Clifton, > I am tasked by a client with adding a feature to their spam/AV > scanning system to scan incoming mail for keywords, on a per-domain > basis, so that the domain admin can blacklist certain keywords in mail. > (Possibly whitelist based on keywords, also.) Regardless of the merits > of this suggestion - I don't think it's such a good idea, honestly, but > I can see why their users might think it is - is there a good way to > fit such a scanner into amavisd? > > I could scan the mail using a script written to fit into the AV > scanning interface, but if I don't want it blocked as a virus, I'm not > sure how to force addition of a special header? > > I don't need to make amavisd itself do the blacklisting; I could > intercept and block it at a later phase in processing. I just need to > do the scanning and add a custom header indicating whether it matched > something. It would be convenient to do it under amavisd, because the > mail's there and all decoded into parts anyway... but I'm not sure > where is a good place to wire it in. (As part of this project, I will > be upgrading to the latest amavisd available in FreeBSD ports, BTW.)
One possibility that comes to mind is: add rules to detect keywords to SpamAssassin rules, and associate a near-zero score with them. Then set tag_level at undef which will cause X-Spam-Status header fields to be unconditionally inserted. This header field lists all matching rule names, so your downstream blocker could check for presence of particular rule names in that header field. This will work correctly even for multi-recipient messages with recipients under different realms, as long as the downstream blockers are positioned at a mail delivery stage (after domain spliting by MTA). Such SA rules can be as simple or as complex as required. Could be simple rules like 'mail contains the xxx or yyy tabu word', in which case the downstream blockers filters would need to be more complex; or a rule can be made more complex by using metarules (e.g. 'mail is supposed to be blocked for domain ddd'), in which case downstream filters could be simpler, just looking for a presence of a rule associated with their domain. Mark ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
