Per-Recipient filtering (was: Re: [Mimedefang] filter question)
John Rudd
john at rudd.cc
Thu Sep 8 20:48:05 EDT 2005
On Sep 8, 2005, at 11:33 AM, <Matthew.van.Eerde at hbinc.com> wrote:
> David Koski wrote:
>> I'm looking for a filter to allow an opt-out per user using any type
>> of filtering (Or more in the case, I would prefer to allow the user
>> to opt-out of using SpamAssassin but not Clamav (But an example that
>> just allows the user to opt-out of any filter would be fine, gets me
>> started in the right direction)). I have a couple of system users
>> that I know we don't want to do any sort of Spam filtering on.
>
> Meh. There are certain deep and fundamental problems with this
> eminently natural feature request.
>
> That is to say, you have to accept the RCPT commands BEFORE you get to
> see the email message. And once you've seen the message, you have to
> accept it or reject it for ALL accepted recipients unilaterally.
> That's just how SMTP works.
So, this used to come up on the MailScanner list every so often (how do
I make sure each message has exactly 1 recipient? so I can do per-user
preferences). There is a way to do it with MS, but the problem is: MS
is run AFTER sendmail drops the message into a queue (MS runs with 2
sendmail instances; the daemon drops messages into
/var/spool/mqueue.in, MS munges them and then drops them into
/var/spool/mqueue, where a second sendmail running only as a queue
processor, picks them up), whereas MimeDefang is not. So, I don't know
if this technique would work for MimeDefang.
I'm presenting it not for the end user, but for those who might want to
experiment with it and see how it does or does not translate into
MimeDefang.
Here's the FAQ entry from MailScanner:
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/169.html
What it does, is cause sendmail to split messages into multiple copies,
one to each recipient. But I don't know if this is done in a way that
is compatible with milters. I mean, one possibility is that sendmail
invokes filter_relay, filter_sender, and filter_recipient on the
original message, reads the body, and then splits the message and
invokes the remaining filter commands on the individual messages.
I think that would be ideal. But, it may be that sendmail invokes the
splitting process too late for that (after all miltering has finished).
Or it may be that I am completely oblivious to how the miltering
process works, and it's just not possible to do what I just described.
So then you'd be in exactly the same situation you're in now. (and, I
don't see how it could invoke the splitting process any earlier than
that)
If someone does look into this, please post results to the list. I may
or may not end up getting a chance to tinker with this in the future,
but it almost certainly wont be any time soon.
(also note: we do not use this technique on our mailscanner systems, so
I can't even help on that level)
> But what I do is...
>
> I reject (action_bounce) all viral email. Users don't have a choice
> to opt-out of virus protection.
>
> I tag all spam (add a header, tweak the subject.) Users are stuck
> with spam... I don't action_bounce it. But they can set up custom
> spam handling preferences on their Inbox.
>
> Users who don't get much spam just have it go into their Inbox,
> reducing the consequences of false positives.
What we do now, since we use MailScanner, is replace viruses and bad
attachments with warnings, and tag spam. What I do at home, after
moving from MailScanner to MimeDefang, is reject viruses and bad
attachments during SMTP, reject spam with a score over 40, reject spam
if $names matches "IN_BLACKLIST" and not "IN_WHITELIST", or otherwise
tag spam.
(why "over 40"? because at one point I started using the AWL as a
blacklist/whitelist, running a script on my spam folder that submits
each message to the AWL for "blacklist"ing, so if the message score is
extremely high, then they were probably one of those senders)
In the near future, at work, we're moving anti-virus and bad attachment
checks to MimeDefang, for rejecting during SMTP (but only if the relay
is from outside our LAN; if it's from inside our LAN it's most
definitely from our CommuniGate Pro cluster, so it's an outbound
message ... and that would cause issues if we rejected it ... so we're
going to replace them instead of reject them ... the programmatic
nature of mimedefang-filter lets me do that).
It's still up in the air what we're going to do in the longer term.
Though, I'm more and more disillusioned by the vendors we originally
selected for evaluation (after our RFI process), and I'm re-considering
Roaring Penguin now that I have used MimeDefang.
More information about the MIMEDefang
mailing list