Really support python3

suport chgfrom() in TestMilter

.gitignore

@@ -0,0 +1,4 @@
+*.pyc
+build/
+test/*.out
+test/*.tstout

COPYING

@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

CREDITS

@@ -0,0 +1,46 @@
+Jim Niemira (urmane@urmane.org) wrote the original C module and some quick
+and dirty python to use it.  Stuart D. Gathman (stuart@gathman.org) took that
+kludge and added threading and context objects to it, wrote a proper OO
+wrapper (Milter.py) that handles attachments, did lots of testing, packaged
+it with distutils, and generally transformed it from a quick hack to a
+real, usable Python extension.
+
+Other contributors (in random order):
+
+Daniel Troeder
+  for pointing out a typo in @noreply
+arkanes@irc.freenode.net
+  for suggesting a class method to compute and cache protocol masks
+habnabit@habnabit.org
+  for suggesting function attributes and decorators for protocol negotiation
+Dwayne Litzenberger, B.A.Sc.
+  for library_dirs patch to compile on Debian 
+Dave MacQuigg 
+  for noticing that smfi_insheader wasn't supported, and creating
+  a template to help first time pymilter users create their own milter.
+Terence Way
+  for providing a Python port of SPF
+Scott Kitterman
+  for doing lots of testing and debugging of SPF against draft standard,
+  and for putting up a web page that validates SPF records using spf.py
+Alexander Kourakos
+  for plugging several memory leaks
+George Graf at Vienna University of Economics and Business Administration
+  for handling None passed to setreply and chgheader.
+Deron Meranda
+  for IPv6 patches
+Jason Erikson
+  for handling NULL hostaddr in connect callback.
+John Draper
+  for porting Python milter to OpenBSD, and starting to work on tutorials
+  then pointing out that it would be easier to just write the MTA in Python.
+Eric S. Johansson
+  for helpful design discussions while working on camram
+Alex Savguira
+  for finding bugs with international headers and
+  suggesting the scan_zip option.
+Business Management Systems - http://www.bmsi.com
+  for hosting the website, and providing paying clients who need milter service
+  so I can work on it as part of my day job.
+
+If I have left anybody out, send me a reminder: stuart@gathman.org

ChangeLog

@@ -0,0 +1,214 @@
+# Revision 1.69  2006/11/04 22:09:39  customdesigned
+# Another lame DSN heuristic.  Block PTR cache poisoning attack.
+#
+# Revision 1.68  2006/10/04 03:46:01  customdesigned
+# Fix defaults.
+#
+# Revision 1.67  2006/10/01 01:44:06  customdesigned
+# case_sensitive_localpart option, more delayed bounce heuristics,
+# optional smart_alias section.
+#
+# Revision 1.66  2006/07/26 16:42:26  customdesigned
+# Support CBV timeout
+#
+# Revision 1.65  2006/06/21 22:22:00  customdesigned
+# Handle multi-line headers in delayed dsns.
+#
+# Revision 1.64  2006/06/21 21:12:04  customdesigned
+# More delayed reject token headers.
+# Don't require HELO pass for CBV.
+#
+# Revision 1.63  2006/05/21 03:41:44  customdesigned
+# Fail dsn
+#
+# Revision 1.61  2006/05/17 21:28:07  customdesigned
+# Create GOSSiP record only when connection will procede to DATA.
+#
+# Revision 1.60  2006/05/12 16:14:48  customdesigned
+# Don't require SPF pass for white/black listing mail from trusted relay.
+# Support localpart wildcard for white and black lists.
+#
+# Revision 1.59  2006/04/06 18:14:17  customdesigned
+# Check whitelist/blacklist even when not checking SPF (e.g. trusted relay).
+#
+# Revision 1.58  2006/03/10 20:52:49  customdesigned
+# Use re to recognize failure DSNs.
+#
+# Revision 1.57  2006/03/07 20:50:54  customdesigned
+# Use signed Message-ID in delayed reject to blacklist senders
+#
+# Revision 1.56  2006/02/24 02:12:54  customdesigned
+# Properly report hard PermError (lax mode fails also) by always setting
+# perm_error attribute with PermError exception.  Improve reporting of
+# invalid domain PermError.
+#
+# Revision 1.55  2006/02/17 05:04:29  customdesigned
+# Use SRS sign domain list.
+# Accept but do not use for training whitelisted senders without SPF pass.
+# Immediate rejection of unsigned bounces.
+#
+# Revision 1.54  2006/02/16 02:16:36  customdesigned
+# User specific SPF receiver policy.
+#
+# Revision 1.53  2006/02/12 04:15:01  customdesigned
+# Remove spf dependency for iniplist
+#
+# Revision 1.52  2006/02/12 02:12:08  customdesigned
+# Use CIDR notation for internal connect list.
+#
+# Revision 1.51  2006/02/12 01:13:58  customdesigned
+# Don't check rcpt user list when signed MFROM.
+#
+# Revision 1.50  2006/02/09 20:39:43  customdesigned
+# Use CIDR notation for trusted_relay iplist
+#
+# Revision 1.49  2006/01/30 23:14:48  customdesigned
+# put back eom condition
+#
+# Revision 1.48  2006/01/12 20:31:24  customdesigned
+# Accelerate training via whitelist and blacklist.
+#
+# Revision 1.47  2005/12/29 04:49:10  customdesigned
+# Do not auto-whitelist autoreplys
+#
+# Revision 1.46  2005/12/28 20:17:29  customdesigned
+# Expire and renew AddrCache entries
+#
+# Revision 1.45  2005/12/23 22:34:46  customdesigned
+# Put guessed result in separate header.
+#
+# Revision 1.44  2005/12/23 21:47:07  customdesigned
+# Move Received-SPF header to top.
+#
+# Revision 1.43  2005/12/09 16:54:01  customdesigned
+# Select neutral DSN template for best_guess
+#
+# Revision 1.42  2005/12/01 22:42:32  customdesigned
+# improve gossip support.
+# Initialize srs_domain from srs.srs config property.  Should probably
+# always block unsigned DSN when signing all.
+#
+# Revision 1.41  2005/12/01 18:59:25  customdesigned
+# Fix neutral policy.  pobox.com -> openspf.org
+#
+# Revision 1.40  2005/11/07 21:22:35  customdesigned
+# GOSSiP support, local database only.
+#
+# Revision 1.39  2005/10/31 00:04:58  customdesigned
+# Simple implementation of trusted_forwarder list.  Inefficient for
+# more than 1 or 2 entries.
+#
+# Revision 1.38  2005/10/28 19:36:54  customdesigned
+# Don't check internal_domains for trusted_relay.
+#
+# Revision 1.37  2005/10/28 09:30:49  customdesigned
+# Do not send quarantine DSN when sender is DSN.
+#
+# Revision 1.36  2005/10/23 16:01:29  customdesigned
+# Consider MAIL FROM a match for supply_sender when a subdomain of From or Sender
+#
+# Revision 1.35  2005/10/20 18:47:27  customdesigned
+# Configure auto_whitelist senders.
+#
+# Revision 1.34  2005/10/19 21:07:49  customdesigned
+# access.db stores keys in lower case
+#
+# Revision 1.33  2005/10/19 19:37:50  customdesigned
+# Train screener on whitelisted messages.
+#
+# Revision 1.32  2005/10/14 16:17:31  customdesigned
+# Auto whitelist refinements.
+#
+# Revision 1.31  2005/10/14 01:14:08  customdesigned
+# Auto whitelist feature.
+#
+# Revision 1.30  2005/10/12 16:36:30  customdesigned
+# Release 0.8.3
+#
+# Revision 1.29  2005/10/11 22:50:07  customdesigned
+# Always check HELO except for SPF pass, temperror.
+#
+# Revision 1.28  2005/10/10 23:50:20  customdesigned
+# Use logging module to make logging threadsafe (avoid splitting log lines)
+#
+# Revision 1.27  2005/10/10 20:15:33  customdesigned
+# Configure SPF policy via sendmail access file.
+#
+# Revision 1.26  2005/10/07 03:23:40  customdesigned
+# Banned users option.  Experimental feature to supply Sender when
+# missing and MFROM domain doesn't match From.  Log cipher bits for
+# SMTP AUTH.  Sketch access file feature.
+#
+# Revision 1.25  2005/09/08 03:55:08  customdesigned
+# Handle perverse MFROM quoting.
+#
+# Revision 1.24  2005/08/18 03:36:54  customdesigned
+# Don't innoculate with SCREENED mail.
+#
+# Revision 1.23  2005/08/17 19:35:27  customdesigned
+# Send DSN before adding message to quarantine.
+#
+# Revision 1.22  2005/08/11 22:17:58  customdesigned
+# Consider SMTP AUTH connections internal.
+#
+# Revision 1.21  2005/08/04 21:21:31  customdesigned
+# Treat fail like softfail for selected (braindead) domains.
+# Treat mail according to extended processing results, but
+# report any PermError that would officially result via DSN.
+#
+# Revision 1.20  2005/08/02 18:04:35  customdesigned
+# Keep screened honeypot mail, but optionally discard honeypot only mail.
+#
+# Revision 1.19  2005/07/20 03:30:04  customdesigned
+# Check pydspam version for honeypot, include latest pyspf changes.
+#
+# Revision 1.18  2005/07/17 01:25:44  customdesigned
+# Log as well as use extended result for best guess.
+#
+# Revision 1.17  2005/07/15 20:25:36  customdesigned
+# Use extended results processing for best_guess.
+#
+# Revision 1.16  2005/07/14 03:23:33  customdesigned
+# Make SES package optional.  Initial honeypot support.
+#
+# Revision 1.15  2005/07/06 04:05:40  customdesigned
+# Initial SES integration.
+#
+# Revision 1.14  2005/07/02 23:27:31  customdesigned
+# Don't match hostnames for internal connects.
+#
+# Revision 1.13  2005/07/01 16:30:24  customdesigned
+# Always log trusted Received and Received-SPF headers.
+#
+# Revision 1.12  2005/06/20 22:35:35  customdesigned
+# Setreply for rejectvirus.
+#
+# Revision 1.11  2005/06/17 02:07:20  customdesigned
+# Release 0.8.1
+#
+# Revision 1.10  2005/06/16 18:35:51  customdesigned
+# Ignore HeaderParseError decoding header
+#
+# Revision 1.9  2005/06/14 21:55:29  customdesigned
+# Check internal_domains for outgoing mail.
+#
+# Revision 1.8  2005/06/06 18:24:59  customdesigned
+# Properly log exceptions from pydspam
+#
+# Revision 1.7  2005/06/04 19:41:16  customdesigned
+# Fix bugs from testing RPM
+#
+# Revision 1.6  2005/06/03 04:57:05  customdesigned
+# Organize config reader by section.  Create defang section.
+#
+# Revision 1.5  2005/06/02 15:00:17  customdesigned
+# Configure banned extensions.  Scan zipfile option with test case.
+#
+# Revision 1.4  2005/06/02 04:18:55  customdesigned
+# Update copyright notices after reading article on /.
+#
+# Revision 1.3  2005/06/02 02:09:00  customdesigned
+# Record timestamp in send_dsn.log
+#
+# Revision 1.2  2005/06/02 01:00:36  customdesigned
+# Support configurable templates for DSNs.

MANIFEST.in

@@ -0,0 +1,18 @@
+include COPYING
+include TODO
+include NEWS
+include CREDITS
+include README
+include ChangeLog
+include MANIFEST.in
+include testsample.py
+include testmime.py
+include testutils.py
+include test.py
+include sample.py
+include sgmllib.py
+include milter-template.py
+include test/*
+include Milter/*.py
+include *.spec
+include start.sh

Milter/__init__.py

@@ -8,12 +8,17 @@
 # Copyright 2001,2009 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 
-__version__ = '0.9.8'
+from __future__ import print_function
+__version__ = '1.0.1'
 
 import os
 import re
 import milter
+try:
   import thread
+except:
+  # libmilter uses posix threads
+  import _thread as thread
 
 from milter import *
 from functools import wraps
@@ -21,12 +26,6 @@ from functools import wraps
 _seq_lock = thread.allocate_lock()
 _seq = 0
 
-## @fn set_flags(flags)
-# @brief Enable optional %milter actions.
-# Certain %milter actions need to be enabled before calling milter.runmilter()
-# or they throw an exception. 
-# @param flags Bit ored mask of optional actions to enable
-
 def uniqueID():
   """Return a unique sequence number (incremented on each call).
   """
@@ -107,7 +106,7 @@ def rejected_recipients(klass):
   return enable_protocols(klass,P_RCPT_REJ)
 
 ## Milter leading space on headers. A class decorator that calls
-# enable_protocols() with the P_HEAD_LEADSPC flag.  By default,
+# enable_protocols() with the P_HDR_LEADSPC flag.  By default,
 # header continuation lines are collected and joined before getting
 # sent to a milter.  Headers modified or added by the milter are
 # folded by the MTA as necessary according to its own standards.
@@ -125,7 +124,7 @@ def rejected_recipients(klass):
 # @param klass the %milter application class to modify
 # @return the modified %milter class
 def header_leading_space(klass):
-  return enable_protocols(klass,P_HEAD_LEADSPC)
+  return enable_protocols(klass,P_HDR_LEADSPC)
 
 ## Function decorator to disable callback methods.
 # If the MTA supports it, tells the MTA not to invoke this callback,
@@ -263,7 +262,7 @@ class Base(object):
   ## Defined by subclasses to write log messages.
   def log(self,*msg): pass
   ## Called for each connection to the MTA.  Called by the
-  # <a href="https://www.milter.org/developers/api/xxfi_connect">
+  # <a href="milter_api/xxfi_connect.html">
   # xxfi_connect</a> callback.  
   # The <code>hostname</code> provided by the local MTA is either
   # the PTR name or the IP in the form "[1.2.3.4]" if no PTR is available.
@@ -300,7 +299,7 @@ class Base(object):
   @nocallback
   def hello(self,hostname): return CONTINUE
   ## Called when the SMTP client says MAIL FROM. Called by the
-  # <a href="https://www.milter.org/developers/api/xxfi_envfrom">
+  # <a href="milter_api/xxfi_envfrom.html">
   # xxfi_envfrom</a> callback.  
   # Returning REJECT rejects the message, but not the connection.
   # The sender is the "envelope" from as defined by
@@ -311,7 +310,7 @@ class Base(object):
   @nocallback
   def envfrom(self,f,*str): return CONTINUE
   ## Called when the SMTP client says RCPT TO. Called by the
-  # <a href="https://www.milter.org/developers/api/xxfi_envrcpt">
+  # <a href="milter_api/xxfi_envrcpt.html">
   # xxfi_envrcpt</a> callback.
   # Returning REJECT rejects the current recipient, not the entire message.
   # The recipient is the "envelope" recipient as defined by 
@@ -371,13 +370,13 @@ class Base(object):
       for func,(nr,nc) in OPTIONAL_CALLBACKS.items():
         func = getattr(klass,func)
         ca = getattr(func,'milter_protocol',0)
-        #print func,hex(nr),hex(nc),hex(ca)
+        #print(func,hex(nr),hex(nc),hex(ca))
         p |= (nr|nc) & ~ca
       klass._protocol_mask = p
       return p
     
   ## Negotiate milter protocol options.  Called by the
-  # <a href="https://www.milter.org/developers/api/xxfi_negotiate">
+  # <a href="milter_api/xxfi_negotiate.html">
   # xffi_negotiate</a> callback.  This is an advanced callback,
   # do not override unless you know what you are doing.  Most
   # negotiation can be done simply by using the supplied 
@@ -408,7 +407,7 @@ class Base(object):
   ## Return the value of an MTA macro.  Sendmail macro names
   # are either single chars (e.g. "j") or multiple chars enclosed
   # in braces (e.g. "{auth_type}").  Macro names are MTA dependent.
-  # See <a href="https://www.milter.org/developers/api/smfi_getsymval">
+  # See <a href="milter_api/smfi_getsymval.html">
   # smfi_getsymval</a> for default sendmail macros.
   # @param sym the macro name
   def getsymval(self,sym):
@@ -422,7 +421,7 @@ class Base(object):
   # head scratching.  What will <i>really</i> irritate you, however,
   # is that if you carefully double any '%%', your message will be
   # sent - but with the '%%' still doubled!
-  # See <a href="https://www.milter.org/developers/api/smfi_setreply">
+  # See <a href="milter_api/smfi_setreply.html">
   # smfi_setreply</a> for more information.
   # @param rcode The three-digit (RFC 821/2821) SMTP reply code as a string. 
   # rcode cannot be None, and <b>must be a valid 4XX or 5XX reply code</b>.
@@ -465,7 +464,7 @@ class Base(object):
   # Milter methods which can only be called from eom callback.
 
