# -*- Perl -*-
#***********************************************************************
#
# mimedefang-filter
#
# Suggested minimum-protection filter for Microsoft Windows clients, plus
# SpamAssassin checks if SpamAssassin is installed.
#
# Copyright (C) 2002 Roaring Penguin Software Inc.
#
# This program may be distributed under the terms of the GNU General
# Public License, Version 2, or (at your option) any later version.
#
# $Id: suggested-minimum-filter-for-windows-clients,v 1.58 2002/12/31 14:17:12 dfs Exp $
#***********************************************************************

#***********************************************************************
# Set administrator's e-mail address here.  The administrator receives
# quarantine messages and is listed as the contact for site-wide
# MIMEDefang policy.  A good example would be 'defang-admin@mydomain.com'
#***********************************************************************
$AdminAddress = 'postmaster@localhost';
$AdminName = "MIMEDefang Administrator's Full Name";

#***********************************************************************
# Set the e-mail address from which MIMEDefang quarantine warnings and
# user notifications appear to come.  A good example would be
# 'mimedefang@mydomain.com'.  Make sure to have an alias for this
# address if you want replies to it to work.
#***********************************************************************
$DaemonAddress = 'mimedefang@localhost';

#***********************************************************************
# If you set $AddWarningsInline to 1, then MIMEDefang tries *very* hard
# to add warnings directly in the message body (text or html) rather
# than adding a separate "WARNING.TXT" MIME part.  If the message
# has no text or html part, then a separate MIME part is still used.
#***********************************************************************
$AddWarningsInline = 0;

#***********************************************************************
# To enable syslogging of virus and spam activity, add the following
# to the filter:
# md_log_enable();
# You may optionally provide a syslogging facility by passing an
# argument such as:  md_log_enable('local4');  If you do this, be
# sure to setup the new syslog facility (probably in /etc/syslog.conf).
# Comment this line out to disable logging.
#***********************************************************************
md_log_enable('mail');

#***********************************************************************
# Uncomment this to block messages with more than 50 parts.  This will
# *NOT* work unless you're using Roaring Penguin's patched version
# of MIME tools, version MIME-tools-5.411a-RP-Patched-02 or later.
#
# WARNING: DO NOT SET THIS VARIABLE unless you're using at least
# MIME-tools-5.411a-RP-Patched-02; otherwise, your filter will fail.
#***********************************************************************
# $MaxMIMEParts = 50;

#***********************************************************************
# Set various stupid things your mail client does below.
#***********************************************************************

# Set the next one if your mail client cannot handle nested multipart
# messages.  DO NOT set this lightly; it will cause action_add_part to
# work rather strangely.  Leave it at zero, even for MS Outlook, unless
# you have serious problems.
$Stupidity{"flatten"} = 0;

# Set the next one if your mail client cannot handle multiple "inline"
# parts.
$Stupidity{"NoMultipleInlines"} = 1;

#***********************************************************************
# %PROCEDURE: filter_begin
# %ARGUMENTS:
#  None
# %RETURNS:
#  Nothing
# %DESCRIPTION:
#  Called just before e-mail parts are processed
#***********************************************************************
sub filter_begin () {

   # Load /etc/mail/spamcheck.users
   read_spam_list();

   if(stream_by_spam_list()) {
      return;
   }

    # ALWAYS drop messages with suspicious chars in headers
    if ($SuspiciousCharsInHeaders) {
        md_log('suspicious_chars');
	action_quarantine_entire_message("Message quarantined because of suspicious characters in headers");
	# Do NOT allow message to reach recipient(s)
	return action_discard();
    }

   $foundSpam = "no";
   if((-s "./INPUTMSG") <= (200 * 1024)) {
      ($hits,$req,$names,$report) = spam_assassin_check();
      if($hits >= $req) {
         $foundSpam = "yes";
      }
   }

}

#***********************************************************************
# %PROCEDURE: filter
# %ARGUMENTS:
#  entity -- a Mime::Entity object (see MIME-tools documentation for details)
#  fname -- the suggested filename, taken from the MIME Content-Disposition:
#           header.  If no filename was suggested, then fname is ""
#  ext -- the file extension (everything from the last period in the name
#         to the end of the name, including the period.)
#  type -- the MIME type, taken from the Content-Type: header.
#
#  NOTE: There are two likely and one unlikely place for a filename to
#  appear in a MIME message:  In Content-Disposition: filename, in
#  Content-Type: name, and in Content-Description.  If you are paranoid,
#  you will use the re_match and re_match_ext functions, which return true
#  if ANY of these possibilities match.  re_match checks the whole name;
#  re_match_ext checks the extension.  See the sample filter below for usage.
# %RETURNS:
#  Nothing
# %DESCRIPTION:
#  This function is called once for each part of a MIME message.
#  There are many action_*() routines which can decide the fate
#  of each part; see the mimedefang-filter man page.
#***********************************************************************
sub filter ($$$$) {
    my($entity, $fname, $ext, $type) = @_;

    return if message_rejected(); # Avoid unnecessary work

    # Block message/partial parts
    if (lc($type) eq "message/partial") {
        md_log('message/partial');
	action_bounce("MIME type message/partial not accepted here");
	return action_discard();
    }

