Detecting the use of BCC from the content filter
This is a simple content filter rule that will help you in filtering messages where the current destination was BCC’d rather then being listed in the TO or CC field.
Note that this will trip on most mailing lists — This is correct behaviour, unless the mailing list fills in the recipient’s name in the TO field (and most do not), lists are essentially using BCC.
It only works reliably in the LocalQ, it won’t work in the RemoteQ unless you turn off smartspooling, and it only works for mail received via SMTP, not MultiPOP or DomainPOP.
[Rule001]
RuleName=Detect BCC’d messages
Enable=No
ThisRuleCondition=All
ProcessQueue=LOCAL
Condition01=TO|does not contain|AND|$HEADER:X-Rcpt-To$|
Condition02=CC|does not contain|AND|$HEADER:X-Rcpt-To$|
Action01=add header|”X-BCC”,”True”
To use this rule, copy the above text and paste it into the very top or very bottom of your MDaemonAppcfrules.dat file using Notepad, then open the content filter dialog in MDaemon and enable the rule.
No semaphore files needed, no need to restart MDaemon.
MDaemon’s eventlog codes
MDaemon generates a number of entries in the Windows eventlogs to assist administrators in monitoring for specific important events. Below is a list of the various eventlog codes that MDaemon uses at this time:
| 500 | **** ALERT **** ODBC DSN %s for list %s could not be opened; message to list was not sent to ODBC members [EvODBC] |
| 501 | **** ALERT **** RFC 2822 states that you MUST define a %s alias [EvRFC] |
| 502 | **** ALERT **** Network subsystem failure, WINSOCK.DLL not loaded [EvNetwork] |
| 503 | **** ALERT **** %s %s:%d could not be initialized [EvNetwork] |
| 504 | **** ALERT **** DNS server IP address is blank; please provide a DNS server IP [EvDNS] |
| 505 | **** ALERT **** MDaemon’s database connection failed so MDaemon was forced to refuse a mail session [EvDatabase] |
| 506 | **** ALERT **** %s tried to send a message as %s without proper authentication [EvSecurity] |
| 507 | **** ALERT **** MDaemon could not start because NTUtil.dll could not be loaded, err:%d [EvDLL] |
| 508 | **** ALERT **** LDaemon LDAP server could not be started [EvProcess] |
| 509 | **** ALERT **** MDaemon could not start because CFilter.dll could not be loaded [EvDLL] |
| 510 | **** ALERT **** MDaemon could not start because MDUser.dll, MDUserODBC.dll, or MDUserLDAP.dll could not be loaded [EvDLL] |
| 511 | **** ALERT **** MDaemon could not start because MDCalendar.dll could not be loaded [EvDLL] |
| 512 | **** ALERT **** MDaemon could not start because MDList.dll could not be loaded [EvDLL] |
| 513 | **** ALERT **** Failed to start process %s (FailPoint: %d, Error: %d/%d) [EvProcess] |
| 514 | **** ALERT **** Failed to start process CFENGINE.EXE; mail can be queued but not delivered (FailPoint: %d, Error: %d/%d) [EvProcess] |
| 515 | **** ALERT **** Failed to start process %s as user ‘%s’ on ‘%s’; started as default user instead; (FailPoint: %d, Error: %d/%d) [EvProcess] |
| 521 | **** ALERT **** %s gave false logon/password to POP server; user: %s [EvSecurity] |
| 522 | **** ALERT **** The ‘[Special] RefuseNULLReturnPath’ option is set to YES in MDaemon.ini; this is an RFC violation [EvRFC] |
| 523 | **** ALERT **** RFC does not require that HELO or MAIL identification match to the sending server yet MDaemon is configured to refuse mail in these cases (Reverse Lookup properties) [EvRFC] |
| 524 | **** ALERT **** $AVLONGPRODUCTNAME$ subscription/trial has expired; contact %s or visit http://www.altn.com for renewal instructions [EvSecurity] |
| 525 | **** ALERT **** WorldClient was expected to be running but wasn’t; restart attempt was %s [EvProcess] |
| 527 | **** ALERT **** Spam Filter did not respond within expected time limit; CFEngine may have stopped responding; it will be stopped and restarted [EvProcess] |
| 528 | **** ALERT **** MDaemon requires an installed and enabled Network Interface Card; software can not load [EvDLL] |
| 529 | **** ALERT **** RFC 2142 states that you MUST define an %s alias [EvRFC] |
| 530 | **** ALERT **** Attempt to logon and impersonate user ‘%s’ on domain %s failed (Thread ID: %d, Error: %d) [EvProcess] |
| 531 | **** ALERT **** AntiVirus did not respond within expected time limit; CFEngine may have stopped responding; it will be stopped and restarted [EvProcess] |
| 532 | **** ALERT **** MDaemon could not load HashCash.dll. HashCash stamps can not be minted [EvDLL] |
| 533 | **** ALERT **** MDaemon could not start MDSpamD.exe. AntiSpam services will not be possible [EvProcess] |
Happy monitoring!
IMAP.MRK file format
I managed to dig up some information on the IMAP.MRK file, for anyone brave enough to want to modify it pragmatically. The format is actually fairly simple, one header followed by zero or more message records.
If a MSG file has no corresponding record, MDaemon will update the IMAP.MRK file the next time an IMAP client or WorldClient user touches the folder, and the message will be treated as UNSEEN and UNREAD
The header is defined as follows:
struct IMAPMrkHeader
{
unsigned HeaderVersion;
unsigned UIDValidity;
unsigned UIDNext;
unsigned LastWriteCounter;
unsigned Filler0;
unsigned Filler1;
unsigned Filler2;
unsigned Filler3;
unsigned CRLF;
};
Each MSG file will have one record, which is defined as follows:
struct IMAPMrkMessage {
char Filename[MAX_IMAP_FILENAME];
unsigned char Flags;
unsigned UID;
unsigned Size;
time_t Date;
};#define FLAG_SEEN 32
#define FLAG_ANSWERED 16
#define FLAG_FLAGGED 8
#define FLAG_DELETED 4
#define FLAG_DRAFT 2
#define FLAG_RECENT 1
#define MAX_IMAP_FILENAME 23
#define IMAP_RECORD_SIZE 36
So what do all those fields mean?
- HeaderVersion is a tag to identify what file format the IMAP.MRK is using. The current value is 1. UIDValidity is the IMAP UID Validity for the folder. UIDNext is the UID that will be used for the next message added to the folder.
- LastWriteCounter is a value that changes whenever something has changed in the file. This was added when IDLE support was added to the IMAP server, so that there’s a quick way to check for changes (by comparing this one value rather than doing a compare of the entire file’s contents).When changing records in the file, lock the IMAP folder, increment the LastWriteCounter, change the records, then unlock the folder.
- UIDNext is the next UID to be assigned. To add records, lock the IMAP folder, increment the LastWriteCounter, and for each record you’re adding, use the current UIDNext value as its UID and then increment UIDNext.
So how do you lock a folder?
- Lock an IMAP folder by creating a file “IMAP-foldername-email.lck”, where foldername is a “filename-safe” version of the folder name (” and ‘/’ characters replaced with ‘_’) and email is the owner’s email address (use “public” for public folders). If the lock file already exists, something is currently operating on the IMAP.MRK so you should wait until it is unlocked before you lock it and continue.
Hope this helps someone.
keep looking »