>>Anthother proposed feature:
>>defang_bad_header is only called if the email does not fall into any
>>other class i.e. the mail is not: "CLEAN", "VIRUS", "BANNED", ... how
>>about making $defang_bad_header orthogonal to all other classes.
>>
>>Usually you do not want to defang spam. But still you want to defang
>>every mail with bad_headers to protect mail clients and ensure the
>>validity of index files, filter rules,...
>
>When defanging is underway (for any reason), header will be cleaned
>regardless of the reason for defanging (now in -pre6).
I think that my previous posting did not clearly state my idea. Here
comes my
explanation :-):
You're right _when_ defangig is underway, header will be cleaned. But
usually
you do not defang anything but VIRUS, BANNED and BAD_HEADER. Especially
DEFANG_SPAM is often set to 'false'.
Here comes the catch. Take this example:
assume c('defang_bad_header') == true and all other c('defang_*') ==
false
a mail comes in with a really, really bad headers that you want to
defang at all costs
(e.g. non RFC-conform header with bufferoverflow for some MUA)
if the message
- is classified as a mail bomb (i.e. $hold is not '') OR
- contains a virus OR
- contains a banned_filename OR
- is undecipherable OR
- is classified as spam OR
the message passes amavis without defanging as it is configured to do
so. everything
is fine - nothing is buggy. Yet I'd not be too happy about amavis
letting this
bad_header pass without defanging.
It is amavis' philosphy that an action is chosen just on the
classification of a mail,
and that each mail has a single unique classification. I understand
that, and think that
it is usually the adequate way to keep amavisd-new structured and sane.
The classes have an hierarchy and higher classes override lower classes.
CLEAN <- BAD_HEADER <- SPAM <- UNDECIPHERABLE <- BANNED <- VIRUS
The actions are only chosen by the highest matching class. Thus to be
consistent, the
actions have to get harder and harder.
e.g.:
CLEAN -> PASS
SPAM -> PASS, MARK
UNDECIPHERABLE -> DEFANG, HEADER_MARK, PASS
BANNED -> DEFANG, HEADER_MARK, PASS
VIRUS -> QUARANTINE or BOUNCE
so where does BAD_HEADER fit in that order?
For this example setup, I see two options:
1.) the easiest would be, to swap the hierarchy position of SPAM and
BAD_HEADER,
as IMHO BAD_HEADER is potentially worse (and btw far less frequent) than
SPAM.
2.) make bad_header (and maybe others as well) orthogonal to the other
classes:
first check if the message contains a bad header and defang if
neccessary.
Then for all messages - with bad_header or not - execute the actions
that are
chosen on the traditionall class of an email.
for completeness i state the following list of possible destinies in my
example above:
CLEAN && !BAD_HEADER -> PASS
SPAM && !BAD_HEADER -> HEADER_MARK, PASS
UNDECIPHERABLE && !BAD_HEADER -> DEFANG, HEADER_MARK, PASS
BANNED && !BAD_HEADER -> DEFANG, HEADER_MARK, PASS
VIRUS && !BAD_HEADER -> QUARANTINE
CLEAN && BAD_HEADER -> DEFANG, HEADER_MARK, PASS
SPAM && BAD_HEADER -> DEFANG, HEADER_MARK, PASS
UNDECIPHERABLE && BAD_HEADER -> DEFANG, HEADER_MARK, PASS
BANNED && BAD_HEADER -> DEFANG, HEADER_MARK, PASS
VIRUS && BAD_HEADER -> DEFANG, QUARANTINE
Regards
Matt
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�0944&bid$1720&dat�1642
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
