Mail Avenger lets you reject mail based on message contents, before
your mail server accepts delivery of mail from a remote client. This
has two benefits. First, it can save load on your mail server.
Second, and more important, it allows you to reject spam and viruses
without silently discarding them, but while also minimizing unwanted
bounces to innocent third parties.
#!/bin/sh edinplace prec="`formail -czx precedence:`" case "$prec" in list|junk|bulk) echo You appear to be sending mailing list \ mail to an address echo that does not accept mailing list \ messages. If you\'d like echo to try again, remove the following \ header field from the echo message before re-sending: echo " Precedence: $prec" exit 100 ;; esac for field in list-unsubscribe mailing-list do edinplace val="`formail -X $field:`" if test -n "$val"; then echo You appear to be sending mailing list \ mail to an address echo that does not accept mailing list \ messages. If you\'d like echo to try again, remove the following \ header field from the echo message before re-sending: echo " $val" exit 100 fi doneThis script makes use of the formail program that comes with Procmail. Note the use of edinplace(8) with no arguments, which rewinds the offset of standard input, so as to be able to run formail repeatedly over the same message.
Next, make the script executable by running the command chmod +x $HOME/.avenger/scripts/no-list. Finally, invoke the script as a bodytest, by placing the following in your $HOME/.avenger/rcpt file:
errcheck bodytest $PWD/scripts/no-lists(Note that errcheck rejects mail based on some basic default criteria, since if the mail fails those tests, there is no point in running a test over the message body.)
Ordinarily, spam and viruses come from forged email addresses. Bouncing such mail therefore causes an innocent third party to receive an unwanted bounce message. On the other hand, since no spam or virus filter is 100% effective, there is always the slim possibility of a "false positive"--some important email getting mischaracterized as spam. Silently discarding such messages can have serious consequences. For that reason, many people bounce spam back to the sender. (Many people also bounce viruses, though this is less defensible, since if you know which virus is infecting a mail message, you probably also know whether that virus typically forges sender addresses or not.)
Mail Avenger offers a good solution to this trade-off. By rejecting mail during the SMTP session, your sever never has to generate a bounce message. If the SMTP client is a legitimate mailer, it will generate a bounce of its own. Thus, you will never silently discard mail. In the common case that the client is a virus or spambot, no bounce will be generated at all.
This example shows how to reject mail with the ClamAV virus checker and SpamAssassin mail filter. Start by creating a an executable script called $HOME/.avenger/scripts/clam-and-spam containing the following:
#!/bin/sh edinplace out="`clamscan -i --no-summary --mbox - 2>&1`" if test "$?" = 1; then echo This message appears to be infected with a virus printf "%s\n" "$out" \ | sed -e '/Warning:/d' -e 's/^[^:]*: //' | sort -u exit 100 fi out="`edinplace -x 111 spamassassin -e 100`" case "$?" in 0) exit 0 ;; 100) echo Sorry, spamassassin has flagged your message \ as spam while read a b c; do test "$a $b" = "Content analysis" && break done read a read a read a while read a b c; do case "$a" in "") break ;; -*) ;; [0-9]*) printf " %s\n" "$c" ;; *) printf " %s\n" "$a $b $c" ;; esac done exit 100 ;; *) if test -n "$out"; then echo spamassassin failure: printf "%s\n" "$out" else echo system error in spamassassin fi exit 111 ;; esac
Next, make the script executable by running the command chmod +x $HOME/.avenger/scripts/clam-and-spam. Finally, invoke the script as a bodytest, by placing the following in your $HOME/.avenger/rcpt file:
errcheck bodytest $PWD/scripts/clam-and-spamThis example is explained in more detail in the examples section of the avenger(1) man page.