[Mimedefang] dictionary attacks looking for a valid user

Jan Pieter Cornet johnpc at xs4all.nl
Fri Dec 16 17:13:54 EST 2005

On Fri, Dec 16, 2005 at 04:11:52PM -0500, David F. Skoll wrote:
> > Can the "socket map" feature be put to work here?
> Unfortunately, a filter_map call is called "outside" the context
> of a message -- in other words, there's no way to associate a filter_map
> call with a milter session.

Well, in theory you could pass $i (the queue ID) to the map, next to
the value you "need", and then go to /var/spool/MIMEDefang/mdefang-$i
and read the COMMANDS file there, and possibly leave some sort of
marker file if necessary, to be picked up by a later filter_* call.

However, that is diving into an undocumented area (mimedefang doesn't
guarantee that it uses the queue ID in this way to generate the working

> The SOCKETMAP support was added so our commercial CanIt products can
> allow users to configure (the equivalent of) mailertable and access
> via a Web interface, and not have to hack Sendmail map files.  It can
> let you do some pretty neat things, but probably not what you need.

Aha :)

#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet

More information about the MIMEDefang mailing list