   ## Add a mail header field.
-  # Calls <a href="https://www.milter.org/developers/api/smfi_addheader">
+  # Calls <a href="milter_api/smfi_addheader.html">
   # smfi_addheader</a>.  
   # The <code>Milter.ADDHDRS</code> action flag must be set.
   #
@@ -479,7 +478,7 @@ class Base(object):
     return self._ctx.addheader(field,value,idx)
 
   ## Change the value of a mail header field.
-  # Calls <a href="https://www.milter.org/developers/api/smfi_chgheader">
+  # Calls <a href="milter_api/smfi_chgheader.html">
   # smfi_chgheader</a>.  
   # The <code>Milter.CHGHDRS</code> action flag must be set.
   #
@@ -493,7 +492,7 @@ class Base(object):
     return self._ctx.chgheader(field,idx,value)
 
   ## Add a recipient to the message.  
-  # Calls <a href="https://www.milter.org/developers/api/smfi_addrcpt">
+  # Calls <a href="milter_api/smfi_addrcpt.html">
   # smfi_addrcpt</a>.  
   # If no corresponding mail header is added, this is like a Bcc.
   # The syntax of the recipient is the same as used in the SMTP
@@ -513,7 +512,7 @@ class Base(object):
         raise DisabledAction("ADDRCPT_PAR")
     return self._ctx.addrcpt(rcpt,params)
   ## Delete a recipient from the message.
-  # Calls <a href="https://www.milter.org/developers/api/smfi_delrcpt">
+  # Calls <a href="milter_api/smfi_delrcpt.html">
   # smfi_delrcpt</a>.  
   # The recipient should match one passed to the envrcpt callback.
   # The <code>Milter.DELRCPT</code> action flag must be set.
@@ -526,7 +525,7 @@ class Base(object):
     return self._ctx.delrcpt(rcpt)
 
   ## Replace the message body.
-  # Calls <a href="https://www.milter.org/developers/api/smfi_replacebody">
+  # Calls <a href="milter_api/smfi_replacebody.html">
   # smfi_replacebody</a>.  
   # The entire message body must be replaced.  
   # Call repeatedly with blocks of data until the entire body is transferred.
@@ -540,7 +539,7 @@ class Base(object):
     return self._ctx.replacebody(body)
 
   ## Change the SMTP envelope sender address.
-  # Calls <a href="https://www.milter.org/developers/api/smfi_chgfrom">
+  # Calls <a href="milter_api/smfi_chgfrom.html">
   # smfi_chgfrom</a>.  
   # The syntax of the sender is that same as used in the SMTP
   # MAIL FROM command (and as delivered to the envfrom callback),
@@ -557,7 +556,7 @@ class Base(object):
     return self._ctx.chgfrom(sender,params)
 
   ## Quarantine the message.
-  # Calls <a href="https://www.milter.org/developers/api/smfi_quarantine">
+  # Calls <a href="milter_api/smfi_quarantine.html">
   # smfi_quarantine</a>.  
   # When quarantined, a message goes into the mailq as if to be delivered,
   # but delivery is deferred until the message is unquarantined.
@@ -571,7 +570,7 @@ class Base(object):
     return self._ctx.quarantine(reason)
 
   ## Tell the MTA to wait a bit longer.
-  # Calls <a href="https://www.milter.org/developers/api/smfi_progress">
+  # Calls <a href="milter_api/smfi_progress.html">
   # smfi_progress</a>.  
   # Resets timeouts in the MTA that detect a "hung" milter.
   def progress(self):
@@ -585,9 +584,9 @@ class Milter(Base):
 
   ## Provide simple logging to sys.stdout
   def log(self,*msg):
-    print 'Milter:',
+    print('Milter:',end=None)
-    for i in msg: print i,
+    for i in msg: print(i,end=None)
-    print
+    print()
 
   @noreply
   def connect(self,hostname,family,hostaddr):
@@ -724,28 +723,7 @@ def envcallback(c,args):
 # @param socketname the socket to be passed to milter.setconn()
 # @param timeout the time in secs the MTA should wait for a response before 
 #	considering this %milter dead
-def runmilter(name,socketname,timeout = 0):
+def runmilter(name,socketname,timeout = 0,rmsock=True):
-  # This bit is here on the assumption that you will be starting this filter
-  # before sendmail.  If sendmail is not running and the socket already exists,
-  # libmilter will throw a warning.  If sendmail is running, this is still
-  # safe if there are no messages currently being processed.  It's safer to
-  # shutdown sendmail, kill the filter process, restart the filter, and then
-  # restart sendmail.
-  pos = socketname.find(':')
-  if pos > 1:
-    s = socketname[:pos]
-    fname = socketname[pos+1:]
-  else:
-    s = "unix"
-    fname = socketname
-  if s == "unix" or s == "local":
-    print "Removing %s" % fname
-    try:
-      os.unlink(fname)
-    except os.error, x:
-      import errno
-      if x.errno != errno.ENOENT:
-        raise milter.error(x)
 
   # The default flags set include everything
   # milter.set_flags(milter.ADDHDRS)
@@ -776,6 +754,14 @@ def runmilter(name,socketname,timeout = 0):
         unknown=lambda ctx,cmd: ctx.getpriv().unknown(cmd),
         negotiate=ncb
   )
+
+  # We remove the socket here by default on the assumption that you will be
+  # starting this filter before sendmail.  If sendmail is not running and the
+  # socket already exists, libmilter will throw a warning.  If sendmail is
+  # running, this is still safe if there are no messages currently being
+  # processed.  It's safer to shutdown sendmail, kill the filter process,
+  # restart the filter, and then restart sendmail.
+  milter.opensocket(rmsock)
   start_seq = _seq
   try:
     milter.main()

Milter/cache.py

@@ -46,8 +46,9 @@
 # Copyright 2001,2002,2003,2004,2005 Business Management Systems, Inc.
 # This code is under the GNU General Public License.  See COPYING for details.
 
+from __future__ import print_function
 import time
-from plock import PLock
+from Milter.plock import PLock
 
 class AddrCache(object):
   time_format = '%Y%b%d %H:%M:%S %Z'
@@ -131,8 +132,8 @@ class AddrCache(object):
       if not ts or ts > too_old:
         return res
       del self.cache[lsender]
-      raise KeyError, sender
+      raise KeyError(sender)
-    except KeyError,x:
+    except KeyError as x:
       try:
         user,host = sender.split('@',1)
         return self.__getitem__(host)
@@ -147,7 +148,8 @@ class AddrCache(object):
       if not ts: return		# already permanent
     self.cache[lsender] = (None,res)
     if not res:
-      print >>open(self.fname,'a'),sender
+      with open(self.fname,'a') as fp:
+        print(sender,file=fp)
     
   def __setitem__(self,sender,res):
     lsender = sender.lower()
@@ -155,7 +157,8 @@ class AddrCache(object):
     self.cache[lsender] = (now,res)
     if not res and self.fname:
       s = time.strftime(AddrCache.time_format,time.localtime(now))
-      print >>open(self.fname,'a'),sender,s # log refreshed senders
+      with open(self.fname,'a') as fp:
+        print(sender,s,file=fp) # log refreshed senders
 
   def __len__(self):
     return len(self.cache)

Milter/dns.py

@@ -1,6 +1,7 @@
 ## @package Milter.dns
 # Provide a higher level interface to pydns.
 
+from __future__ import print_function
 import DNS
 from DNS import DNSError
 
@@ -73,6 +74,7 @@ class Session(object):
     if name.endswith('.'): name = name[:-1]
     if not reduce(lambda x,y:x and 0 < len(y) < 64, name.split('.'),True):
         return []   # invalid DNS name (too long or empty)
+    name = name.lower()
     result = self.cache.get( (name, qtype) )
     cname = None
     if result: return result
@@ -96,7 +98,7 @@ class Session(object):
             #return result    # if too many == NX_DOMAIN
             raise DNSError('Length of CNAME chain exceeds %d' % MAX_CNAME)
         cnames[name] = cname
-        if cname in cnames:
+        if cname.lower().rstrip('.') in cnames:
             raise DNSError('CNAME loop')
         result = self.dns(cname, qtype, cnames=cnames)
         if result:
@@ -119,5 +121,5 @@ if __name__ == '__main__':
   import sys
   s = Session()
   for n,t in zip(*[iter(sys.argv[1:])]*2):
-    print n,t
+    print(n,t)
-    print s.dns(n,t)
+    print(s.dns(n,t))

Milter/dsn.py

@@ -69,6 +69,7 @@
 # a DSN or use a null MAIL FROM with an email address obtained from
 # anywhere else.
 #
+from __future__ import print_function
 import smtplib
 import socket
 from email.Message import Message
@@ -230,6 +231,6 @@ Subject: Test
 Test DSN template
 """
   )
-  print msg.as_string()
+  print(msg.as_string())
-  # print send_dsn(f,msg.as_string())
+  # print(send_dsn(f,msg.as_string()))
-  # print send_dsn(q.s,'mail.example.com',msg.as_string())
+  # print(send_dsn(q.s,'mail.example.com',msg.as_string()))

Milter/dynip.py

@@ -9,6 +9,7 @@
 # wiley-268-8196.roadrunner.nf.net at ('205.251.174.46', 4810)
 # cbl-sd-02-79.aster.com.do at ('200.88.62.79', 4153)
 
+from __future__ import print_function
 import re
 
 ip3 = re.compile('[0-9]{1,3}')
@@ -53,11 +54,11 @@ def is_dynip(host,addr):
     if host.find(addr) >= 0: return True
     if addr.find(':') >= 0: return False        # IP6
     a = addr.split('.')
-    ia = map(int,a)
+    ia = list(map(int,a))
     h = host
     m = ip3.findall(host)
     if m:
-      g = map(int,m)[:4]
+      g = list(map(int,m))[:4]
       ia3 = (ia[1:],ia[:3])
       if g[-3:] in ia3: return True
       if g[0] == ia[3] and g[1:3] == ia[:2]: return True
@@ -91,6 +92,6 @@ if __name__ == '__main__':
       if ip in seen: continue
       seen.add(ip)
       if is_dynip(host,ip):
-        print '%s\t%s DYN' % (ip,host)
+        print('%s\t%s DYN' % (ip,host))
       else:
-        print '%s\t%s' % (ip,host)
+        print('%s\t%s' % (ip,host))

Milter/greylist.py

@@ -1,3 +1,4 @@
+from __future__ import print_function
 import time
 import shelve
 import thread
@@ -41,13 +42,24 @@ class Greylist(object):
     self.dbp = shelve.open(dbname,'c',protocol=2)
     self.lock = thread.allocate_lock()
 
+  def export_csv(self,fp,timeinc=0):
+    "Export records to csv."
+    import csv
+    dbp = self.dbp
+    w = csv.writer(fp)
+    now = time.time() + timeinc
+    for key, r in dbp.iteritems():
+      if now > r.lastseen + self.greylist_retain: continue
+      ip,sender,recipient = key.rsplit(':',2)
+      w.writerow([ip,sender,recipient,r.firstseen,r.lastseen,r.cnt,r.umis])
+
   def clean(self,timeinc=0):
     "Delete records past the retention limit."
     now = time.time() + timeinc
     cnt = 0
     dbp = self.dbp
     for key, r in dbp.iteritems():
-      #print key,r,time.ctime(now)
+      #print(key,r,time.ctime(now))
       if now > r.lastseen + self.greylist_retain:
         self.lock.acquire()
         try:
@@ -100,3 +112,10 @@ class Greylist(object):
 
   def close(self):
     self.dbp.close()
+
+if __name__ == '__main__':
+  import sys
+  g = Greylist(sys.argv[1],5,24,36)
+  try:
+    g.export_csv(sys.stdout)
+  finally: g.close()

Milter/greysql.py

@@ -2,7 +2,10 @@ import time
 import logging
 import urllib
 import sqlite3
+try:
   import thread
+except:
+  import _thread as thread
 from datetime import datetime
 
 log = logging.getLogger('milter.greylist')
@@ -25,6 +28,19 @@ class Greylist(object):
         primary key (ip,sender,recipient))''')
     except: pass
 
+  def import_csv(self,fp):
+    import csv
+    rdr = csv.reader(fp)
+    cur = self.conn.execute('begin immediate')
+    try:
+      for r in rdr:
+        cur.execute('''insert into 
+          greylist(ip,sender,recipient,firstseen,lastseen,cnt,umis)
+          values(?,?,?,?,?,?,?)''', r)
+      self.conn.commit()
+    finally:
+      cur.close();
+
   def clean(self,timeinc=0):
     "Delete records past the retention limit."
     now = time.time() + timeinc - self.greylist_retain
@@ -84,3 +100,10 @@ class Greylist(object):
 
   def close(self):
     self.conn.close()
+
+if __name__ == '__main__':
+  import sys
+  g = Greylist(sys.argv[1])
+  try:
+    g.import_csv(sys.stdin)
+  finally: g.close()

Milter/plock.py

@@ -11,7 +11,7 @@ class PLock(object):
     self.basename = basename
     self.fp = None
 
-  def lock(self,lockname=None,mode=0660,strict_perms=False):
+  def lock(self,lockname=None,mode=0o660,strict_perms=False):
     "Start an update transaction.  Return FILE to write new version."
     self.unlock()
     if not lockname:
@@ -21,7 +21,7 @@ class PLock(object):
       st = os.stat(self.basename)
       mode |= st.st_mode
     except OSError: pass
-    u = os.umask(0002)
+    u = os.umask(0o2)
     try:
       fd = os.open(lockname,os.O_WRONLY+os.O_CREAT+os.O_EXCL,mode)
     finally:
@@ -46,7 +46,7 @@ class PLock(object):
   def commit(self,backname=None):
     "Commit update transaction with optional backup file."
     if not self.fp:
-      raise IOError,"File not locked"
+      raise IOError("File not locked")
     self.fp.close()
     self.fp = None
     if backname:

Milter/pyip6.py

@@ -6,6 +6,7 @@ This module is free software, and you may redistribute it and/or modify
 it under the same terms as Python itself, so long as this copyright message
 and disclaimer are retained in their original form.
 """
+from __future__ import print_function
 import struct
 #from spf import RE_IP4 
 import re
@@ -80,11 +81,11 @@ def inet_pton(p):
   (0, 0, 0, 0, 0, 65535, 258, 772)
 
