[Pymilter] other problems being chased

Stuart D. Gathman stuart at bmsi.com
Fri Apr 23 15:03:08 EDT 2004 

On Fri, 23 Apr 2004, Eric S. Johansson wrote:

> when you are running camram filtering at the delivery agent level, this 
> is not a problem.  It works OK but when you start doing things at the 
> milter level, it gets interesting.  For example, if a message is 
> delivered to a at x.c, b at x.c, c at x.c and b,c have individual filtering, what 
> happens when c marks the message as spam and holds it back?  The answer 
> is unpleasant.  the filter needs to tell the milter to remove c from the 
> list of recipients.
> 
> now I am sure there is some way to do this.  And I will probably know 
> how to do it in about an hour.  But right now, I'm a bit puzzled.

If you want to remove a specific recipient, call delrcpt() from eom().
bms.py also has a del_recipient() that can be called earlier.  It just
accumulates a list to remove in eom().  I have suggested adding
basic tools like del_recipient() and add_header() (allows headers to
be added before eom() - just queue 'em up and add later) to Milter.py,
but have gotten strong resistence.  There seems to be a demand for
a "bare bones" OO interface to libmilter.  So such features would
go into an extended class derived from Milter.

In bms.py, the dspam support faces a similar problem.  Originally,
I just did delrcpt() for the dspam user whose dictionary thought it was spam.
(If you end up deleting all recipients, sendmail will DISCARD it
automatically.)

But then, I started discarding the message, and saving the original
recipient list in the quarantined message.  The other recipients don't
see the message unless the dspam user that quarantined it reports it
as a false positive.  Now, this policy is not for everyone, but at our
typical customer with 20-70 employees, this saves a lot of spam deleting.

In fact, I went one step further: designated employees are flagged as
"screeners" - messages that look like spam to their dictionary are
quarantined (to the screeners quarantine box) even when the screener is *not*
the recipient.  It gets delivered to the original recipient if the screener
marks it as a false positive.  This lets 1 or 2 employees do the bulk of spam
scanning for the rest of the company.  There is usually one employee who
actually enjoys this sort of work (spams are often good for a laugh).

Furthermore, I am a screener for customers that don't want to deal with
a spam interface at all.  Their mail goes through my server, and if my
dictionary thinks it is spam it gets quarantined.  It gets delivered
to the original recipient if I mark it as a false positive - often after a
phone call to ask whether they really signed up for "News at Noon" (no they
didn't).

This system needs to be extended so that screeners can screen a subset
of all mail users.  Our larger customers have departments whose legit
mail differs quite a bit from each other - so having a screener screen only
their own department would increase accuracy.  (Because other peoples mail
that is not quarantined doesn't affect their dictionary - so it doesn't
adapt to innocent mail unless they get the same kind of mail they are
screening.)  However, the addition of SPF has greatly increased accuracy
already.

-- 
	      Stuart D. Gathman <stuart at bmsi.com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

More information about the Pymilter mailing list