Linux - open source - freeBSD - UNIX » Modèle de Policy Rules sous Sophos Puremessage UX 5.3

janvier 2007
L	Ma	Me	J	V	S	D
« déc		fév »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Modèle de Policy Rules sous Sophos Puremessage UX 5.3

Posted on janvier 16th, 2007 by jerry.
Categories: Puremessage Unix.

Bonjour à toutes et à tous. Je vous propose ci-dessous un modèle de policy rules de Puremessage UX qui est en production sur mes MX et qu’on retrouve dans d’autres grosses boîtes qui utilisent Sophos Puremessage en antispam et antivirus de messagerie… Vous pouvez adapter les règles en fonction de vos besoins, cette configuration marche plutôt bien. :=)

La règle antispam suivante est utilisée : Lorsque la probabilité de Spam est supérieur à 50% on TAG le sujet

Source code for the policy script (Sieve) File: /usr/opt/pmx/etc/policy.siv require “PureMessage”;

# The 'pmx-test-mark' command is needed for the sample messages sent by the pmx-test program to be recognized. For sites running with high-mail volumes it might be a good idea to disable this actions as it prevents the relay tests from running as early as they otherwise could. See 'perldoc pmx-policy' for details about this command. pmx_test_mark; # attr NAME=Mail from internal hosts if pmx_relay :memberof “internal-hosts” { # The ‘pmx-mlog-watch’ depends on this to know which messages are outgoing and which are not. pmx_mark1 “i”; # attr NAME=Reject mail containing viruses if pmx_virus { # attr NAME=Allow unscannable messages to pass through if pmx_virus_cantscan { keep; stop; } reject “One or more viruses were detected in the message.”; stop; } } # attr NAME=Mail from external hosts else { pmx_add_header “X-PMX-Version” “%%PMX_VERSION%%”; pmx_mark “Size” “%%MESSAGE_SIZE%%”; pmx_mark1 “Mail-Entrant-Externe”; # attr NAME=Discard mail containing empty mail from if not envelope :comparator “i;ascii-casemap” :all :matches [”from”] [”*”] { pmx_mark1 “Mail-With-Empty-Mail-From”; discard; stop; } # attr NAME=Discard mail containing viruses if pmx_virus { # attr NAME=If no virus found but scan failed if pmx_virus_cantscan { # attr NAME=Allow mail with SOPHOS_SAVI_FILE_ENCRYPTED if pmx_virus_id :comparator “i;ascii-casemap” :contains [”SOPHOS_SAVI_FILE_ENCRYPTED”] { pmx_replace_header :index 0 “Subject” “[FILE_ENCRYPTED] %%SUBJECT%%”; pmx_mark1 “Mail-With-Encrypted-File”; keep; stop; } # attr NAME=Allow mail with SOPHOS_SAVI_FILE_TIMEOUT if pmx_virus_id :comparator “i;ascii-casemap” :contains [”SOPHOS_SAVI_FILE_TIMEOUT”] { pmx_replace_header :index 0 “Subject” “[FILE_TIMEOUT] %%SUBJECT%%”; pmx_mark1 “Mail-With-File-TIMEOUT”; keep; stop; } # attr NAME=Allow mail with SOPHOS_SAVI_NOT_SUPPORTED if pmx_virus_id :comparator “i;ascii-casemap” :contains [”SOPHOS_SAVI_NOT_SUPPORTED”] { pmx_replace_header :index 0 “Subject” “[NOT_SUPPORTED] %%SUBJECT%%”; pmx_mark1 “Mail-With–File-Not-Supported”; keep; stop; } # attr NAME=Allow mail with SOPHOS_SAVI_FILE_PART_VOL if pmx_virus_id :comparator “i;ascii-casemap” :contains [”SOPHOS_SAVI_FILE_PART_VOL”] { pmx_replace_header :index 0 “Subject” “[FILE_PART_VOL] %%SUBJECT%%”; pmx_mark1 “Mail-With-File-Part-Vol”; keep; stop; } # attr NAME=Allow mail with SOPHOS_SAVI_FILE_CORRUPT if pmx_virus_id :comparator “i;ascii-casemap” :contains [”SOPHOS_SAVI_FILE_CORRUPT”] { pmx_replace_header :index 0 “Subject” “[FILE_CORRUPT] %%SUBJECT%%”; pmx_mark1 “Mail-With-File-Corrupt”; keep; stop; } # attr NAME=Allow mail with SOPHOS_SAVI_SCAN_ABORTED if pmx_virus_id :comparator “i;ascii-casemap” :contains [”SOPHOS_SAVI_SCAN_ABORTED”] { pmx_replace_header :index 0 “Subject” “[SCAN_ABORTED] %%SUBJECT%%”; pmx_mark1 “Mail-With-File-Scan-Aborded”; keep; stop; } } pmx_mark1 “Mails-With-Virus”; discard; stop; } # attr NAME=Quarantine mail containing suspicious attachments with TFT if pmx_suspect_attachment :tft :inspect_archives { pmx_mark1 “Mails-With-Suspect-Attachment-TFT”; pmx_quarantine “SuspectTFT”; stop; } # attr NAME=Quarantine mail containing suspicious attachments if pmx_suspect_attachment :inspect_archives { pmx_mark1 “Mails-With-Suspect-Attachment”; pmx_quarantine “Suspect”; stop; } # attr NAME=Deliver mail from whitelisted hosts and senders if anyof(pmx_relay :memberof “whitelisted-hosts”, address :all :memberof “From” “whitelisted-senders”, envelope :memberof “From” “whitelisted-senders”, address :all :memberof “From” “whitelisted-senders-per-user”, envelope :memberof “From” “whitelisted-senders-per-user”) { keep; stop; } # attr NAME=Deliver mail to anti-spam opt-outs if envelope :memberof “to” “anti-spam-optouts” { keep; stop; } # attr NAME=Quarantine mail from blacklisted hosts and senders if anyof(pmx_relay :memberof “blacklisted-hosts”, address :all :memberof “From” “blacklisted-senders”, envelope :memberof “From” “blacklisted-senders”, address :all :memberof “From” “blacklisted-senders-per-user”, envelope :memberof “From” “blacklisted-senders-per-user”) { pmx_quarantine “Blacklisted”; stop; } # import levels here # ########## Antispam Rules ############# # Lorsque le Spam est supérieur à 50 on TAG le sujet # attr NAME=AntiSpam Rules - Spam ranking over 50%. - Action : Copie to quarantine, Subject Notification, Keep. if pmx_spam_prob :over 50 { pmx_mark1 “Spam-With-SpamProb-Over-Than-50″; pmx_file “Spam”; pmx_replace_header :index 0 “Subject” “[Suspected Spam with = %%PROB%%] : %%SUBJECT%%”; keep; } # Lorsque le Spam est compris en dessous de 50 nous laissons passer # attr NAME=AntiSpam Rules - Spam under 50% - Action : Keep message if pmx_spam_prob :under 50 { pmx_mark1 “Spam-With-SpamProb-under-50″; keep; stop; } # attr NAME=Add X-Header and deliver messages else { pmx_replace_header :index 0 “X-PerlMx-Spam” “Gauge=%%XGAUGE%%%%IGAUGE%%, Probability=%%PROB%%, Report=’%%HITS%%’”; stop; } }

0 comments.

Linux - open source - freeBSD - UNIX

Post Information

Pages

Categories

Blogoliste

Site Meta

Modèle de Policy Rules sous Sophos Puremessage UX 5.3