Hi there, On Thu, 28 May 2020, David Beecher via clamav-users wrote:
... [sendmail milter] for ... keyword in a subject line ...
As Mr. Beecher wrote, you can do this without a milter, if you're prepared to wrestle with Sendmail's configuration and syntax.
I was going to set up milter but it appears most of the information on milter and all of it's archives were deleted some time ago.
There's still plenty of information. Look in the sendmail source tree for libmilter/docs/ for example; I'm slowly working on improving those docs at the moment - grab the latest snapshot (see below).
... I ran across clamav as a milter for sendmail and thought I might be able to adapt it. I need something that is very fast and lightweight ...
As others have said, ClamAV does not well fit your stated requirements for something fast and lightweight. It does however provide its own milter - and it's not necessarily trivial to feed clamd from a milter.
... if it sees the word "excelsior" in the subject line, it rejects...
My preference generally is to block the sources of spam and malicious mail rather than to attempt to identify every individual unwanted mail piece. Generally I find that more effective, although it takes a lot of work to get to the point where it's automatic. You might find the offending mails all come from the same source or small set of sources, in which case it might be faster and lighter weight to drop packets before the MTA even sees them using something like nftables/iptables. You'll of course be aware that the target word in your Subject: header is, er, subject to change. I have hundreds of such targets, and if it is acceptable to you to have just one, well, it makes me wonder what it is that you're doing that the rest of us aren't... :/
... I am fluent in C and assembler. I just haven't been able to find a framework milter or documentation other than a book on amazon. ...
If that's the Costales/Flynt book, it's fifteen years old and there have been some significant changes in the milter API since then. See the Sendmail distribution's RELEASE_NOTES file for the most important. There's an example milter written in C in the Sendmail source, at file:///.../sendmail-8.xx.x/libmilter/docs/sample.html If you're proficient in C you can easily adapt it but some of the niceties of the milter API aren't at first - if ever - obvious.
I am running Sendmail 8.12 or newer.
This is the most important reason for my posting to you. Sendmail's version 8.12 was released nearly twenty years ago. You should not be using any version of Sendmail as old as that - there have been several security issues since then, and the current version of the milter API (version 6) did not even appear until Sendmail version 8.14. Sendmail 8.15.2 is now five years old, and in development I'm working on 8.16.0. I've improved the milter documentation a little, and although there's more work to do and no release date for 8.16.0 yet there are snapshots on Proofpoint's ftp server. I won't post a link here so the bots don't scrape it but you can find it fairly easily. PGNet Dev via clamav-users wrote:
... http....benzedrine.ch/milter-regex.html works very nicely here for early/simple/fast match & reject. ...
Agreed that milter-regex may do what the OP wants, and had I not moved entirely to my own milters, if there is one milter which I would still be using it would be milter-regex. Of all the milters that I've used, milter-regex was by far the quickest and least painful to reconfigure when it was necessary to respond to new sources of unwanted mail. It only failed to deliver for me in the more complex decisions, which was inevitable because of the SMTP specification and the milter API and is no reflection on the design nor coding of the milter. The main reason that I stopped using published milters and started writing my own was the patchy support for IPv6, but growing complexity was another. At one time I was using seven different milters, so between them, IPv6, and their varying takes on configuration, things became unmanageable. Sendmail is fine with IPv6 of course, as is Sendmail's libmilter. It is almost always necessary to use libmilter when working with milters written in C, and it may introduce restrictions of its own, which the MTA itself does not. The Sendmail documentation is not IMO a shining example of clarity but the information is there if you dig hard enough and for long enough. In the milter world things don't seem to move fast. The milter.org Website is long defunct but there are many what I call "me-too" sites which contain information of various currency and accuracy, some of it plainly plagiarized. Some milters have been copied and re-published; sometimes the results don't seem to be an improvement. David Beecher via clamav-users wrote:
... you need neither a milter nor ClamAV for this simple task. ...
Agreed (all:). iulian via clamav-users wrote:
... If you already have implemented SpamAssassin ... ...
The OP wants something fast and lightweight. SpamAssassin is neither. Finally: You _can_ use the Sendmail milter interface without using Sendmail's libmilter, and I do that in Perl. That's not fast and lightweight either, but it might be useful for you to see how it's done if you want to learn more about the milter interface. It will only really help you if you're reasonably familiar with Perl. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
