[Mimedefang] Help with filter script to attach original SPAM as message/rfc822

Michael Sims michaels at mail3.crye-leike.com
Fri Feb 28 13:41:01 EST 2003 

Hi,

First of all, let me say that MIMEDefang is really an amazing product.  I
toyed with amavisd-new for about 3 days and never could get it to behave
quite the way I wanted.  I tried MIMEDefang as a last resort and was amazed
at how easy it was to install and configure.  Kudos to the author...

This is my first post to this list; I searched the archives for posts
related to what I'm trying to do, but couldn't find them.  My apologies if
this has been discussed before.

I've customized my mimedefang-filter script so that when it encounters a
message that SpamAssassin thinks is "probably spam" (i.e. hits >= required)
it replaces the body of the message with the spam warning/report and
attaches the complete original message as a new message/rfc822 part.  I'm
doing this because my end users complain about being embarrased in our
computer labs when they open an email that is unexpected pornography.  With
this method they are seeing the spam report first and are warned not to open
the attached message unless they are sure what it is.

I toyed with several different methods to accomplish this (and have learned
a lot about MIME::Entity in the process), but I've finally settled on one
that will work.  The problem is, I think it's probably very inefficient.  I
was wondering if anyone on the list could take a look and suggest
improvements.

The first problem is I'm opening a filehandle to INPUTMSG to get the
complete original message.  I couldn't find a way to get it in it's entirety
by only accessing the MIME::Entity instance.

Secondly, I couldn't find a way to create a new MIME::Entity instance from
the original raw message without using MIME::Parser.  This module is marked
as experimental and I'm concerned that I may run into problems with it.

Anyway, here is the relevant portion of my script.  Any feedback or
suggestions are appreciated:

---BEGIN---
if ($hits >= $req) {

  # Quarantine the message for debug purposes
  action_quarantine_entire_message();

  # If the message is "probably spam" according to SA,
  # replace the message body with the spam report and
  # attach the entire original message as message/rfc822

  # Build container object for original message
  my $container   = MIME::Entity->build(
    Type => 'message/rfc822',
    Data => [ "" ]
  );

  # Build new MIME::Entity containing original message
  # by parsing the full message text with MIME::Parser
  my $parser      = new MIME::Parser;
  open(IN, '< ./INPUTMSG');
  my $originalMsg = $parser->parse(\*IN);
  close(IN);

  # Add original message to container entity...
  $container->add_part($originalMsg);

  # Build the SA report
  my $reportPart  = MIME::Entity->build(
    Type => 'text/plain',
    Data => [ $report ]
  );

  # Replace all existing parts of the current message with
  # the SA report
  $entity->parts([$reportPart]);

  # Rewrite the MIME boundary so that it's different from
  # the one in the attached original message
  $entity->head->mime_attr(
    'content-type.boundary'
      => "----------=_".scalar(time)."-$$-343"
  );

  # Add the container and rebuild the message
  $entity->add_part($container);
  action_rebuild();

}
----END----

___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648  Pager: (901)769-3722
___________________________________________

More information about the MIMEDefang mailing list