   >>> try: inet_pton('::1.2.3.4.5')
-  ... except ValueError,x: print x
+  ... except ValueError as x: print(x)
   ::1.2.3.4.5
   """
   if p == '::':
-    return '\0'*16
+    return b'\0'*16
   s = p
   m = RE_IP4.search(s)
   try:
@@ -114,4 +115,4 @@ def inet_pton(p):
         return struct.pack('!HHHHHHHH',
 	    *[int(s,16) for s in a[0].split(':')])
   except ValueError: pass
-  raise ValueError,p
+  raise ValueError(p)

Milter/test.py

@@ -1,13 +1,17 @@
 ## @package Milter.test
 # A test framework for milters
 
-import rfc822
+from __future__ import print_function
-import StringIO
+import mime
+try:
+  from io import BytesIO
+except:
+  from StringIO import StringIO as BytesIO
 import Milter
 
 Milter.NOREPLY = Milter.CONTINUE
 
-## Test mixin for unit testing milter applications.
+## Test mixin for unit testing %milter applications.
 # This mixin overrides many Milter.MilterBase methods
 # with stub versions that simply record what was done.
 # @since 0.9.8
@@ -16,6 +20,8 @@ class TestBase(object):
   def __init__(self,logfile='test/milter.log'):
     self._protocol = 0
     self.logfp = open(logfile,"a")
+    ## The MAIL FROM for the current email being fed to the %milter
+    self._sender = None
     ## List of recipients deleted
     self._delrcpt = []
     ## List of recipients added
@@ -24,22 +30,24 @@ class TestBase(object):
     self._macros = { }
     ## The message body.
     self._body = None
-    ## True if the milter replaced the message body.
+    ## True if the %milter replaced the message body.
     self._bodyreplaced = False
-    ## True if the milter changed any headers.
+    ## True if the %milter changed any headers.
     self._headerschanged = False
-    ## Reply codes and messages set by milter
+    ## True if the %milter changed the envelope from.
+    self._envfromchanged = False
+    ## Reply codes and messages set by the %milter
     self._reply = None
-    ## The rfc822 message object for the current email being fed to the milter.
+    ## The rfc822 message object for the current email being fed to the %milter.
     self._msg = None
     self._symlist = [ None, None, None, None, None, None, None ]
 
   def log(self,*msg):
-    for i in msg: print >>self.logfp, i,
+    for i in msg: print(i,file=self.logfp,end=None)
-    print >>self.logfp
+    print(file=self.logfp)
 
   ## Set a macro value.
-  # These are retrieved by the milter with getsymval.
+  # These are retrieved by the %milter with getsymval.
   # @param name the macro name, as passed to getsymval
   # @param val the macro value
   def setsymval(self,name,val):
@@ -54,13 +62,28 @@ class TestBase(object):
       self._body.write(chunk)
       self._bodyreplaced = True
     else:
-      raise IOError,"replacebody not called from eom()"
+      raise IOError("replacebody not called from eom()")
+
+  def chgfrom(self,sender,params=None):
+    if not self._body:
+      raise IOError("chgfrom not called from eom()")
+    self.log('chgfrom: sender=%s' % (sender))
+    self._envfromchanged = True
+    self._sender = sender
+
+  # TODO: write implement quarantine()
+  def quarantine(self,reason):
+    raise NotImplemented
+
+  # TODO: measure time between milter calls
+  def progress(self):
+    pass
 
   # FIXME: rfc822 indexing does not really reflect the way chg/add header
-  # work for a milter
+  # work for a %milter
   def chgheader(self,field,idx,value):
     if not self._body:
-      raise IOError,"chgheader not called from eom()"
+      raise IOError("chgheader not called from eom()")
     self.log('chgheader: %s[%d]=%s' % (field,idx,value))
     if value == '':
       del self._msg[field]
@@ -70,19 +93,19 @@ class TestBase(object):
 
   def addheader(self,field,value,idx=-1):
     if not self._body:
-      raise IOError,"addheader not called from eom()"
+      raise IOError("addheader not called from eom()")
     self.log('addheader: %s=%s' % (field,value))
     self._msg[field] = value
     self._headerschanged = True
 
   def delrcpt(self,rcpt):
     if not self._body:
-      raise IOError,"delrcpt not called from eom()"
+      raise IOError("delrcpt not called from eom()")
     self._delrcpt.append(rcpt)
 
   def addrcpt(self,rcpt):
     if not self._body:
-      raise IOError,"addrcpt not called from eom()"
+      raise IOError("addrcpt not called from eom()")
     self._addrcpt.append(rcpt)
 
   ## Save the reply codes and messages in self._reply.
@@ -103,9 +126,9 @@ class TestBase(object):
       a += m
     self._symlist[stage] = set(a)
 
-  ## Feed a file like object to the milter.  Calls envfrom, envrcpt for
+  ## Feed a file like object to the %milter.  Calls envfrom, envrcpt for
   # each recipient, header for each header field, body for each body 
-  # block, and finally eom.  A return code from the milter other than
+  # block, and finally eom.  A return code from the %milter other than
   # CONTINUE returns immediately with that return code.
   #
   # This is a convenience method, a test could invoke the callbacks
@@ -119,57 +142,42 @@ class TestBase(object):
     self._bodyreplaced = False
     self._headerschanged = False
     self._reply = None
-    msg = rfc822.Message(fp)
+    self._sender = '<%s>'%sender
-    rc = self.envfrom('<%s>'%sender)
+    msg = mime.message_from_file(fp)
+    rc = self.envfrom(self._sender)
     if rc != Milter.CONTINUE: return rc
     for rcpt in (rcpt,) + rcpts:
       rc = self.envrcpt('<%s>'%rcpt)
       if rc != Milter.CONTINUE: return rc
-    line = None
+    for h,val in msg.items():
-    for h in msg.headers:
+      rc = self.header(h,val)
-      if h[:1].isspace():
-        line = line + h
-        continue
-      if not line:
-        line = h
-        continue
-      s = line.split(': ',1)
-      if len(s) > 1: val = s[1].strip()
-      else: val = ''
-      rc = self.header(s[0],val)
-      if rc != Milter.CONTINUE: return rc
-      line = h
-    if line:
-      s = line.split(': ',1)
-      rc = self.header(s[0],s[1])
       if rc != Milter.CONTINUE: return rc
     rc = self.eoh()
     if rc != Milter.CONTINUE: return rc
+    header,body = msg.as_bytes().split(b'\n\n',1)
+    bfp = BytesIO(body)
     while 1:
-      buf = fp.read(8192)
+      buf = bfp.read(8192)
       if len(buf) == 0: break
       rc = self.body(buf)
       if rc != Milter.CONTINUE: return rc
     self._msg = msg
-    self._body = StringIO.StringIO()
+    self._body = BytesIO()
     rc = self.eom()
     if self._bodyreplaced:
       body = self._body.getvalue()
-    else:
+    self._body = BytesIO()
-      msg.rewindbody()
+    self._body.write(header)
-      body = msg.fp.read()
+    self._body.write(b'\n\n')
-    self._body = StringIO.StringIO()
-    self._body.writelines(msg.headers)
-    self._body.write('\n')
     self._body.write(body)
     return rc
 
-  ## Feed an email contained in a file to the milter.
+  ## Feed an email contained in a file to the %milter.
   # This is a convenience method that invokes @link #feedFile feedFile @endlink.
   # @param sender MAIL FROM
   # @param rcpts RCPT TO, multiple recipients may be supplied
   def feedMsg(self,fname,sender="spam@adv.com",*rcpts):
-    with open('test/'+fname,'r') as fp:
+    with open('test/'+fname,'rb') as fp:
       return self.feedFile(fp,sender,*rcpts)
 
   ## Call the connect and helo callbacks.

Milter/utils.py

@@ -5,12 +5,13 @@
 import re
 import struct
 import socket
-import email.Errors
+import email.errors
+from email.header import decode_header
+import email.base64mime
 from fnmatch import fnmatchcase
-from email.Header import decode_header
+from binascii import a2b_base64
-#import email.Utils
-import rfc822
 
+dnsre = re.compile(r'^[a-z][-a-z\d.]+$', re.IGNORECASE)
 PAT_IP4 = r'\.'.join([r'(?:\d|[1-9]\d|1\d\d|2[0-4]\d|25[0-5])']*4)
 ip4re = re.compile(PAT_IP4+'$')
 ip6re = re.compile(                 '(?:%(hex4)s:){6}%(ls32)s$'
@@ -53,8 +54,8 @@ if hasattr(socket,'has_ipv6') and socket.has_ipv6:
 else:
     from pyip6 import inet_ntop, inet_pton
 
-MASK = 0xFFFFFFFFL
+MASK = 0xFFFFFFFF
-MASK6 = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFL
+MASK6 = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
 
 def cidr(i,n,mask=MASK):
   return ~(mask >> n) & mask & i
@@ -67,6 +68,12 @@ def iniplist(ipaddr,iplist):
   True
   >>> iniplist('192.168.0.45',['192.168.0.*'])
   True
+  >>> iniplist('4.2.2.2',['b.resolvers.Level3.net'])
+  True
+  >>> iniplist('2607:f8b0:4004:801::',['google.com/40'])
+  True
+  >>> iniplist('4.2.2.2',['nothing.example.com'])
+  False
   >>> iniplist('2001:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
   True
   >>> iniplist('2G01:610:779:0:223:6cff:fe9a:9cf3',['127.0.0.1','172.20.1.0/24','2001:610:779::/48'])
@@ -75,8 +82,10 @@ def iniplist(ipaddr,iplist):
   ValueError: Invalid ip syntax:2G01:610:779:0:223:6cff:fe9a:9cf3
   """
   if ip4re.match(ipaddr):
+    fam = socket.AF_INET
     ipnum = addr2bin(ipaddr)
   elif ip6re.match(ipaddr):
+    fam = socket.AF_INET6
     ipnum = bin2long6(inet_pton(ipaddr))
   else:
     raise ValueError('Invalid ip syntax:'+ipaddr)
@@ -96,13 +105,21 @@ def iniplist(ipaddr,iplist):
         n = 128
       if cidr(bin2long6(inet_pton(p[0])),n,MASK6) == cidr(ipnum,n,MASK6):
         return True
+    elif dnsre.match(p[0]):
+      try:
+        sfx = '/'.join(['']+p[1:])
+        addrlist = [r[4][0]+sfx for r in socket.getaddrinfo(p[0],25,fam)]
+        if iniplist(ipaddr,addrlist):
+          return True
+      except socket.gaierror: pass
     elif fnmatchcase(ipaddr,pat):
       return True
   return False
 
 ## Split email into Fullname and address.
-# This replaces <code>email.Utils.parseaddr</code> but fixes
+# This replaces <code>email.utils.parseaddr</code> but fixes
 # some <a href="http://bugs.python.org/issue1025395">tricky test cases</a>.
+# Additional tricky cases are still broken.  Patches welcome.
 #
 def parseaddr(t):
   """Split email into Fullname and address.
@@ -116,12 +133,12 @@ def parseaddr(t):
   >>> parseaddr('God@heaven <@hop1.org,@hop2.net:jeff@spec.org>')
   ('God@heaven', 'jeff@spec.org')
   >>> parseaddr('Real Name ((comment)) <addr...@example.com>')
-  ('Real Name', 'addr...@example.com')
+  ('Real Name (comment)', 'addr...@example.com')
   >>> parseaddr('a(WRONG)@b')
   ('WRONG', 'a@b')
   """
-  #return email.Utils.parseaddr(t)
+  #return email.utils.parseaddr(t)
-  res = rfc822.parseaddr(t)
+  res = email.utils.parseaddr(t)
   # dirty fix for some broken cases
   if not res[0]:
     pos = t.find('<')
@@ -130,7 +147,7 @@ def parseaddr(t):
       pos1 = addrspec.rfind(':')
       if pos1 > 0:
         addrspec = addrspec[pos1+1:]
-      return rfc822.parseaddr('"%s" <%s>' % (t[:pos].strip(),addrspec))
+      return email.utils.parseaddr('"%s" <%s>' % (t[:pos].strip(),addrspec))
   if not res[1]:
     pos = t.find('<')
     if pos > 0 and t[-1] == '>':
@@ -138,9 +155,19 @@ def parseaddr(t):
       pos1 = addrspec.rfind(':')
       if pos1 > 0:
         addrspec = addrspec[pos1+1:]
-      return rfc822.parseaddr('%s<%s>' % (t[:pos].strip(),addrspec))
+      return email.utils.parseaddr('%s<%s>' % (t[:pos].strip(),addrspec))
   return res
 
+## Fix email.base64mime.decode to add any missing padding
+def decode(s, convert_eols=None):
+  if not s: return s
+  while len(s) % 4: s += '='	# add missing padding
+  dec = a2b_base64(s)
+  if convert_eols:
+      return dec.replace(CRLF, convert_eols)
+  return dec
+    
+email.base64mime.decode = decode
 
 def parse_addr(t):
   """Split email into user,domain.
@@ -185,18 +212,18 @@ def parse_header(val):
     for s,enc in h:
       if enc:
         try:
-          u.append(unicode(s,enc,'replace'))
+          u.append(s.decode(enc,'replace'))
         except LookupError:
-          u.append(unicode(s))
+          u.append(s.decode())
       else:
-        u.append(unicode(s))
+        u.append(s.decode())
-    u = ''.join(u)
+    u = u''.join(u)
-    for enc in ('us-ascii','iso-8859-1','utf8'):
+    for enc in ('us-ascii','iso-8859-1','utf-8'):
       try:
         return u.encode(enc)
       except UnicodeError: continue
   except UnicodeDecodeError: pass
   except LookupError: pass
   except ValueError: pass
-  except email.Errors.HeaderParseError: pass
+  except email.errors.HeaderParseError: pass
   return val

