[Mimedefang] action_discard after action_bounce redudant? Also, adding headers for SA reporting?

Wed Jul 30 11:52:34 EDT 2008

I've only been using MD for a couple months now so I'm still learning all
the inner-workings. Previously I used MailScanner, but hated how it accepted
all mail and spam filtering was done post-process...

Anyhow... Here's my first question:

In the sample config file, I noticed that the code for bouncing a message
was like:

	action_bounce("MIME type message/partial not accepted here");
	return action_discard();

However, after reading the man page, the text says that action_bounce is
supposed to reject the message and not notify the recipient(s). So why would
the code also use an action_discard afterwards? Couldn't one simple do the
following?

return action_bounce("MIME type message/partial not accepted here");

Or is it just safer to do the first with both subs?

-----------------------------------------

My second question has to do with mail quarantine and SA reporting.

If a message is determined to be spam, then I obviously want it to bounce
while they are connected. However, at the same time I would like to save
some of the spam so that I can train my bayes and also send some reports to
sites like spamcop, razor, etc...

At first I tried the quarantine sub, but the problem is it doesn't generate
the last local header that sendmail normally does. This causes some
complications with SA and reporting since it can end up trusting some relays
that it shouldn't.

So then I tried to strip all recipients and have it go to a dedicated spam
user. But with the bounce it was discarding before sendmail would receive it
and never got sent.

So now I'm back to a heavily modified quarantine subroutine using some of
the code to synthesize a return header and prepend it to the message before
writing the quarantine file. I'm currently waiting for some spam to see if
it writes the header properly... But I would of thought there should have
been an easier way.

---------------------------

My third question has to do with hostname lookups....

Again, from the man file, doing the 'read_commands_file' should populate
certain variables. But I noticed on quite a few occations that
$RelayHostname (and also the variable if you read in at the beginning of the
various filter subs) are not always resolving to a hostname when they
should. I don't know if it is a bug in the code or it happens at a later
step or what. But I overcame that by doing my own hostname lookup routine.

---------------------------

All in all, I'm happy with MD. It's been a few years since coding in Perl so
I was a little rusty, but after dusting off the old books and a couple hours
of elbow grease everything has been coming together nicely.

My first task was coding a decent greylisting routine using sqlite which was
easy enough. The sample code posted in the wiki is horribly broken, I do
plan on posting mine once I add a few more features in. I still want to add
in some whitelisting based on sender and/or recipient.

I also added code to check the hostname (PTR) for dynamic-ish looking
sources to reject, and also make sure there was a PTR. After those checks I
do a forward lookup from the domain given in the PTR to see if it matches
the IP, if not it will fallback to looking up the MXs (or A record) from the
domain given in the sender's email address.

Between the greylisting and validity checks, very little actual spam ever
reaches the stage where it is processed by SpamAssassin (which is good I
guess). I always check my logs for a few days after making any changes to
ensure I don't have any false positives. That's how I noticed the whole
RelayHostname was broken.

If anyone would like to see my code I can post it to the list or email it to
you directly.

Jason