Mail Avenger lets you reject mail based on message contents, before
your mail server accepts delivery of mail from a remote client. This
has two benefits. First, it can save load on your mail server.
Second, and more important, it allows you to reject spam and viruses
without silently discarding them, but while also minimizing unwanted
bounces to innocent third parties.
#!/bin/sh
edinplace
prec="`formail -czx precedence:`"
case "$prec" in
list|junk|bulk)
echo You appear to be sending mailing list \
mail to an address
echo that does not accept mailing list \
messages. If you\'d like
echo to try again, remove the following \
header field from the
echo message before re-sending:
echo " Precedence: $prec"
exit 100
;;
esac
for field in list-unsubscribe mailing-list
do
edinplace
val="`formail -X $field:`"
if test -n "$val"; then
echo You appear to be sending mailing list \
mail to an address
echo that does not accept mailing list \
messages. If you\'d like
echo to try again, remove the following \
header field from the
echo message before re-sending:
echo " $val"
exit 100
fi
done
This script makes use of the formail program
that comes with Procmail. Note the use of edinplace(8) with no
arguments, which rewinds the offset of standard input, so as to be
able to run formail repeatedly over the same
message.
Next, make the script executable by running the command chmod +x $HOME/.avenger/scripts/no-list. Finally, invoke the script as a bodytest, by placing the following in your $HOME/.avenger/rcpt file:
errcheck bodytest $PWD/scripts/no-lists(Note that errcheck rejects mail based on some basic default criteria, since if the mail fails those tests, there is no point in running a test over the message body.)
Ordinarily, spam and viruses come from forged email addresses. Bouncing such mail therefore causes an innocent third party to receive an unwanted bounce message. On the other hand, since no spam or virus filter is 100% effective, there is always the slim possibility of a "false positive"--some important email getting mischaracterized as spam. Silently discarding such messages can have serious consequences. For that reason, many people bounce spam back to the sender. (Many people also bounce viruses, though this is less defensible, since if you know which virus is infecting a mail message, you probably also know whether that virus typically forges sender addresses or not.)
Mail Avenger offers a good solution to this trade-off. By rejecting mail during the SMTP session, your sever never has to generate a bounce message. If the SMTP client is a legitimate mailer, it will generate a bounce of its own. Thus, you will never silently discard mail. In the common case that the client is a virus or spambot, no bounce will be generated at all.
This example shows how to reject mail with the ClamAV virus checker and SpamAssassin mail filter. Start by creating a an executable script called $HOME/.avenger/scripts/clam-and-spam containing the following:
#!/bin/sh
edinplace
out="`clamscan -i --no-summary --mbox - 2>&1`"
if test "$?" = 1; then
echo This message appears to be infected with a virus
printf "%s\n" "$out" \
| sed -e '/Warning:/d' -e 's/^[^:]*: //' | sort -u
exit 100
fi
out="`edinplace -x 111 spamassassin -e 100`"
case "$?" in
0)
exit 0
;;
100)
echo Sorry, spamassassin has flagged your message \
as spam
while read a b c; do
test "$a $b" = "Content analysis" && break
done
read a
read a
read a
while read a b c; do
case "$a" in
"")
break
;;
-*)
;;
[0-9]*)
printf " %s\n" "$c"
;;
*)
printf " %s\n" "$a $b $c"
;;
esac
done
exit 100
;;
*)
if test -n "$out"; then
echo spamassassin failure:
printf "%s\n" "$out"
else
echo system error in spamassassin
fi
exit 111
;;
esac
Next, make the script executable by running the command chmod +x $HOME/.avenger/scripts/clam-and-spam. Finally, invoke the script as a bodytest, by placing the following in your $HOME/.avenger/rcpt file:
errcheck bodytest $PWD/scripts/clam-and-spamThis example is explained in more detail in the examples section of the avenger(1) man page.