NEWS

@@ -0,0 +1,225 @@
+See pymilter.spec for recent history.
+
+Here is a history of older changes to Python milter.
+0.8.8	move AddrCache, parse_addr, iniplist, parse_header to Milter package
+	fix plock for missing source and can't change owner/group
+	add sample spfmilter.py milter
+	private_relay config option
+0.8.7	Move spf module to pyspf
+	Prevent PTR cache poisoning
+	More lame bounce heuristics
+	Do plain CBV when template is missing
+0.8.6	Support CBV timeout
+	Support fail template, headers in templates
+	Create GOSSiP record only when connection will procede to DATA.
+	More SPF lax heuristics
+	Don't require SPF pass for white/black listing mail from trusted relay.
+	Support localpart wildcard for white and black lists.
+	Delay reject of unsigned RCPT for postmaster and abuse only
+	Fix dsn reporting of hard permerror
+	Resolve FIXME for wrap_close in miltermodule.c
+	Add Message-ID to DSNs
+	Use signed Message-ID in delayed reject to blacklist senders
+	Auto-train via blacklist and auto-whitelist
+	Don't check userlist for signed MFROM
+	Accept but skip DSPAM training for whitelisted senders without SPF PASS
+	Report GC stats 
+	Support CIDR matching for IP lists
+	Support pysrs sign feature
+	Support localpart specific SPF policy in access file
+0.8.5	Simple trusted_forwarder implementation.
+	Fix access_file neutral policy
+	Move Received-SPF header to beginning of headers
+	Supply keyword info for all results in Received-SPF header.
+	Move guessed SPF result to separate header
+	Activate smfi_insheader only when SMFIR_INSHEADER defined
+	Handle NULL MX in spf.py
+	in-process GOSSiP server support (to be extended later)
+	Expire CBV cache and renew auto-whitelist entries
+0.8.4	Auto-whitelist recipients of outgoing email.
+	Fix SPF policy via sendmail access map (case insensitive keys).
+	Train screener on whitelisted messages
+	Optional idx parameter to addheader to invoke smfi_insheader
+	Activate progress API when SMFIR_PROGRESS defined
+0.8.3   Keep screened honeypot mail, but optionally discard honeypot only mail.
+	spf_accept_fail option for braindead SPF senders 
+	  (treats fail like softfail)
+	Option to set SPF policy via sendmail access map.
+	Option to supply Sender header from MAIL FROM when missing.
+	Consider SMTP AUTH connections internal.
+	Send DSN for SPF errors corrected by extended processing.
+	Send DSN before SCREENED mail is quarantined
+	Use logging package to keep log lines atomic.
+0.8.2	Strict processing limits per SPF RFC
+	Fixed several parsing bugs under RFC 
+	Support official IANA SPF record (type99)
+	Honeypot support (requires pydspam-1.1.9)
+	Extended SPF processing results beyond strict RFC limits
+	Support original SES for bounce protection (requires pysrs-0.30.10)
+	Callback exception processing option in milter module
+	Handle corrupt ZIP attachments
+0.8.1	Fix zip in zip loop in mime.py
+	Fix HeaderParseError in bms.py header callback
+	Check internal_domains for outgoing mail
+	Fix inconsistent results from send_dsn
+0.8.0	Move Milter module to subpackage.
+	DSN support for Three strikes rule and SPF SOFTFAIL
+	Move /*mime*/ and dynip to Milter subpackage
+	Fix SPF unknown mechanism list not cleared
+	Make banned extensions configurable.
+	Option to scan zipfiles for bad extensions.
+	Properly log pydspam exceptions
+0.7.3	Experimental release with python2.4 support
+0.7.2	Return unknown for invalid ip address in mechanism
+	Recognize dynamic PTR names, and don't count them as authentication.
+	Three strikes and yer out rule.
+	Block softfail by default when no PTR or HELO
+	Return unknown for null mechanism
+	Try best guess on HELO also
+	Expand setreply for common errors
+	make rhsbl.m4 hack available for sendmail.mc
+0.7.1	Handle modifying mislabeled multipart messages without an exception
+	Support setbacklog, setmlreply
+	Allow multi-recipient CBV
+	Return TEMPFAIL for SPF softfail
+0.7.0	SPF check hello name
+	Move pythonsock to /var/run/milter
+	Move milter.cfg to /etc/mail/pymilter.cfg
+	Check M$ style XML CID records by converting to SPF
+	Recognize, but never match ip6 - until we properly support it.
+	Option to reject when no PTR and no SPF
+0.6.9	Reject invalid SRS immediately for benefit of callback verifiers
+	Fix include bug in spf.py
+	Fix check_header bug
+	Fix setup.py to work with python < 2.2.3, thanks to Eric S. Johansson
+	Test driver for SPF test suite.  Fix bugs and add features to
+	pass most of test suite.
+	Use best_guess() and get_header() in bms.py for SPF support
+0.6.8	Defang message/rfc822 content_type with boundary 
+	Support SPF delegation
+	Reject neutral SPF result for selected domains
+	Support SPF default (best_guess)
+	Don't report "spoofed" unless rcpt looks like SRS
+	Check for bounce with multiple rcpts
+	Make dspam see Received-SPF headers
+	Fix sysv init for Redhat 9 and other single ps line per process systems
+0.6.7	Fix failure to remove explicit unix socket thanks to Alexander again.
+	Support SRS forgery detection.
+	Detect thread resource starvation in Milter.py.
+	Decode obfuscated subject headers.
+0.6.6	Another memory leak plugged by Alexander Kourakos.
+	Support SPF checking:  http://spf.pobox.com
+	Hello blacklist
+	RPM compiled for python2.3 and sendmail-8.12
+0.6.5	Plug memory leak in wrap_connect thanks to Alexander Kourakos.
+	Support progress notification.
+	Log Received header for trusted relay.
+	Support wildcard user for smart alias.
+0.6.4	Exempt entire domains.
+	Tweak SMTP error codes reported.
+	Suppress traceback for Dspam lock timeouts.
+	Dspam internal mail for dspam users.
+	Match hostname for internal connection test, even if no ipaddr.
+	Fix for not saving defang of false positive triggered rejecting it
+	as a virus from self.
+	Size limit for dspam to work around dspam-2.6.5.2 bug.
+	(dspam-2.8 still showstopper buggy for libdspam API.)
+	Whitelist for dspam.
+	Reject list for dspam (REJECT rather than quarantine SCREENed
+	spam for listed domains).
+	Report dspam header changes to sendmail, fix headerChange
+	to handle deleting absent header.
+	dspam feature requires pydspam-1.1.5
+0.6.3	dspam screening (with pydspam-1.1.4)
+	Don't write "defang" file for false positive feedback
+0.6.2	Work around email package bug in get_filename().
+	add dspam_exempt list to milter.cfg
+	REJECT messages with missing MIME boundaries (almost always spam)
+	DISCARD messages which any dspam user flags as spam 
+	start.sh was calling python instead of python2 on Linux
+0.6.1	Work with python-2.2.3
+	Integrate full dspam application
+0.6.0	Use email package in python-2.2.2
+0.5.6	Include dspam interface for Bayesian filtering
+0.5.5	Allow passing None to setreply and chgheader thanks to George Graf.
+	Experimental IPv6 support thanks to Deron Meranda.
+	Allow removing callbacks by passing None to set_XXX_callback.
+	Recognize internal connections in bms.py.
+	Give users a clue when rejecting banned subjects.
+0.5.4	Wiretap redirection feature, smart alias feature, QUARANTINE support
+0.5.3	Tweak to run under 2.2 in production
+0.5.2	Fix and add to unit test another parsing failure.
+0.5.1	Properly handle modifications to rfc822 attachments.
+	Handle encoded rfc822 attachments.
+0.5.0	Use config file so users don't have to keep syncing the
+	bms.py script.  Keep bms.py marked as %config for a while
+	to avoid wiping out their customizations just yet.
+0.4.5	Work with sgmlop package to speed up HTML parsing.
+	Reduce various local hacks to config variables.
+0.4.4	Bug fixes for HTML encoding.
+0.4.3	Handle quoted-printable HTML attachments.  Remove entire
+	attachment when HTML can't be parsed.
+0.4.2	Parse HTML attachments to remove <script ...>...</script>.
+        Klez virus uses malformed MIME part separators to prevent
+	the multifile module and other virus scanners from seeing its
+	HTML attachment (which contains Javascript and VBScript).  Outhouse
+	happily accepts and executes the malformed attachments, but
+	we still kill the Klez virus because we:
+	Defang attachment when any Content-Type attribute ends with
+	a banned extension  - one of the Outhouse bugs exploited by the
+	Klez virus.  Outhouse really, really stinks . . .
+0.4.1	Bug fix from Jason Erikson for NULL hostaddr in connect callback.
+0.4.0	New check_attachments(msg,check) function in mime module allows
+	filtering based on attachment contents.  Distribution now includes
+	bms.py, an example milter used in production - including use of the
+	new check_attachments(msg,check) API.
+	Report hostname in WARNING.TXT.
+	More parameter list bug fixes.
+
+0.3.10	Parse quotes in parameter lists to handle embedded ';'.
+	Move test data to subdirectory, write non-junit output to
+	log file in test subdirectory.
+0.3.9	Handle non-multipart messages with executable content in sample.py,
+	add more extensions to banned list.
+0.3.8	Handle malformed Content-Type in mime.py.  Test viruses have
+	been deactivated by deleting most of the viral code.
+0.3.7	Put back hint on running sample.py.  Add .bat as banned extension.
+	More sample spam filtering logic.
+0.3.6	Ran through pychecker-0.8.5.  Most systems will name the sendmail
+	user library (used by the milter extension module) 'libsm', but AIX
+	still needs to call it 'libsmutil' because there is a system library
+	called 'libsm'.
+0.3.5	Enhanced logging.  Fix bug in sample milter where headers were
+	included in body when removing a virus.
+0.3.4	Tested distribution on RH6.2 and updated sample.py and docs.
+	Tested with gcc-2.95.2, python-2.1.1, sendmail-8.11.6-2.6.x
+	The RH6.2 spec file to enable libmilter for sendmail-8.11.6
+	can be obtained from http://www.bmsi.com/linux/sendmail-rhmilter.spec
+	The SRPM can be obtained from http://www.redhat.com
+
+0.3.3	Remove reference to sa_len - not supported by linux.
+
+0.3.2	Rename and add more hints to the sample milter.
+
+0.3.1	Pass a more useful hostaddr to the connect callback.
+
+0.3	Interface now uses a milterContext extension object instead of
+an index.  A PyThreadContext is now created for each milterContext so that
+"simultaneously" processing multiple messages at once (as often happens
+on a busy server) actually works.
+
+	Many milter methods are now object methods of the milterContext
+extension object.  No compatibility API is provided for this change due
+to the limited user base at this stage.  The setname method has been removed,
+and the name is now passed to register.
+
+	A simple class to provide an OO wrapper to the milter API is
+provided.
+
+	A simple class to parse multipart mime messages into parts and replace
+selected parts is provided.  The sample filter will eventually use the mimelib
+package instead,  but mimelib currently requires reading the entire message
+into memory.
+
+	A sample filter that replaces attachments with naughty extensions
+with a warning message is provided.

README

@@ -0,0 +1,176 @@
+Abstract
+--------
+
+This is a python extension module to enable python scripts to attach to
+Sendmail's libmilter API, enabling filtering of messages as they arrive.
+Since it's a script, you can do anything you want to the message - screen
+out viruses, collect statistics, add or modify headers, etc.  You can, at
+any point, tell Sendmail to reject, discard, or accept the message.
+
+
+Requirements
+------------
+
+Python milter extension: http://https://pypi.python.org/pypi/pymilter/
+Python: http://www.python.org
+Sendmail: http://www.sendmail.org
+
+NB: From Sendmail's libmilter/README:
+
+libmilter requires pthread support in the operating system.  Moreover, it
+requires that the library functions it uses are thread safe; which is true
+for the operating systems libmilter has been developed and tested on.  On
+some operating systems this requires special compile time options (e.g.,
+not just -pthread).  libmilter is currently known to work on (modulo problems
+in the pthread support of some specific versions):
+
+FreeBSD 3.x, 4.x
+SunOS 5.x (x >= 5)
+AIX 4.3.x
+HP UX 11.x
+Linux (recent versions/distributions)
+
+libmilter is currently not supported on:
+
+IRIX 6.x
+Ultrix
+
+Quick Installation
+------------------
+
+1. Build and install Sendmail, enabling libmilter (see libmilter/README).
+2. Build and install Python, enabling threading.
+3. Install this module: python setup.py --help
+4. Add these two lines to sendmail.cf[*]:
+
+O InputMailFilters=pythonfilter
+Xpythonfilter,        S=local:/home/username/pythonsock
+
+5. Run the sample.py example milter with: python sample.py
+Note that milters should almost certainly not run as root.
+
+That's it.  Incoming mail will cause the milter to print some things, and
+some email will be rejected (see the "header" method).  Edit and play.  
+See spfmilter.py for a functional SPF milter, or see bms.py for an complex
+milter used in production.
+
+[*] This is for a quick test.  Your sendmail.cf in most distros will get
+overwritten whenever sendmail.mc is updated.  To make a milter permanent,
+add something like:
+
+INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock, F=T, T=C:5m;S:20s;R:5m;E:5m')
+
+to sendmail.mc instead.
+
+Not-so-quick Installation
+-------------------------
+
+First install Sendmail.  Make sure you read libmilter/README in the Sendmail
+source directory, and make sure you enable libmilter before you build.  The
+8.11 series had libmilter marked as FFR (For Future Release); 8.12
+officially supports libmilter, but it's still not built by default.
+
+Install Python, and enable threading in Modules/Setup.
+
+Install this miltermodule package; DistUtils Automatic Installation:
+
+$ python setup.py --help
+
+For versions of python prior to 2.0, you will need to download distutils
+separately or build manually.  You will need to download unittest
+separately to run the test programs.  The bdist_rpm distutils option seems
+not to work for python 2.0; upgrade to at least 2.1.1.
+
+Now that everything is installed, we need to tell sendmail that we're going
+to filter incoming email.  Add lines similar to the following to
+sendmail.cf:
+
+O InputMailFilters=pythonfilter
+Xpythonfilter,        S=local:/home/username/pythonsock
+
+The "O" line tells sendmail which filters to use in what order; here we're
+telling sendmail to use the filter named "pythonfilter".
+
+The next line, the "X" line (for "eXternal"), lists that filter along with
+some options associated with it.  In this case, we have the "S" option, which
+names the socket that sendmail will use to communicate with this particular
+milter.  This milter's socket is a unix-domain socket in the filesystem.
+See libmilter/README for the definitive list of options.
+
+NB: The name is specified in two places: here, in sendmail's cf file, and
+in the milter itself.  Make sure the two match.
+
+NB: The above lines can be added in your .mc file with this line:
+
+INPUT_MAIL_FILTER(`pythonfilter', `S=local:/home/username/pythonsock')
+
+For versions of sendmail prior to 8.12, you will need to enable
+_FFR_MILTER for the cf macros.  For example,
+
+m4 -D_FFR_MILTER ../m4/cf.m4 myconfig.mc > myconfig.cf
+
+IPv6 Notes
+----------
+
+The IPv6 protocol is supported if your operation system supports it
+and if sendmail was compiled with IPv6 support.  To determine if your
+sendmail supports IPv6, run "sendmail -d0" and check for the NETINET6
+compilation option.  To compile sendmail with IPv6 support, add this
+declaration to your site.config.m4 before building it:
+
+APPENDDEF(`confENVDEF', `-DNETINET6=1')
+
+IPv6 support can show up in two places; the communications socket
+between the milter and sendmail processes and in the host address
+argument to the connect() callback method.
+
+For sendmail to be able to accept IPv6 SMTP sessions, you must
+configure the daemon to listen on an IPv6 port.  Furthermore if you
+want to allow both IPv4 and IPv6 connections, some operating systems
+will require that each listens to different port numbers.  For an
+IPv6-only setup, your sendmail configuration should contain a line
+similar to (first line is for sendmail.mc, second is sendmail.cf):
+
+DAEMON_OPTIONS(`Name=MTA-v6, Family=inet6, Modify=C, Port=25')
+O DaemonPortOptions=Name=MTA-v6, Family=inet6, Modify=C, Port=25
+
+To allow sendmail and the milter process to communicate with each
+other over IPv6, you may use the "inet6" socket name prefix, as in:
+
+Xpythonfilter,        S=inet6:1234@fec0:0:0:7::5c
+
+The connect() callback method in the milter class will pass the
+IPv6-specific information in the 'hostaddr' argument as a tuple.  Note
+that the type of this value is dependent upon the protocol family, and
+is not compatible with IPv4 connections.  Therefore you should always
+check the family argument before attempting to use the hostaddr
+argument.  A quick example showing this follows:
+
+  import socket
+  ...
+  class ipv6awareMilter(Milter.Milter):
+  ...
+     def connect(self,hostname,family,hostaddr):
+        if family==socket.AF_INET:
+           ipaddress, port = hostaddr
+        elif family==socket.AF_INET6:
+           ip6address, port, flowinfo, scopeid = hostaddr
+        elif family==socket.AF_UNIX:
+           socketpath = hostaddr
+
+The hostname argument is always safe to use without interpreting the
+protocol family.  For IPv6 connections for which the hostname can not
+be determined the hostname will appear similar to the string
+"[IPv6:::1]" with the corresponding hostaddr[0] being "::1".  Refer to
+RFC 2553 for information on interpreting and using the flowinfo and
+scopeid socket attributes, both of which are integers.
+
+Authors
+-------
+
+Jim Niemira (urmane@urmane.org) wrote the original C module and some quick
+and dirty python to use it.  Stuart D. Gathman (stuart@gathman.org) took that
+kludge and added threading and context objects to it, wrote a proper OO
+wrapper (Milter.py) that handles attachments, did lots of testing, packaged
+it with distutils, and generally transformed it from a quick hack to a
+real, usable Python extension.

