Data is located in an XML file in the Events directory and I use Microsoft XML Notepad 2007 to edit the XML file across my SMB network.
Sample VBScript.
Code: Select all
Option Explicit
'
' COM authentication
'
Private Const ADMIN = "Administrator"
Private Const PASSWORD = "*********"
'
' XMLDATA file is located in .\hMailServer\Events\
'
Private Const XMLDATA = "dynamic-lists.xml"
'******************************************************************************************************************************
'********** Functions **********
'******************************************************************************************************************************
Function Lookup(strRegEx, strMatch) : Lookup = False
With CreateObject("VBScript.RegExp")
.Pattern = strRegEx
.Global = False
.MultiLine = True
.IgnoreCase = True
If .Test(strMatch) Then Lookup = True
End With
End Function
Function oLookup(strRegEx, strMatch, bGlobal)
With CreateObject("VBScript.RegExp")
.Pattern = strRegEx
.Global = bGlobal
.MultiLine = True
.IgnoreCase = True
Set oLookup = .Execute(strMatch)
End With
End Function
Function HTMLClean(strHTML)
'
' <!-- ... --> PHP: "(<!--[^>]*-->)" JavaScript: "(<!--[\s\S]*?-->)"
' /* ... */ PHP: "(\/\*)[^>]*(\*\/)" JavaScript: "(\/\*)[\s\S]*?(\*\/)"
' <!--[\\s\\S]*?(?:-->)?<!---+>?|<!(?![dD][oO][cC][tT][yY][pP][eE]|\\[CDATA\\])[^>]*>?|<[?][^>]*>?
'
With CreateObject("VBScript.RegExp")
.Pattern = "(<style[\s\S]*?style>)|(\/\*[\s\S]*?\*\/)|(<[\s\S]*?>)"
.Global = True
.MultiLine = True
.IgnoreCase = True
HTMLClean = .Replace(strHTML, "")
End With
End Function
Function LoadXML(XMLFile)
Dim oApp : Set oApp = CreateObject("hMailServer.Application")
Call oApp.Authenticate(ADMIN, PASSWORD)
Dim oXML : Set oXML = CreateObject("MSXML2.DOMDocument")
oXML.Load(oApp.Settings.Directories.EventDirectory & "\" & XMLFile)
If oXML.parseError <> 0 Then
EventLog.Write( "XML ERROR - errorCode - " & oXML.parseError.errorCode ) ' Returns a long integer error code
EventLog.Write( "XML ERROR - reason - " & oXML.parseError.reason ) ' Returns a string explaining the reason for the error
EventLog.Write( "XML ERROR - line - " & oXML.parseError.line ) ' Returns a long integer representing the line number for the error
EventLog.Write( "XML ERROR - linePos - " & oXML.parseError.linePos ) ' Returns a long integer representing the line position for the error
EventLog.Write( "XML ERROR - srcText - " & oXML.parseError.srcText ) ' Returns a string containing the line that caused the error
EventLog.Write( "XML ERROR - url - " & oXML.parseError.url ) ' Returns the url pointing the loaded document
EventLog.Write( "XML ERROR - filePos - " & oXML.parseError.filePos ) ' Returns a long integer file position of the error
End If
Set LoadXML = oXML
End Function
Function LoadXMLNode(oXML, MyNode) : LoadXMLNode = ""
Dim Match, Matches, strTXT
Set Matches = oXML.selectNodes(MyNode)
strTXT = ""
For Each Match In Matches
strTXT = strTXT & Match.text & "|"
Next
If (Trim(strTXT) <> "") Then
LoadXMLNode = Left(strTXT,Len(strTXT)-1)
Else
EventLog.Write( "ERROR: Empty string from LoadXMLNode(oXML, " & MyNode & ")" )
End If
End Function
'******************************************************************************************************************************
'********** hMailServer Triggers **********
'******************************************************************************************************************************
Sub OnSMTPData(oClient, oMessage)
Dim oXML : Set oXML = LoadXML(XMLDATA)
Dim strRegEx
'
' Whitelist HELO
'
strRegEx = LoadXMLNode(oXML, "//Whitelist/HELO")
If Lookup(strRegEx, oClient.HELO) Then
Exit Sub
End If
'
' Reject HELO
'
strRegEx = LoadXMLNode(oXML, "//Reject/HELO")
If Lookup(strRegEx, oClient.HELO) Then
Result.Value = 2
Result.Message = "5.3.0 CODE01 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
Exit Sub
End If
End Sub
Sub OnAcceptMessage(oClient, oMessage)
Dim oXML : Set oXML = LoadXML(XMLDATA)
Dim strRegEx, Match, Matches
'
' Reject "Subject:"
'
strRegEx = LoadXMLNode(oXML, "//Reject/Subject")
Set Matches = oLookup(strRegEx, oMessage.Subject, False)
For Each Match In Matches
Result.Value = 2
Result.Message = "5.3.0 CODE02 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
Exit Sub
Next
'
' Blacklist "Body:"
'
strRegEx = LoadXMLNode(oXML, "//Blacklist/Bodytxt")
Set Matches = oLookup(strRegEx, oMessage.Body, False)
For Each Match In Matches
Result.Value = 2
Result.Message = "5.3.0 CODE03 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
Exit Sub
Next
Set Matches = oLookup(strRegEx, HTMLClean(oMessage.HTMLBody), False)
For Each Match In Matches
Result.Value = 2
Result.Message = "5.3.0 CODE04 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means."
Exit Sub
Next
End Sub
IF you edit the XMLDATA file with a text editor... Well, there are some limitations you should be aware of.. The text representation of reserved letters are:
Code: Select all
< <
> >
& &
" "
' '
Code: Select all
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<Root>
<Reject>
<HELO>(0\.0\.0\.0)</HELO>
<HELO>(127(?:\.[0-9]{1,3}){3})</HELO>
<HELO>^(masscan)$</HELO>
<HELO>^(ylmf\-pc)$</HELO>
<From>(Sweetme)|(Kira Johns)|(July Girl)|(Hot Mama)|(Little Miss)</From>
<From>(Baby Boobs)|(Booby Girl)|(Booby Booms)</From>
<Subject>^(yo|hi|sup|hello|greets|hey t?here)(!?)(.?)(8?-?\)?)?$</Subject>
</Reject>
<Blacklist>
<X-Envelope-From>^(.*\@.*bitcoin.*)$</X-Envelope-From>
<From>(Tim Kristiansen)</From>
<Bodytxt>(I have a proposal)</Bodytxt>
<Bodytxt>(You are receiving this email because you opted in via our website)</Bodytxt>
<IPRange>^216\.82\.(2(4[0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$</IPRange>
</Blacklist>
<Whitelist>
<X-Envelope-From>^(security\@facebookmail\.com)$</X-Envelope-From>
<X-Envelope-From>^(noreply\@fitnessworld\.com)$</X-Envelope-From>
<From>(account-update\@amazon\.com)</From>
<From>(\@id\.apple\.com)</From>
<HELO>^(VVS-WEB)[0-9]{2}(\.localdomain)$</HELO>
<HELO>^(app)[0-9]{2}(-shippii-com)$</HELO>
<HELO>^(LouisesMatebookX)$</HELO>
<HELO>^(LAPTOP08MT84VB)$</HELO>
</Whitelist>
<Ransomeware>
<Bodytxt>(https://dl.dropboxusercontent.com/s/)</Bodytxt>
<Bodytxt>(https://www.dropbox.com/meta_dl/)</Bodytxt>
</Ransomeware>
</Root>