[Mimedefang] all_spam_to abuse

Tue Feb 21 16:38:04 EST 2012

>To do what you need: read the mimedefang-filter page and look for
>stream_by_recipient.  Be very careful to discard, not bounce,
>messages that have been streamed.  Otherwise, you risk generating
>backscatter.

Hello again,

Indeed the point of using MIMEdefang is the possibility to reject a email during the SMTP transaction, instead of accepting the email to only silently delete it later.  I wanted to avoid using stream_by_recipient specifically for that reason, as well as the fact it seems to add quite a bit of load on a busy server.

I ended up doing what I thought, which was hack a means to check the all_spam_to users.  I added this in my  filter_end().  I am not a very good perl coder but it seems to work;

                if ($hits >=$req + 10) {
                   md_syslog('info',"REJECTED $QueueID - score: ($hits) - RULES: $names, $RelayAddr");
                   action_bounce("Message rejected for policy reasons, contact your system administrator for more details");
                }

                if (($names =~ m/ALL_SPAM_TO/i) && (($hits + 100) >= $req+10)) {
                   $tmp_score = ($hits +100);
                   md_syslog('info',"$QueueID sent to whitelisted address with score $tmp_score");
                   #remove recipients
                   foreach (@Recipients) {
                      delete_recipient($_);
                      md_syslog('info', "Removing recipient $_ from $QueueID");
                   }
                   open FILE, "</etc/mail/spamassassin/local.cf";
                   my @ast_recipients;
                   my %sa_ast_count;
                   my @ast_isect;
                   @raw_sapref=<FILE>;
                   foreach (@raw_sapref) {
                      ($allspamto,$ast_email) = split(/\s+/);
                      if ($allspamto eq "all_spam_to") {
                         push (@ast_recipients,"<".$ast_email.">");
                      }
                   }
                   close FILE;
                   @ast_isect = ( );
                   %sa_ast_count = ( );
                   foreach $ast_item (@Recipients, @ast_recipients) { $sa_ast_count{$ast_item}++;}

                   foreach $ast_item (keys %sa_ast_count) {
                   if ($sa_ast_count{$ast_item} == 2) {
                      push @ast_isect, $ast_item;
                   }
                @Recipients = ();
                @Recipients = @ast_isect;
                #add them back
                foreach (@Recipients) {
                   if ($_ ne "") {
                      add_recipient($_);
                      md_syslog('info', "Re-adding recipient $_ from $QueueID");
                   }
                }
                }
                md_syslog('info', "I will be only delivering to  @Recipients for $QueueID");
                action_change_header('Subject', "[**WHITELISTED-SPAM**] $Subject");
                }

So this mecanism allows me to reject during the SMTP transaction emails that have a horrendous score, yet deliver in the case that one or more recipients are whitelisted/abuse addresses, without the penalty of having to seperate each and every incoming email that may have more than one recipient.  And I did not want to give up the feature that few milters have, that is to return a 5xx error during the SMTP transaction when email is rejected.  As far as I found, milter-spamc can reject inline (yet will whitelist all recipients if one of them is, and there is no workaround), and MIMEdefang.

List, please comment if you see anything blatantly wrong with this.  Of course if I was looking for a way to have per-user scoring, then I would of course be forced to use the stream_by_recipient.  Am I wrong in assuming that the email will be checked by SpamAssassin as many times as there are recipients in the case of stream_by_recipient?

C. Flav