TODO

@@ -0,0 +1,2 @@
+Lookup exact RFC syntax of real name / email and make 
+Milter.utils.parse_addr() pass all unit tests.

doc/mainpage.py

@@ -0,0 +1,88 @@
+## @mainpage Writing Milters in Python
+#
+# At the lowest level, the <code>milter</code> module provides a thin wrapper
+# around the <a href="milter_api/index.html"> sendmail
+# libmilter API</a>.  This API lets you register callbacks for a number of
+# events in the process of sendmail receiving a message via SMTP.  These
+# events include the initial connection from a MTA, the envelope sender and
+# recipients, the top level mail headers, and the message body.  There are
+# options to mangle all of these components of the message as it passes through
+# the %milter.
+# 
+# At the next level, the <code>Milter</code> module (note the case difference)
+# provides a Python friendly object oriented wrapper for the low level API.  To
+# use the Milter module, an application registers a 'factory' to create an
+# object for each connection from a MTA to sendmail.  These connection objects
+# must provide methods corresponding to the libmilter event callbacks.
+# 
+# Each callback method returns a code to tell sendmail whether to proceed with
+# processing the message.  This is a big advantage of milters over other mail
+# filtering systems.  Unwanted mail can be stopped in its tracks at the
+# earliest possible point.  The callback return codes are
+# milter.CONTINUE, milter.REJECT, milter.DISCARD, milter.ACCEPT, 
+# milter.TEMPFAIL, milter.SKIP, milter.NOREPLY.
+# 
+# The Milter.Base class provides default implementations for
+# event methods that do nothing, and also provides wrappers for the libmilter
+# methods to mutate the message.  It automatically negotiates with MTA
+# which protocol steps need to be processed by the %milter, based on
+# which callback methods are overridden.
+#
+# The Milter.Milter class provides an alternate default
+# implementation that logs the main milter callbacks, but otherwise does
+# nothing.  It is provided for compatibility.
+# 
+# The mime module provides a wrapper for the Python email package
+# that fixes some bugs, and simplifies modifying selected parts of a MIME
+# message.
+#
+# @section threading
+#
+# The libmilter library which pymilter wraps 
+# <a href="milter_overview#SignalHandling">handles
+# all signals</a> itself, and expects to be called from a single main thread.
+# It handles SIGTERM, SIGHUP, and SIGINT, mapping the first two to 
+# <a href="milter_api/smfi_stop.html">smfi_stop</a>
+# and the last to an internal ABORT.
+#
+# If you use python threads or threading modules, then signal handling gets
+# confused.  Threads may still be useful, but you may need to provide an
+# alternate means of causing graceful shutdown.
+#
+# You may find the
+# <a href="http://docs.python.org/release/2.6.6/library/multiprocessing.html">
+# multiprocessing</a> module useful.  It can be a drop-in
+# replacement for threading as illustrated in 
+# <a href="milter-template_8py-example.html">milter-template.py</a>.
+#
+# @section Useful python packages for milters
+#
+# <a href="https://pypi.python.org/pypi/pyspf">pyspf</a> checks the
+# SMTP envelope sender (MAIL FROM, passed to the Milter.Base.envfrom callback)
+# against a Sender Policy published in DNS by the sending domain.  This
+# can prevent forgery of the MAIL FROM.  SPF is Sender Policy Framework.
+#
+# <a href="https://launchpad.net/dkimpy">pydkim</a> checks a DKIM signature
+# of the email body and headers against a public key published in DNS by
+# the signing domain.  DKIM is DomainKeys Identified Mail.
+#
+# The <a href="https://pypi.python.org/pypi/authres/">authres</a> module 
+# parses and formats the Authentication-Results email header, providing
+# a standard place to summarize the results from DKIM, SPF, rDNS, SMTP AUTH,
+# and other email authentication methods.
+#
+# <a href="https://pypi.python.org/pypi/pydspam/">pydspam</a> wraps 
+# the libdspam API of the <a href="http://dspam.sourceforge.net/">DSPAM</a>
+# project.
+#
+# @section Milters written with pymilter
+#
+# <a href="https://github.com/croessner/vrfydmn">Verify Domain</a> is a
+# Postfix milter that rejects/fixes manipulated From: header
+# on a mail host with multiple virtual domains.
+#
+# <a href="https://pypi.python.org/pypi/milter/">BMS Milter</a> has several
+# milters, a big complicated spam filter that integrates multiple
+# authentication protocols with pydpsm, and two simple ones: spfmilter.py and
+# dkim-milter.py.
+#

doc/milter.py

@@ -0,0 +1,251 @@
+# Document miltermodule for Doxygen
+#
+
+## @package milter
+#
+# A thin wrapper around libmilter.  Most users will not import
+# milter directly, but will instead import Milter and subclass
+# Milter.Base.  This module gives you ultimate low level control
+# from python.
+#
+
+## Continue processing the current connection, message, or recipient.
+CONTINUE  = 0
+##  For a connection-oriented routine, reject this connection; 
+# call Milter.Base.close(). For a message-oriented routine, except
+# Milter.Base.eom() or Milter.Base.abort(), reject this message.  For a
+# recipient-oriented routine, reject the current recipient (but continue
+# processing the current message).
+REJECT    = 1
+
+## For a message- or recipient-oriented routine, accept this message, but
+# silently discard it.  SMFIS_DISCARD should not be returned by a
+# connection-oriented routine.
+DISCARD   = 2
+
+## For a connection-oriented routine, accept this connection without further
+# filter processing; call Milter.Base.close().   For a message- or
+# recipient-oriented routine, accept this message without further filtering.
+ACCEPT    = 3
+
+## Return a temporary failure, i.e., the corresponding SMTP command will return
+# an appropriate 4xx status code. For a message-oriented routine, except
+# Milter.Base.envfrom(), fail for this message.  For a connection-oriented
+# routine, fail for this connection; call Milter.Base.close().  For a recipient-oriented
+# routine, only
+# fail for the current recipient; continue message processing.
+TEMPFAIL  = 4
+
+## Skip further callbacks of the same type in this transaction. 
+# Currently this return value is only allowed in Milter.Base.body(). It can be
+# used if a %milter has received sufficiently many body chunks to make a
+# decision, but still wants to invoke message modification functions that are
+# only allowed to be called from Milter.Base.eom(). Note: the %milter must
+# negotiate this behavior with the MTA, i.e., it must check whether the
+# protocol action SMFIP_SKIP is available and if so, the %milter must request
+# it.
+SKIP      = 5
+
+## Do not send a reply back to the MTA. 
+# The %milter must negotiate this behavior with the MTA, i.e., it must check
+# whether the appropriate protocol action P_NR_* is available and if so,
+# the %milter must request it. If you set the P_NR_* protocol action for a
+# callback, that callback must always reply with NOREPLY. Using any other
+# reply code is a violation of the API. If in some cases your callback may
+# return another value (e.g., due to some resource shortages), then you must
+# not set P_NR_* and you must use CONTINUE as the default return
+# code. (Alternatively you can try to delay reporting the problem to a later
+# callback for which P_NR_* is not set.)
+#
+# This is negotiated and returned automatically by the Milter.noreply 
+# function decorator.
+NOREPLY   = 6
+
+## Hold context for a %milter connection.
+# Each connection to sendmail creates a new <code>SMFICTX</code> struct within
+# libmilter.  The milter module in turn creates a milterContext
+# tied to the <code>SMFICTX</code> struct via <code>smfi_setpriv</code>
+# to hold a PyThreadState and a user defined Python object for the connection.
+# 
+# Most application interaction with libmilter takes places via 
+# the milterContext object for the connection.  It is passed to
+# callback functions as the first parameter.
+#
+# The <code>Milter</code> module creates a python class for each connection,
+# and converts function callbacks to instance method invocations.
+#
+class milterContext(object):
+  ## Calls <a href="milter_api/smfi_getsymval.html">smfi_getsymval</a>.
+  def getsymval(self,sym): pass
+  ## Calls <a href="milter_api/smfi_setreply.html">
+  # smfi_setreply</a> or
+  # <a href="milter_api/smfi_setmlreply.html">
+  # smfi_setmlreply</a>.
+  # @param rcode SMTP response code
+  # @param xcode extended SMTP response code
+  # @param msg one or more message lines.  If the MTA does not support 
+  #     multiline messages, only the first is used.
+  def setreply(self,rcode,xcode,*msg): pass
+  ## Calls <a href="milter_api/smfi_addheader.html">smfi_addheader</a>.
+  def addheader(self,name,value,idx=-1): pass
+  ## Calls <a href="milter_api/smfi_chgheader.html">smfi_chgheader</a>.
+  def chgheader(self,name,idx,value): pass
+  ## Calls <a href="milter_api/smfi_addrcpt.html">smfi_addrcpt</a>.
+  def addrcpt(self,rcpt,params=None): pass
+  ## Calls <a href="milter_api/smfi_delrcpt.html">smfi_delrcpt</a>.
+  def delrcpt(self,rcpt): pass
+  ## Calls <a href="milter_api/smfi_replacebody.html">smfi_replacebody</a>.
+  def replacebody(self,data): pass
+  ## Attach a Python object to this connection context.
+  # @return the old value or None
+  def setpriv(self,priv): pass
+  ## Return the Python object attached to this connection context.
+  def getpriv(self): pass
+  ## Calls <a href="milter_api/smfi_quarantine.html">smfi_quarantine</a>.
+  def quarantine(self,reason): pass
+  ## Calls <a href="milter_api/smfi_progress.html">smfi_progress</a>.
+  def progress(self): pass
+  ## Calls <a href="milter_api/smfi_chgfrom.html">smfi_chgfrom</a>.
+  def chgfrom(self,sender,param=None): pass
+  ## Tell the MTA which macro values we are interested in for a given stage.
+  # Of interest only when you need to squeeze a few more bytes of bandwidth.
+  # It may only be called from the negotiate callback.
+  # The protocol stages are 
+  # M_CONNECT, M_HELO, M_ENVFROM, M_ENVRCPT, M_DATA, M_EOM, M_EOH.
+  # Calls <a href="milter_api/smfi_setsymlist.html">smfi_setsymlist</a>.
+  # @param stage protocol stage in which the macro list should be used
+  # @param macrolist a space separated list of macro names
+  def setsymlist(self,stage,macrolist): pass
+
+class error(Exception): pass
+
+## Enable optional %milter actions.
+# Certain %milter actions need to be enabled before calling main()
+# or they throw an exception.  Pymilter enables them all by
+# default (since 0.9.2), but you may wish to disable unneeded
+# actions as an optimization.
+# @param flags Bit or mask of optional actions to enable
+def set_flags(flags): pass
+
+def set_connect_callback(cb): pass
+def set_helo_callback(cb): pass
+def set_envfrom_callback(cb): pass
+def set_envrcpt_callback(cb): pass
+def set_header_callback(cb): pass
+def set_eoh_callback(cb): pass
+def set_body_callback(cb): pass
+def set_abort_callback(cb): pass
+def set_close_callback(cb): pass
+
+## Sets the return code for untrapped Python exceptions during a callback.
+# The default is TEMPFAIL.  You should not depend on this handler.  Your
+# application should have its own top level exception handler for each
+# callback.  You can then choose your own reply message, log the stack track
+# were you please, and so on.  However, if you miss one, this last ditch
+# handler will print a standard stack trace to sys.stderr, and return to
+# sendmail.  
+# @param code one of #TEMPFAIL,#REJECT,#CONTINUE, or since 1.0, #ACCEPT
+def set_exception_policy(code): pass
+
+## Register python %milter with libmilter.
+# The name we pass is used to identify the %milter in the MTA configuration.
+# Callback functions must be set using the set_*_callback() functions before
+# registering the %milter.
+# Three additional callbacks are specified as keyword parameters.  These
+# were added by recent versions of libmilter.  The keyword parameters is
+# a nicer way to do it, I think, since it makes clear that you have to do
+# it before registering.  I may move all the callbacks in the future (perhaps
+# keeping the set functions for compatibility).  Note that Milter.Base
+# automatically maps all callbacks to member functions, and negotiates which
+# member functions are actually overridden by an application class.
+# @param name the %milter name by which the MTA finds us
+# @param negotiate the
+#       <a href="milter_api/xxfi_negotiate.html">
+#       xxfi_negotiate</a> callback, called to negotiate supported
+#       actions, callbacks, and protocol steps.
+# @param unknown the
+#       <a href="milter_api/xxfi_unknown.html">
+#       xxfi_unknown</a> callback, called when for SMTP commands
+#       not recognized by the MTA. (Extend SMTP in your milter!)
+# @param data the
+#       <a href="milter_api/xxfi_data.html">
+#       xxfi_data</a> callback, called when the DATA
+#       SMTP command is received.
+def register(name,negotiate=None,unknown=None,data=None): pass
+
+## Attempt to create the socket used to communicate with the MTA.
+# milter.opensocket() attempts to create the socket specified previously by a
+# call to milter.setconn() which will be the interface between MTAs and the
+# %milter.  This allows the calling application to ensure that the socket can be
+# created.  If this is not called, milter.main() will do so implicitly.
+# Calls <a href="milter_api/smfi_opensocket.html">
+# smfi_opensocket</a>.  While not documented for libmilter, my experiments
+# indicate that you must call register() before calling opensocket().
+# @param rmsock Try to remove an existing unix domain socket if true.
+def opensocket(rmsock): pass
+
+## Transfer control to libmilter.
+# Calls <a href="milter_api/smfi_main.html">
+#   smfi_main</a>.
+def main(): pass
+
+## Set the libmilter debugging level.
+# <a href="milter_api/smfi_setdbg.html">smfi_setdbg</a>
+# sets the %milter library's internal debugging level to a new level
+# so that code details may be traced. A level of zero turns off debugging. The
+# greater (more positive) the level the more detailed the debugging. Six is the
+# current, highest, useful value.  Must be called before calling main().
+def setdbg(lev): pass
+
+## Set timeout for MTA communication.
+# Calls <a href="milter_api/smfi_settimeout.html">
+# smfi_settimeout</a>.  Must be called before calling main().
+def settimeout(secs): pass
+
+## Set socket backlog.
+# Calls <a href="milter_api/smfi_setbacklog.html">
+# smfi_setbacklog</a>.  Must be called before calling main().
+def setbacklog(n): pass
+
+## Set the socket used to communicate with the MTA.
+# The MTA can communicate with the milter by means of a
+# unix, inet, or inet6 socket. By default, a unix domain socket
+# is used.  It must not exist,
+# and sendmail will throw warnings if, eg, the file is under a
+# group or world writable directory.  milter.setconn() will not fail with
+# an invalid socket - this will be detected only when calling milter.main()
+# or milter.opensocket().
+# @param s the socket address in proto:address format
+# <pre>
+# milter.setconn('unix:/var/run/pythonfilter')  # a named pipe
+# milter.setconn('local:/var/run/pythonfilter') # a named pipe
+# milter.setconn('inet:8800') 			# listen on ANY interface
+# milter.setconn('inet:7871@@publichost')	# listen on a specific interface
+# milter.setconn('inet6:8020')
+# milter.setconn('inet6:8020@[2001:db8:1234::1]')      # listen on specific IP
+# </pre>
+def setconn(s): pass
+
+## Stop the %milter gracefully.
+def stop(): pass
+
+## Retrieve diagnostic info.
+# Return a tuple with diagnostic info gathered by the milter module.
+# The first two fields are counts of milterContext objects created
+# and deleted.  Additional fields may be added later.
+# @return a tuple of diagnostic data
+def getdiag(): pass
+
+## Retrieve the runtime libmilter version.
+# Return the runtime libmilter version. This can be different
+# from the compile time version when sendmail or libmilter is upgraded
+# after pymilter is compiled.
+# @return a tuple of <code>(major,minor,patchlevel)</code>
+def getversion(): pass
+
+## The compile time libmilter version.
+# Python code might need to deal with pymilter compiled 
+# against various versions of libmilter.  This module constant 
+# contains the contents of the <code>SMFI_VERSION</code> macro when
+# the milter module was compiled.
+VERSION = 0x1000001

