=20/40,

T=DNS/RFC822/X-Unix,

A=bastion -a $h -d $u

To "black list" option ON, change variable '$chnongrata' to '1' and create e-mail list in file 'nongrata' (Option not support in version 4).

For filter statistic view, copy file 'fltstat.cgi' (rename recomended) to directory '/cgi-bin/' you Web-server.

Changed or add filtering conditions you can through variable '$VIRAVOID'.