    # If Spamassassin found spam, convert text/html to text/plain
    if ($foundSpam eq "yes") {
      if ($type eq "text/html") {
        $entity->head->mime_attr("content-type" => "text/plain");
      }
    }

    return action_accept();
}

#***********************************************************************
# %PROCEDURE: filter_multipart
# %ARGUMENTS:
#  entity -- a Mime::Entity object (see MIME-tools documentation for details)
#  fname -- the suggested filename, taken from the MIME Content-Disposition:
#           header.  If no filename was suggested, then fname is ""
#  ext -- the file extension (everything from the last period in the name
#         to the end of the name, including the period.)
#  type -- the MIME type, taken from the Content-Type: header.
# %RETURNS:
#  Nothing
# %DESCRIPTION:
#  This is called for multipart "container" parts such as message/rfc822.
#  You cannot replace the body (because multipart parts have no body),
#  but you should check for bad filenames.
#***********************************************************************
sub filter_multipart ($$$$) {
    my($entity, $fname, $ext, $type) = @_;

    # eml is bad if it's not message/rfc822
    if (re_match($entity, '\.eml') and ($type ne "message/rfc822")) {
        md_log('non_rfc822',$fname);
	return action_drop_with_warning("A non-message/rfc822 attachment named $fname was removed from this document as it\nconstituted a security hazard.  If you require this document, please contact\nthe sender and arrange an alternate means of receiving it.\n");
    }

    # Block message/partial parts
    if (lc($type) eq "message/partial") {
        md_log('message/partial');
	action_bounce("MIME type message/partial not accepted here");
	return;
    }

    return action_accept();
}


#***********************************************************************
# %PROCEDURE: defang_warning
# %ARGUMENTS:
#  oldfname -- the old file name of an attachment
#  fname -- the new "defanged" name
# %RETURNS:
#  A warning message
# %DESCRIPTION:
#  This function customizes the warning message when an attachment
#  is defanged.
#***********************************************************************
sub defang_warning ($$) {
    my($oldfname, $fname) = @_;
    return
	"An attachment named '$oldfname' was converted to '$fname'.\n" .
	"To recover the file, right-click on the attachment and Save As\n" .
	"'$oldfname'\n";
}

sub filter_end ($) {
    my($entity) = @_;

    # If you want quarantine reports, uncomment next line
    # send_quarantine_notifications();

    # IMPORTANT NOTE:  YOU MUST CALL send_quarantine_notifications() AFTER
    # ANY PARTS HAVE BEEN QUARANTINED.  SO IF YOU MODIFY THIS FILTER TO
    # QUARANTINE SPAM, REWORK THE LOGIC TO CALL send_quarantine_notifications()
    # AT THE END!!!

    # No sense doing any extra work
    return if message_rejected();

    # Spam checks if SpamAssassin is installed
    if (($Features{"SpamAssassin"}) && should_check_for_spam($Recipients[0])) {
	if (-s "./INPUTMSG" < 200*1024) {
	    # Only scan messages smaller than 200kB.  Larger messages
	    # are extremely unlikely to be spam, and SpamAssassin is
	    # dreadfully slow on very large messages.
	    if ($hits >= $req) {
                md_log('spam', $hits, $RelayAddr);
		my($score);
		if ($hits < 40) {
		    $score = "*" x int($hits);
		} else {
		    $score = "*" x 40;
		}

		# We add a header which looks like this:
		# X-Spam-Score: 6.8 (******) NAME_OF_TEST,NAME_OF_TEST
		# The number of asterisks in parens is the integer part
		# of the spam score clamped to a maximum of 40.
		# MUA filters can easily be written to trigger on a
		# minimum number of asterisks...
		action_change_header("X-Spam-Score", "$hits ($score) $names");

 		action_change_header("Subject","**** SPAM **** $Subject");

		# If you find the SA report useful, add it, I guess...
		action_add_part($entity, "text/plain", "-suggest",
				"$report\n",
				"SpamAssassinReport.txt", "inline",0);
	    } else {
		# Delete any existing X-Spam-Score header?
		action_delete_header("X-Spam-Score");
	    }
	}
    }
}

#####################################################################################
# Procedures for spam check
#####################################################################################

sub read_spam_list () {
    my($addr);

    # Do nothing if already in memory
    return if defined($SV_ReadSpamList);

    # Read the file
    unless(open(SPAMCHECK, "/etc/mail/spamcheck.users")) {
	syslog('err', "Unable to read /etc/mail/spamcheck.users: $!");
	return;
    }

    undef %SV_SpamAddresses;
    while(<SPAMCHECK>) {
	chomp;

	# Trim leading/trailing whitespace
	s/^\s*//;
	s/\s*$//;

	# Ignore blank lines and lines beginning with "#"
	next if (/^\#/);
	next if (/^$/);

	# Make lower-case; remove angle-brackets
	$addr = lc($_);
	$addr =~ tr/<>//d;

	$SV_SpamAddresses{$addr} = 1;
    }
    close(SPAMCHECK);
}

sub should_check_for_spam ($) {
    my($recip) = @_;
    $recip = lc($recip);
    $recip =~ tr/<>//d;
    return 1 if (defined($SV_SpamAddresses{$recip}));
    return 0;
}

# Stream message if required.  If some recipients are on spam
# list and others are not, re-mail two copies: One to the spam list
# and the other to those not on the spam list.
sub stream_by_spam_list () {
    my(@on_list, @off_list, $recip);
    foreach $recip (@Recipients) {
	if (should_check_for_spam($recip)) {
	    push(@on_list, $recip);
	} else {
	    push(@off_list, $recip);
	}
    }

    if ($#on_list >= 0 && $#off_list >= 0) {
	# Some on, some off -- remail
	resend_message(@on_list);
	resend_message(@off_list);
	$TerminateAndDiscard = 1;
	return 1;
    }
    return 0;
}

# DO NOT delete the next line, or Perl will complain.
1;