makefile

@@ -0,0 +1,17 @@
+web:
+	doxygen
+	test -L doc/html/milter_api || ln -sf /usr/share/doc/sendmail-devel-* doc/html/milter_api
+	rsync -ravKk doc/html/ spidey2.bmsi.com:/Public/pymilter
+	cd doc/html; zip -r ../../doc .
+
+VERSION=1.0
+CVSTAG=pymilter-1_0
+PKG=pymilter-$(VERSION)
+SRCTAR=$(PKG).tar.gz
+
+$(SRCTAR):
+	cvs export -r$(CVSTAG) -d $(PKG) pymilter
+	tar cvfz $(PKG).tar.gz $(PKG)
+	rm -r $(PKG)
+
+cvstar: $(SRCTAR)

milter-nomix.py

@@ -0,0 +1,80 @@
+## A very simple milter to prevent mixing of internal and external mail.  
+# Internal is defined as using one of a list of internal top level domains.
+#  This code is open-source on the same terms as Python.
+
+from __future__ import print_function
+import Milter
+import time
+import sys
+from Milter.utils import parse_addr
+
+internal_tlds = ["corp", "personal"]
+
+## Determine if a hostname is internal or not. 
+# True if internal, False otherwise
+def is_internal(hostname):
+    components = hostname.split(".")
+    return components.pop() in internal_tlds:
+
+# Determine if internal and external hosts are mixed based on a list
+# of hostnames
+def are_mixed(hostnames):
+    hostnames_mapped = map(is_internal, hostnames)
+
+    # Num internals
+    num_internal_hosts = hostnames_mapped.count(True)
+
+    # Num externals
+    num_external_hosts = hostnames_mapped.count(False)
+
+    return num_external_hosts >= 1 and num_internal_hosts >= 1
+
+class NoMixMilter(Milter.Base):
+
+  def __init__(self):  # A new instance with each new connection.
+    self.id = Milter.uniqueID()  # Integer incremented with each call.
+
+
+  ##  def envfrom(self,f,*str):
+  @Milter.noreply
+  def envfrom(self, mailfrom, *str):
+    self.mailfrom = mailfrom
+    self.domains = []
+    t = parse_addr(mailfrom)
+    if len(t) > 1:
+      self.domains.append(t[1])
+    else:
+      self.domains.append('local')
+    self.internal = False
+    return Milter.CONTINUE
+
+  ##  def envrcpt(self, to, *str):
+  def envrcpt(self, to, *str):
+    self.R.append(to)
+    t = parse_addr(to)
+    if len(t) > 1:
+      self.domains.append(t[1])
+    else:
+      self.domains.append('local')
+
+    if are_mixed(self.domains):
+      # FIXME: log recipients collected in self.mailfrom and self.R
+      self.setreply('550','5.7.1','Mixing internal and external TLDs')
+      return Milter.REJECT
+        
+    return Milter.CONTINUE
+    
+def main():
+  socketname = "/var/run/nomixsock"
+  timeout = 600
+  # Register to have the Milter factory create instances of your class:
+  Milter.factory = NoMixMilter
+  print("%s milter startup" % time.strftime('%Y%b%d %H:%M:%S'))
+  sys.stdout.flush()
+  Milter.runmilter("nomixfilter",socketname,timeout)
+  logq.put(None)
+  bt.join()
+  print("%s nomix milter shutdown" % time.strftime('%Y%b%d %H:%M:%S'))
+
+if __name__ == "__main__":
+  main()

milter-template.py

@@ -0,0 +1,166 @@
+## To roll your own milter, create a class that extends Milter.  
+#  See the pymilter project at http://bmsi.com/python/milter.html
+#  based on Sendmail's milter API 
+#  This code is open-source on the same terms as Python.
+
+## Milter calls methods of your class at milter events.
+## Return REJECT,TEMPFAIL,ACCEPT to short circuit processing for a message.
+## You can also add/del recipients, replacebody, add/del headers, etc.
+
+from __future__ import print_function
+import Milter
+try:
+  from StringIO import StringIO
+except:
+  from io import StringIO
+import time
+import email
+import sys
+from socket import AF_INET, AF_INET6
+from Milter.utils import parse_addr
+if True:
+  from multiprocessing import Process as Thread, Queue
+else:
+  from threading import Thread
+  from Queue import Queue
+
+logq = Queue(maxsize=4)
+
+class myMilter(Milter.Base):
+
+  def __init__(self):  # A new instance with each new connection.
+    self.id = Milter.uniqueID()  # Integer incremented with each call.
+
+  # each connection runs in its own thread and has its own myMilter
+  # instance.  Python code must be thread safe.  This is trivial if only stuff
+  # in myMilter instances is referenced.
+  @Milter.noreply
+  def connect(self, IPname, family, hostaddr):
+    # (self, 'ip068.subnet71.example.com', AF_INET, ('215.183.71.68', 4720) )
+    # (self, 'ip6.mxout.example.com', AF_INET6,
+    #	('3ffe:80e8:d8::1', 4720, 1, 0) )
+    self.IP = hostaddr[0]
+    self.port = hostaddr[1]
+    if family == AF_INET6:
+      self.flow = hostaddr[2]
+      self.scope = hostaddr[3]
+    else:
+      self.flow = None
+      self.scope = None
+    self.IPname = IPname  # Name from a reverse IP lookup
+    self.H = None
+    self.fp = None
+    self.receiver = self.getsymval('j')
+    self.log("connect from %s at %s" % (IPname, hostaddr) )
+    
+    return Milter.CONTINUE
+
+
+  ##  def hello(self,hostname):
+  def hello(self, heloname):
+    # (self, 'mailout17.dallas.texas.example.com')
+    self.H = heloname
+    self.log("HELO %s" % heloname)
+    if heloname.find('.') < 0:	# illegal helo name
+      # NOTE: example only - too many real braindead clients to reject on this
+      self.setreply('550','5.7.1','Sheesh people!  Use a proper helo name!')
+      return Milter.REJECT
+      
+    return Milter.CONTINUE
+
+  ##  def envfrom(self,f,*str):
+  def envfrom(self, mailfrom, *str):
+    self.F = mailfrom
+    self.R = []  # list of recipients
+    self.fromparms = Milter.dictfromlist(str)	# ESMTP parms
+    self.user = self.getsymval('{auth_authen}')	# authenticated user
+    self.log("mail from:", mailfrom, *str)
+    # NOTE: self.fp is only an *internal* copy of message data.  You
+    # must use addheader, chgheader, replacebody to change the message
+    # on the MTA.
+    self.fp = StringIO()
+    self.canon_from = '@'.join(parse_addr(mailfrom))
+    self.fp.write('From %s %s\n' % (self.canon_from,time.ctime()))
+    return Milter.CONTINUE
+
+
+  ##  def envrcpt(self, to, *str):
+  @Milter.noreply
+  def envrcpt(self, to, *str):
+    rcptinfo = to,Milter.dictfromlist(str)
+    self.R.append(rcptinfo)
+    
+    return Milter.CONTINUE
+
+
+  @Milter.noreply
+  def header(self, name, hval):
+    self.fp.write("%s: %s\n" % (name,hval))	# add header to buffer
+    return Milter.CONTINUE
+
+  @Milter.noreply
+  def eoh(self):
+    self.fp.write("\n")				# terminate headers
+    return Milter.CONTINUE
+
+  @Milter.noreply
+  def body(self, chunk):
+    self.fp.write(chunk)
+    return Milter.CONTINUE
+
+  def eom(self):
+    self.fp.seek(0)
+    msg = email.message_from_file(self.fp)
+    # many milter functions can only be called from eom()
+    # example of adding a Bcc:
+    self.addrcpt('<%s>' % 'spy@example.com')
+    return Milter.ACCEPT
+
+  def close(self):
+    # always called, even when abort is called.  Clean up
+    # any external resources here.
+    return Milter.CONTINUE
+
+  def abort(self):
+    # client disconnected prematurely
+    return Milter.CONTINUE
+
+  ## === Support Functions ===
+
+  def log(self,*msg):
+    logq.put((msg,self.id,time.time()))
+
+def background():
+  while True:
+    t = logq.get()
+    if not t: break
+    msg,id,ts = t
+    print("%s [%d]" % (time.strftime('%Y%b%d %H:%M:%S',time.localtime(ts)),id),
+        end=None)
+    # 2005Oct13 02:34:11 [1] msg1 msg2 msg3 ...
+    for i in msg: print(i,end=None)
+    print()
+    sys.stdout.flush()
+
+## ===
+    
+def main():
+  bt = Thread(target=background)
+  bt.start()
+  socketname = "/home/stuart/pythonsock"
+  timeout = 600
+  # Register to have the Milter factory create instances of your class:
+  Milter.factory = myMilter
+  flags = Milter.CHGBODY + Milter.CHGHDRS + Milter.ADDHDRS
+  flags += Milter.ADDRCPT
+  flags += Milter.DELRCPT
+  Milter.set_flags(flags)       # tell Sendmail which features we use
+  print("%s milter startup" % time.strftime('%Y%b%d %H:%M:%S'))
+  sys.stdout.flush()
+  Milter.runmilter("pythonfilter",socketname,timeout)
+  logq.put(None)
+  bt.join()
+  print("%s bms milter shutdown" % time.strftime('%Y%b%d %H:%M:%S'))
+
+if __name__ == "__main__":
+  main()

milter.patch

@@ -0,0 +1,160 @@
+diff --git a/miltermodule.c b/miltermodule.c
+index aa10a08..af9a144 100644
+--- a/miltermodule.c
++++ b/miltermodule.c
+@@ -343,7 +343,7 @@ static struct MilterCallback {
+       { NULL , NULL }
+     };
+ 
+-staticforward struct smfiDesc description; /* forward declaration */
++static struct smfiDesc description; /* forward declaration */
+ 
+ static PyObject *MilterError;
+ /* The interpreter instance that called milter.main */
+@@ -355,7 +355,7 @@ typedef struct {
+ 
+ static milter_Diag diag;
+ 
+-staticforward PyTypeObject milter_ContextType;
++static PyTypeObject milter_ContextType;
+ 
+ typedef struct {
+   PyObject_HEAD
+@@ -700,7 +700,7 @@ _generic_wrapper(milter_ContextObject *self, PyObject *cb, PyObject *arglist) {
+   result = PyEval_CallObject(cb, arglist);
+   Py_DECREF(arglist);
+   if (result == NULL) return _report_exception(self);
+-  if (!PyInt_Check(result)) {
++  if (!PyLong_Check(result)) {
+     const struct MilterCallback *p;
+     const char *cbname = "milter";
+     char buf[40];
+@@ -715,7 +715,7 @@ _generic_wrapper(milter_ContextObject *self, PyObject *cb, PyObject *arglist) {
+     PyErr_SetString(MilterError,buf);
+     return _report_exception(self);
+   }
+-  retval = PyInt_AS_LONG(result);
++  retval = PyLong_AS_LONG(result);
+   Py_DECREF(result);
+   _release_thread(self->t);
+   return retval;
+@@ -732,7 +732,7 @@ makeipaddr(struct sockaddr_in *addr) {
+ 	sprintf(buf, "%d.%d.%d.%d",
+ 		(int) (x>>24) & 0xff, (int) (x>>16) & 0xff,
+ 		(int) (x>> 8) & 0xff, (int) (x>> 0) & 0xff);
+-	return PyString_FromString(buf);
++	return PyUnicode_FromString(buf);
+ }
+ 
+ #ifdef HAVE_IPV6_SUPPORT
+@@ -740,8 +740,8 @@ static PyObject *
+ makeip6addr(struct sockaddr_in6 *addr) {
+ 	char buf[100]; /* must be at least INET6_ADDRSTRLEN + 1 */
+ 	const char *s = inet_ntop(AF_INET6, &addr->sin6_addr, buf, sizeof buf);
+-	if (s) return PyString_FromString(s);
+-	return PyString_FromString("inet6:unknown");
++	if (s) return PyUnicode_FromString(s);
++	return PyUnicode_FromString("inet6:unknown");
+ }
+ #endif
+ 
+@@ -832,7 +832,7 @@ generic_env_wrapper(SMFICTX *ctx, PyObject*cb, char **argv) {
+    for (i=0;i<count;i++) {
+      /* There's some error checking performed in do_mkvalue() for a string */
+      /* that's not currently done here - it probably should be */
+-     PyObject *o = PyString_FromStringAndSize(argv[i], strlen(argv[i]));
++     PyObject *o = PyUnicode_FromStringAndSize(argv[i], strlen(argv[i]));
+      if (o == NULL) {	/* out of memory */
+        Py_DECREF(arglist);
+        return _report_exception(self);
+@@ -963,7 +963,7 @@ milter_wrap_negotiate(SMFICTX *ctx,
+     int i;
+     for (i = 0; i < 4; ++i) {
+       *pa[i] = (i <= len)
+-      	? PyInt_AsUnsignedLongMask(PyList_GET_ITEM(optlist,i))
++      	? PyLong_AsUnsignedLongMask(PyList_GET_ITEM(optlist,i))
+ 	: fa[i];
+     }
+     if (PyErr_Occurred()) {
+@@ -1551,11 +1551,6 @@ static PyMethodDef context_methods[] = {
+   { NULL, NULL }
+ };
+ 
+-static PyObject *
+-milter_Context_getattr(PyObject *self, char *name) {
+-  return Py_FindMethod(context_methods, self, name);
+-}
+-
+ static struct smfiDesc description = {  /* Set some reasonable defaults */
+   "pythonfilter",
+   SMFI_VERSION,
+@@ -1604,14 +1599,13 @@ static PyMethodDef milter_methods[] = {
+ };
+ 
+ static PyTypeObject milter_ContextType = {
+-  PyObject_HEAD_INIT(&PyType_Type)
+-  0,
++  PyVarObject_HEAD_INIT(&PyType_Type,0)
+   "milterContext",
+   sizeof(milter_ContextObject),
+   0,
+         milter_Context_dealloc,            /* tp_dealloc */
+         0,               /* tp_print */
+-        milter_Context_getattr,           /* tp_getattr */
++        0,           /* tp_getattr */
+         0,			/* tp_setattr */
+         0,                                      /* tp_compare */
+         0,                 /* tp_repr */
+@@ -1625,6 +1619,13 @@ static PyTypeObject milter_ContextType = {
+         0,                                      /* tp_setattro */
+         0,                                      /* tp_as_buffer */
+         Py_TPFLAGS_DEFAULT,                     /* tp_flags */
++	NULL,	/* Documentation string */
++	0, 	/* call function for all accessible objects */
++    	0,	/* delete references to contained objects */
++    	0,	/* rich comparisons */
++    	0,	/* weak reference enabler */
++    	0, 0,	/* Iterators */
++    	context_methods, /* Attribute descriptor and subclassing stuff */
+ };
+ 
+ static const char milter_documentation[] =
+@@ -1634,17 +1635,27 @@ Libmilter is currently marked FFR, and needs to be explicitly installed.\n\
+ See <sendmailsource>/libmilter/README for details on setting it up.\n";
+ 
+ static void setitem(PyObject *d,const char *name,long val) {
+-  PyObject *v = PyInt_FromLong(val);
++  PyObject *v = PyLong_FromLong(val);
+   PyDict_SetItemString(d,name,v);
+   Py_DECREF(v);
+ }
+ 
+-void
+-initmilter(void) {
++static struct PyModuleDef moduledef = {
++    PyModuleDef_HEAD_INIT,
++    "milter",     	 /* m_name */
++    milter_documentation,/* m_doc */
++    -1,                  /* m_size */
++    milter_methods,      /* m_methods */
++    NULL,                /* m_reload */
++    NULL,                /* m_traverse */
++    NULL,                /* m_clear */
++    NULL,                /* m_free */
++};
++
++PyMODINIT_FUNC PyInit_milter(void) {
+    PyObject *m, *d;
+ 
+-   m = Py_InitModule4("milter", milter_methods, milter_documentation,
+-		      (PyObject*)NULL, PYTHON_API_VERSION);
++   m = PyModule_Create(&moduledef);
+    d = PyModule_GetDict(m);
+    MilterError = PyErr_NewException("milter.error", NULL, NULL);
+    PyDict_SetItemString(d,"error", MilterError);
+@@ -1710,4 +1721,5 @@ initmilter(void) {
+    setitem(d,"DISCARD",  SMFIS_DISCARD);
+    setitem(d,"ACCEPT",  SMFIS_ACCEPT);
+    setitem(d,"TEMPFAIL",  SMFIS_TEMPFAIL);
++   return m;
+ }

