Antivirus/Antispam Scanning for Novell BorderManager Mail Proxy
Novell Cool Solutions: Feature
Digg This -
Posted: 25 May 2004
Antivirus / Antispam Scanning for Novell BorderManager Mail Proxy
Here's a solution that scans incoming mails from the Novell BorderManager Mail Proxy for viruses and spam. Richard Mallett, a user on the Novell public forums, has come up with a short PERL script which can be used to scan incoming mail from the Mail Proxy. This script listens on the secondary IP address where the Novell BorderManager Mail proxy is pointing. The script uses a text-matching scan to find out objectionable words and file attachments with in the mail.
With more people surfing the Net, the amount of unsolicited e-mail grows. The process of sending unsolicited e-mail to large, untargeted lists, or through mailing list discussion groups or Usenet newsgroups, is known as "spamming."
There are many solutions to avoid spamming. One is to have a Anti-Spam tool; another is to have anti-spam resources. For the Novell BorderManager proxy, anti-spam features are not available for spam messages sent through the proxy to the mail server.
The limitations of Novell BorderManager Mail proxy are:
- Mail proxy of Novell BorderManager (NBM) is a SMTP server, but not a POP3 server. So mails can be sent using the mail proxy as a mail server, but the proxy only relays incoming so it cannot be used as a POP3 server.
- Mail proxy only supports one internal mail server.
The setup is very simple and is an inbox solution for scanning incoming mail from the proxy: Internet ----> Novell BorderManager -----------> Internal Mail Server
This solution is designed to act as a relay between BM's incoming-mail Mail Proxy and the internal mail server, using SMTP. It checks all incoming mail against a filter list (sys:\filtlist.txt). You can enter undesired words or phrases in filtlist.txt, each on a separate line (do not add blank lines). Use only alphanumeric characters, as others (e.g., '.') may be interpreted as PERL expressions. Put spaces on either side of short words to prevent them from being filtered in e-mails with longer words that contain the shorter word. (e.g., 'Middlesex' - a county in England - contains the word 'sex', so use ' sex ' instead, without the quotes of course).
Anything that matches the filter list is dumped to sys:\filtered.log, with a summary of the reason in sys:\filtword.log. It's very easy to accidentally filter a valid e-mail, so keep an eye on the filter logs.
To use the PERL script,
- Save the code(PERL script) to sys:\perl\scripts
- Make sure Perl 5 is present on your server (e.g.. as on Netware 5.0).
- Change the 'orac4' bit in the attached sample script to your e-mail server's domain name.
- If there's already something on port 25, add a secondary IP address,
- Change the IP address in the sample script from "\x0A\x01\x02\x04" to the real IP address (in hexadecimal).
- Point your Bordermanager Mail Relay to this IP address.
- Run the sample script code (perl relay.pl).
For example, suppose that the filters list has "Novell" as a word to be dropped. The screen below shows the results when a message is scanned and the word "Novell" is found. The mail is not forwarded once the restricted word (Novell) is found; it will be rejected as spam:
A cleared mail message produces these results:
The user will not immediately know the mail is spam. But on reading the first mail, the user can attribute it to be a spam and make an entry in the sys:\filtlist.txt, blocking similar messages in the future. The user can use experience as a guide in entering words and e-mail addresses in the spam filter list.
The above is a simple tool that can control spam messages from the Novell BorderManager to the internal mail servers. The following test scenarios were used:
- Mail Servers : Microsoft Exchange, Netmail
- Clients: Outlook Express,Groupwise Client
- NBM: NBM38
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com