mime.py

@@ -0,0 +1,551 @@
+# $Log$
+# Revision 1.8  2011/11/05 15:51:03  customdesigned
+# New example
+#
+# Revision 1.7  2009/06/13 21:15:12  customdesigned
+# Doxygen updates.
+#
+# Revision 1.6  2009/06/09 03:13:13  customdesigned
+# More doxygen docs.
+#
+# Revision 1.5  2005/07/20 14:49:43  customdesigned
+# Handle corrupt and empty ZIP files.
+#
+# Revision 1.4  2005/06/17 01:49:39  customdesigned
+# Handle zip within zip.
+#
+# Revision 1.3  2005/06/02 15:00:17  customdesigned
+# Configure banned extensions.  Scan zipfile option with test case.
+#
+# Revision 1.2  2005/06/02 04:18:55  customdesigned
+# Update copyright notices after reading article on /.
+#
+# Revision 1.1.1.4  2005/05/31 18:23:49  customdesigned
+# Development changes since 0.7.2
+#
+# Revision 1.62  2005/02/14 22:31:17  stuart
+# _parseparam replacement not needed for python2.4
+#
+# Revision 1.61  2005/02/12 02:11:11  stuart
+# Pass unit tests with python2.4.
+#
+# Revision 1.60  2005/02/11 18:34:14  stuart
+# Handle garbage after quote in boundary.
+#
+# Revision 1.59  2005/02/10 01:10:59  stuart
+# Fixed MimeMessage.ismodified()
+#
+# Revision 1.58  2005/02/10 00:56:49  stuart
+# Runs with python2.4.  Defang not working correctly - more work needed.
+#
+# Revision 1.57  2004/11/20 16:37:52  stuart
+# fix regex for splitting header and body
+#
+# Revision 1.56  2004/11/09 20:33:51  stuart
+# Recognize more dynamic PTR variations.
+#
+# Revision 1.55  2004/10/06 21:39:20  stuart
+# Handle message attachments with boundary errors by not parsing them
+# until needed.
+#
+# Revision 1.54  2004/08/18 01:59:46  stuart
+# Handle mislabeled multipart messages
+#
+# Revision 1.53  2004/04/24 22:53:20  stuart
+# Rename some local variables to avoid shadowing builtins
+#
+# Revision 1.52  2004/04/24 22:47:13  stuart
+# Convert header values to str
+#
+# Revision 1.51  2004/03/25 03:19:10  stuart
+# Correctly defang rfc822 attachments when boundary specified with
+# content-type message/rfc822.
+#
+# Revision 1.50  2003/10/15 22:01:00  stuart
+# Test for and work around email bug with encoded filenames.
+#
+# Revision 1.49  2003/09/04 18:48:13  stuart
+# Support python-2.2.3
+#
+# Revision 1.48  2003/09/02 00:27:27  stuart
+# Should have full milter based dspam support working
+#
+# Revision 1.47  2003/08/26 06:08:18  stuart
+# Use new python boolean since we now require 2.2.2
+#
+# Revision 1.46  2003/08/26 05:01:38  stuart
+# Release 0.6.0
+#
+# Revision 1.45  2003/08/26 04:01:24  stuart
+# Use new email module for parsing mail.  Still need mime module to
+# provide various bug fixes to email module, and maintain some compatibility
+# with old milter code.
+#
+
+## @package mime
+# This module provides a "defang" function to replace naughty attachments.
+#
+# We also provide workarounds for bugs in the email module that comes 
+# with python.  The "bugs" fixed mostly come up only with malformed
+# messages - but that is what you have when dealing with spam.
+
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2001,2002,2003,2004,2005 Business Management Systems, Inc.
+# This code is under the GNU General Public License.  See COPYING for details.
+
+from __future__ import print_function
+try:
+  from io import BytesIO, StringIO
+except:
+  from StringIO import StringIO 
+  BytesIO = StringIO
+import socket
+import Milter
+import zipfile
+
+import email
+from email.message import Message
+try:
+  from email.generator import BytesGenerator
+  from email import message_from_binary_file
+except:
+  from email.generator import Generator as BytesGenerator
+  from email import message_from_file as message_from_binary_file
+from email.utils import quote
+
+if not getattr(Message,'as_bytes',None):
+  Message.as_bytes = Message.as_string
+
+## Return a list of filenames in a zip file.
+# Embedded zip files are recursively expanded.
+def zipnames(txt):
+  fp =  BytesIO(txt)
+  zipf = zipfile.ZipFile(fp,'r')
+  names = []
+  for nm in zipf.namelist():
+    names.append(('zipname',nm))
+    if nm.lower().endswith('.zip'):
+      names += zipnames(zipf.read(nm))
+  return names
+
+## Fix multipart handling in email.Generator.
+#
+class MimeGenerator(BytesGenerator):
+    def _dispatch(self, msg):
+        # Get the Content-Type: for the message, then try to dispatch to
+        # self._handle_<maintype>_<subtype>().  If there's no handler for the
+        # full MIME type, then dispatch to self._handle_<maintype>().  If
+        # that's missing too, then dispatch to self._writeBody().
+        main = msg.get_content_maintype()
+        if msg.is_multipart() and main.lower() != 'multipart':
+          self._handle_multipart(msg)
+        else:
+          BytesGenerator._dispatch(self,msg)
+
+def unquote(s):
+    """Remove quotes from a string."""
+    if len(s) > 1:
+        if s.startswith('"'):
+          if s.endswith('"'):
+            s = s[1:-1]
+          else: # remove garbage after trailing quote
+            try: s = s[1:s[1:].index('"')+1]
+            except:
+              return s
+          return s.replace('\\\\', '\\').replace('\\"', '"')
+        if s.startswith('<') and s.endswith('>'):
+          return s[1:-1]
+    return s
+
+def _unquotevalue(value):
+  if isinstance(value, tuple):
+      return value[0], value[1], unquote(value[2])
+  else:
+      return unquote(value)
+
+#email.Message._unquotevalue = _unquotevalue
+
+from email.message import _parseparam
+
+## Enhance email.message.Message
+#
+# Tracks modifications to headers of body or any part independently.
+
+class MimeMessage(Message):
+  """Version of email.Message.Message compatible with old mime module
+  """
+  def __init__(self,fp=None,seekable=1):
+    Message.__init__(self)
+    self.submsg = None
+    self.modified = False
+  ## @var headerchange
+  # Provide a headerchange event for integration with Milter.
+  #   The headerchange attribute can be assigned a function to be called when
+  #   changing headers.  The signature is:
+  #   headerchange(msg,name,value) -> None
+    self.headerchange = None
+
+  def get_param(self, param, failobj=None, header='content-type', unquote=True):
+    val = Message.get_param(self,param,failobj,header,unquote)
+    if val != failobj and param == 'boundary' and unquote:
+      # unquote boundaries an extra time, test case testDefang5
+      return _unquotevalue(val)
+    return val
+
+  getfilename = Message.get_filename
+  ismultipart = Message.is_multipart
+  getheaders = Message.get_all
+  gettype = Message.get_content_type
+  getparam = Message.get_param
+
+  def getparams(self): return self.get_params([])
+
+  def getname(self):
+    return self.get_param('name')
+
+  def getnames(self,scan_zip=False):
+    """Return a list of (attr,name) pairs of attributes that IE might
+       interpret as a name - and hence decide to execute this message."""
+    names = []
+    for attr,val in self._get_params_preserve([],'content-type'):
+      if isinstance(val, tuple):
+	  # It's an RFC 2231 encoded parameter
+          newvalue = _unquotevalue(val)
+          if val[0]:
+            val =  unicode(newvalue[2], newvalue[0])
+          else:
+            val = unicode(newvalue[2])
+      else:
+          val = _unquotevalue(val.strip())
+      names.append((attr,val))
+    names += [("filename",self.get_filename())]
+    if scan_zip:
+      for key,name in tuple(names):	# copy by converting to tuple
+        if name and name.lower().endswith('.zip'):
+          txt = self.get_payload(decode=True)
+          if txt.strip():
+            names += zipnames(txt)
+    return names
+
+  def ismodified(self):
+    "True if this message or a subpart has been modified."
+    if not self.is_multipart():
+      if isinstance(self.submsg,Message):
+        return self.submsg.ismodified()
+      return self.modified
+    if self.modified: return True
+    for i in self.get_payload():
+      if i.ismodified(): return True
+    return False
+
+  def dump(self,file,unixfrom=False):
+    "Write this message (and all subparts) to a file"
+    g = MimeGenerator(file)
+    g.flatten(self,unixfrom=unixfrom)
+
+  def as_bytes(self, unixfrom=False):
+      "Return the entire formatted message as a string."
+      fp = BytesIO()
+      self.dump(fp,unixfrom=unixfrom)
+      return fp.getvalue()
+
+  def getencoding(self):
+    return self.get('content-transfer-encoding',None)
+
+  # Decode body to stream according to transfer encoding, return encoding name
+  def decode(self,filt):
+    try:
+      filt.write(self.get_payload(decode=True))
+    except:
+      pass
+    return self.getencoding()
+
+  def get_payload_decoded(self):
+    return self.get_payload(decode=True)
+
+  def __setitem__(self, name, value):
+    rc = Message.__setitem__(self,name,value)
+    self.modified = True
+    if self.headerchange: self.headerchange(self,name,str(value))
+    return rc
+
+  def __delitem__(self, name):
+    if self.headerchange: self.headerchange(self,name,None)
+    rc = Message.__delitem__(self,name)
+    self.modified = True
+    return rc
+
+  def get_payload(self,i=None,decode=False):
+    msg = self.submsg
+    if isinstance(msg,Message) and msg.ismodified():
+      self.set_payload([msg])
+    return Message.get_payload(self,i,decode)
+
+  def set_payload(self, val, charset=None):
+    self.modified = True
+    try:
+      val.seek(0)
+      val = val.read()
+    except: pass
+    Message.set_payload(self,val,charset)
+    self.submsg = None
+
+  def get_submsg(self):
+    t = self.get_content_type().lower()
+    if t == 'message/rfc822' or t.startswith('multipart/'):
+      if not self.submsg:
+        txt = self.get_payload()
+        if type(txt) == str:
+          txt = self.get_payload(decode=True)
+          self.submsg = email.message_from_string(txt,MimeMessage)
+          for part in self.submsg.walk():
+            part.modified = False
+        else:
+          self.submsg = txt[0]
+      return self.submsg
+    return None
+
+def message_from_file(fp):
+  msg = message_from_binary_file(fp,MimeMessage)
+  for part in msg.walk():
+    part.modified = False
+  assert not msg.ismodified()
+  return msg
+
+extlist = ''.join("""
+ade,adp,asd,asx,asp,bas,bat,chm,cmd,com,cpl,crt,dll,exe,hlp,hta,inf,ins,isp,js,
+jse,lnk,mdb,mde,msc,msi,msp,mst,ocx,pcd,pif,reg,scr,sct,shs,url,vb,vbe,vbs,wsc,
+wsf,wsh 
+""".split())
+bad_extensions = ['.' + x for x in extlist.split(',')]
+
+def check_ext(name):
+  "Check a name for dangerous Winblows extensions."
+  if not name: return name
+  lname = name.lower()
+  for ext in bad_extensions:
+    if lname.endswith(ext): return name
+  return None
+
+virus_msg = """This message appeared to contain a virus.
+It was originally named '%s', and has been removed.
+A copy of your original message was saved as '%s:%s'.
+See your administrator.
+"""
+
+def check_name(msg,savname=None,ckname=check_ext,scan_zip=False):
+  "Replace attachment with a warning if its name is suspicious."
+  try:
+    for key,name in msg.getnames(scan_zip):
+      badname = ckname(name)
+      if badname:
+        if key == 'zipname':
+          badname = msg.get_filename()
+        break
+    else:
+      return Milter.CONTINUE
+  except zipfile.BadZipfile:
+    # a ZIP that is not a zip is very suspicious
+    badname = msg.get_filename()
+  hostname = socket.gethostname()
+  msg.set_payload(virus_msg % (badname,hostname,savname))
+  del msg["content-type"]
+  del msg["content-disposition"]
+  del msg["content-transfer-encoding"]
+  name = "WARNING.TXT"
+  msg["Content-Type"] = "text/plain; name="+name
+  return Milter.CONTINUE
+
+def check_attachments(msg,check):
+  """Scan attachments.
+msg	MimeMessage
+check	function(MimeMessage): int
+	Return CONTINUE, REJECT, ACCEPT
+  """
+  if msg.is_multipart():
+    for i in msg.get_payload():
+      rc = check_attachments(i,check)
+      if rc != Milter.CONTINUE: return rc
+    return Milter.CONTINUE
+  return check(msg)
+
+# save call context for Python without nested_scopes
+class _defang:
+
+  def __init__(self,scan_html=True):
+    self.scan_html = scan_html
+
+  def _chk_name(self,msg):
+    rc = check_name(msg,self._savname,self._check,self.scan_zip)
+    if self.scan_html:
+      check_html(msg,self._savname)	# remove scripts from HTML
+    if self.scan_rfc822:
+      msg = msg.get_submsg()
+      if isinstance(msg,Message):
+        return check_attachments(msg,self._chk_name)
+    return rc
+
+  def __call__(self,msg,savname=None,check=check_ext,scan_rfc822=True,
+		scan_zip=False):
+    """Compatible entry point.
+    Replace all attachments with dangerous names."""
+    self._savname = savname
+    self._check = check
+    self.scan_rfc822 = scan_rfc822
+    self.scan_zip = scan_zip
+    check_attachments(msg,self._chk_name)
+    if msg.ismodified():
+      return True
+    return False
+
+# emulate old defang function
+defang = _defang()
+
+from sgmllib import SGMLParser as HTMLParser
+
+import re
+declname = re.compile(r'[a-zA-Z][-_.a-zA-Z0-9]*\s*')
+declstringlit = re.compile(r'(\'[^\']*\'|"[^"]*")\s*')
+
+class SGMLFilter(HTMLParser):
+  """Parse HTML and pass through all constructs unchanged.  It is intended for
+     derived classes to implement exceptional processing for selected cases.
+  """
+  def __init__(self,out):
+    HTMLParser.__init__(self)
+    self.out = out
+
+  def handle_comment(self,comment):
+    self.out.write("<!--%s-->" % comment)
+
+  def unknown_starttag(self,tag,attr):
+    if hasattr(self,"get_starttag_text"):
+      self.out.write(self.get_starttag_text())
+    else:
+      self.out.write("<%s" % tag)
+      for (key,val) in attr:
+        self.out.write(' %s="%s"' % (key,val))
+      self.out.write('>')
+
+  def handle_data(self,data):
+    self.out.write(data)
+
+  def handle_entityref(self,ref):
+    self.out.write("&%s;" % ref)
+
+  def handle_charref(self,ref):
+    self.out.write("&#%s;" % ref)
+      
+  def unknown_endtag(self,tag):
+    self.out.write("</%s>" % tag)
+
+  def handle_special(self,data):
+    self.out.write("<!%s>" % data)
+
+  def write(self,buf):
+    "Act like a writer.  Why doesn't HTMLParser do this by default?"
+    self.feed(buf)
+
+  # Python-2.1 sgmllib rejects illegal declarations.  Since various Microsoft
+  # products accept and output them, we need to pass them through -
+  # at least until we discover that MS will execute them.
+  # sgmlop-1.1 will not use this method, but calls handle_special to
+  # do what we want.
+  def parse_declaration(self, i):
+      rawdata = self.rawdata
+      n = len(rawdata)
+      j = i + 2
+      while j < n:
+          c = rawdata[j]
+          if c == ">":
+              # end of declaration syntax
+              self.handle_special(rawdata[i+2:j])
+              return j + 1
+          if c in "\"'":
+              m = declstringlit.match(rawdata, j)
+              if not m:
+		  # incomplete or an error?
+                  return -1
+              j = m.end()
+          elif c in "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ":
+              m = declname.match(rawdata, j)
+              if not m:
+                  # incomplete or an error?
+                  return -1
+              j = m.end()
+          else:
+              j += 1
+      # end of buffer between tokens
+      return -1
+
+class HTMLScriptFilter(SGMLFilter):
+  "Remove scripts from an HTML document."
+  def __init__(self,out):
+    SGMLFilter.__init__(self,out)
+    self.ignoring = 0
+    self.modified = False
+    self.msg = "<!-- WARNING: embedded script removed -->"
+  def start_script(self,unused):
+    #print('beg script',unused)
+    self.ignoring += 1
+    self.modified = True
+  def end_script(self):
+    #print('end script')
+    self.ignoring -= 1
+    if not self.ignoring:
+      self.out.write(self.msg)
+  def handle_data(self,data):
+    if not self.ignoring: SGMLFilter.handle_data(self,data)
+  def handle_comment(self,comment):
+    if not self.ignoring: SGMLFilter.handle_comment(self,comment)
+
+def check_html(msg,savname=None):
+  "Remove scripts from HTML attachments."
+  msgtype = msg.get_content_type().lower()
+  # check for more MSIE braindamage
+  if msgtype == 'application/octet-stream':
+    for (attr,name) in msg.getnames():
+      if name and name.lower().endswith(".htm"):
+        msgtype = 'text/html'
+  if msgtype == 'text/html':
+    out = StringIO()
+    htmlfilter = HTMLScriptFilter(out)
+    try:
+      htmlfilter.write(msg.get_payload(decode=True).decode())
+      htmlfilter.close()
+    #except sgmllib.SGMLParseError:
+    except:
+      mimetools.copyliteral(msg.get_payload(),open('debug.out','wb'))
+      htmlfilter.close()
+      hostname = socket.gethostname()
+      msg.set_payload(
+  "An HTML attachment could not be parsed.  The original is saved as '%s:%s'"
+      % (hostname,savname))
+      del msg["content-type"]
+      del msg["content-disposition"]
+      del msg["content-transfer-encoding"]
+      name = "WARNING.TXT"
+      msg["Content-Type"] = "text/plain; name="+name
+      return Milter.CONTINUE
+    if htmlfilter.modified:
+      msg.set_payload(out)	# remove embedded scripts
+      del msg["content-transfer-encoding"]
+      email.Encoders.encode_quopri(msg)
+  return Milter.CONTINUE
+
+if __name__ == '__main__':
+  import sys
+  def _list_attach(msg):
+    t = msg.get_content_type()
+    p = msg.get_payload(decode=True)
+    print(msg.get_filename(),msg.get_content_type(),type(p))
+    msg = msg.get_submsg()
+    if isinstance(msg,Message):
+      return check_attachments(msg,_list_attach)
+    return Milter.CONTINUE
+
+  for fname in sys.argv[1:]:
+    fp = open(fname,'rb')
+    msg = message_from_file(fp)
+    email.iterators._structure(msg)
+    check_attachments(msg,_list_attach)

pep8.dat

@@ -0,0 +1,6 @@
+Check	Description		Justification
+E111	req indent 4		Creates more continuation lines
+E114	req indent 4 cmnt	Same
+E231	req space after ,	makes calls like print() harder to read
+E266	no ## 			Required by Doxygen
+W291	trailing spaces in cmnt	Needed for space preserving para reformat

pep8.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+ignore=`awk -F\\\\t '{ print $1 }' pep8.dat | tail -n +2`
+a=(${ignore})
+list=$(echo "${a[@]}"|tr '[ ]' '[,]')
+echo python3 -m pep8 --ignore="$list" $@

py3milter.spec

@@ -0,0 +1,192 @@
+%if 0%{?rhel} == 7
+%define pythonbase python34
+%else
+%define pythonbase python3
+%endif
+%define __python python3
+
+%define libdir %{_libdir}/pymilter
+%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
+
+Summary: Python interface to sendmail milter API
+Name: %{pythonbase}-pymilter
+Version: 1.0.1
+Release: 1%{dist}
+Source: https://github.com/sdgathman/pymilter/archive/pymilter-%{version}.tar.gz
+Source1: pymilter.te
+# Patch miltermodule to python3
+# FIXME: replace with reverse patch at some point (make py3 the default)
+Patch: milter.patch
+License: GPLv2+
+Group: Development/Libraries
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+Url: http://www.bmsi.com/python/milter.html
+# python-2.6.4 gets RuntimeError: not holding the import lock
+Requires: %{pythonbase} >= 2.6.5, sendmail-milter >= 8.13
+%if 0%{?fedora} >= 23
+# Need python2.6 specific pydns, not the version for system python
+Recommends: %{pythonbase}-pydns
+%endif
+# Needed for callbacks, not a core function but highly useful for milters
+BuildRequires: ed, %{pythonbase}-devel, sendmail-devel >= 8.13
+
+%description
+This is a python extension module to enable python scripts to
+attach to sendmail's libmilter functionality.  Additional python
+modules provide for navigating and modifying MIME parts, sending
+DSNs, and doing CBV.
+
+%package selinux
+Summary: SELinux policy module for pymilter
+Group: System Environment/Base
+Requires: policycoreutils, selinux-policy, %{name}
+BuildRequires: policycoreutils, checkpolicy
+%if 0%{?epel} >= 6
+BuildRequires: policycoreutils-python
+%else
+BuildRequires: policycoreutils-python-utils
+%endif
+
+%description selinux
+SELinux policy module for using pymilter with sendmail with selinux enforcing
+
+%prep
+%setup -q -n pymilter-%{version}
+%patch -p1 -b .py3
+cp %{SOURCE1} pymilter.te
+
+%build
+env CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
+checkmodule -m -M -o pymilter.mod pymilter.te
+semodule_package -o pymilter.pp -m pymilter.mod
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%{__python} setup.py install --root=$RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/milter
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/milter
+mkdir -p $RPM_BUILD_ROOT%{libdir}
+
+# install selinux modules
+mkdir -p %{buildroot}%{_datadir}/selinux/targeted
+cp -p pymilter.pp %{buildroot}%{_datadir}/selinux/targeted
+
+%files
+%defattr(-,root,root,-)
+%doc README ChangeLog NEWS TODO CREDITS sample.py milter-template.py
+%{python_sitearch}/*
+%{libdir}
+%dir %attr(0755,mail,mail) %{_localstatedir}/run/milter
+%dir %attr(0755,mail,mail) %{_localstatedir}/log/milter
+
+%files selinux
+%doc pymilter.te
+%{_datadir}/selinux/targeted/*
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post selinux
+/usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/pymilter.pp \
+	&>/dev/null || :
+
+%postun selinux
+if [ $1 -eq 0 ] ; then
+/usr/sbin/semodule -s targeted -r pymilter &> /dev/null || :
+fi
+
+%changelog
+* Tue Sep 20 2016 Stuart Gathman <stuart@gathman.org> 1.0.1-1
+- Support python3
+
+* Sat Mar  1 2014 Stuart Gathman <stuart@gathman.org> 1.0-2
+- Remove start.sh to track EPEL repository, suggest daemonize as replacement
+- Selinux subpackage should not care about pymilter version
+
+* Wed Jun 26 2013 Stuart Gathman <stuart@gathman.org> 1.0-1
+- Allow ACCEPT as untrapped exception policy
+- Optional dir for getaddrset and getaddrdict in Milter.config
+- Show registered milter name in untrapped exception message.
+- Include selinux subpackage
+- Provide Milter.greylist export and Milter.greylist import to migrate data
+
+* Sat Mar  9 2013 Stuart Gathman <stuart@bmsi.com> 0.9.8-1
+- Add Milter.test module for unit testing milters.
+- Fix typo that prevented setsymlist from being active.
+- Change untrapped exception message to:
+- "pymilter: untrapped exception in milter app"
+
+* Thu Apr 12 2012 Stuart Gathman <stuart@bmsi.com> 0.9.7-1
+- Raise RuntimeError when result != CONTINUE for @noreply and @nocallback
+- Remove redundant table in miltermodule
+- Fix CNAME chain duplicating TXT records in Milter.dns (from pyspf).
+
+* Sat Feb 25 2012 Stuart Gathman <stuart@bmsi.com> 0.9.6-1
+- Raise ValueError on unescaped '%' passed to setreply
+- Grace time at end of Greylist window
+
+* Fri Aug 19 2011 Stuart Gathman <stuart@bmsi.com> 0.9.5-1
+- Print milter.error for invalid callback return type.
+  (Since stacktrace is empty, the TypeError exception is confusing.)
+- Fix milter-template.py
+- Tweak Milter.utils.addr2bin and Milter.dynip to handle IP6
+
+* Tue Mar 02 2010 Stuart Gathman <stuart@bmsi.com> 0.9.4-1
+- Handle IP6 in Milter.utils.iniplist()
+- python-2.6
+
+* Thu Jul 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.3-1
+- Handle source route in Milter.utils.parse_addr()
+- Fix default arg in chgfrom.
+- Disable negotiate callback for libmilter < 8.14.3 (1,0,1)
+
+* Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-3
+- Change result of @noreply callbacks to NOREPLY when so negotiated.
+
+* Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-2
+- Cache callback negotiation
+
+* Thu May 28 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-1
+- Add new callback support: data,negotiate,unknown
+- Auto-negotiate protocol steps 
+
+* Thu Feb 05 2009 Stuart Gathman <stuart@bmsi.com> 0.9.1-1
+- Fix missing address of optional param to addrcpt
+
+* Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-4
+- Stop using INSTALLED_FILES to make Fedora happy
+- Remove config flag from start.sh glue
+- Own /var/log/milter
+- Use _localstatedir
+
+* Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-2
+- Changes to meet Fedora standards
+
+* Mon Nov 24 2008 Stuart Gathman <stuart@bmsi.com> 0.9.0-1
+- Split pymilter into its own CVS module
+- Support chgfrom and addrcpt_par
+- Support NS records in Milter.dns
+
+* Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-2
+- /var/run/milter directory must be owned by mail
+
+* Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-1
+- improved parsing into email and fullname (still 2 self test failures)
+- implement no-DSN CBV, reduce full DSNs
+
+* Mon Sep 24 2007 Stuart Gathman <stuart@bmsi.com> 0.8.9-1
+- Use ifarch hack to build milter and milter-spf packages as noarch
+- Remove spf dependency from dsn.py, add dns.py
+
+* Fri Jan 05 2007 Stuart Gathman <stuart@bmsi.com> 0.8.8-1
+- move AddrCache, parse_addr, iniplist to Milter package
+- move parse_header to Milter.utils
+- fix plock for missing source and can't change owner/group
+- split out pymilter and pymilter-spf packages
+- move milter apps to /usr/lib/pymilter
+
+* Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
+- SPF moved to pyspf RPM
+
+* Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
+- Support CBV timeout

pymilter.spec

@@ -0,0 +1,191 @@
+%define __python python2
+%if 0%{?rhel} == 6
+%define pythonbase python
+%else
+%define pythonbase python2
+%endif
+
+%define libdir %{_libdir}/pymilter
+%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
+
+Summary: Python interface to sendmail milter API
+Name: %{pythonbase}-pymilter
+Version: 1.0.1
+Release: 1%{dist}
+Source: https://github.com/sdgathman/pymilter/archive/pymilter-%{version}.tar.gz
+Source1: pymilter.te
+# Patch miltermodule to python3
+# FIXME: replace with reverse patch at some point (make py3 the default)
+Patch: milter.patch
+License: GPLv2+
+Group: Development/Libraries
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+Url: http://www.bmsi.com/python/milter.html
+# python-2.6.4 gets RuntimeError: not holding the import lock
+Requires: %{pythonbase} >= 2.6.5, sendmail-milter >= 8.13
+%if 0%{?fedora} >= 23
+# Need python2.6 specific pydns, not the version for system python
+Recommends: %{pythonbase}-pydns
+%endif
+# Needed for callbacks, not a core function but highly useful for milters
+BuildRequires: ed, %{pythonbase}-devel, sendmail-devel >= 8.13
+
+%description
+This is a python extension module to enable python scripts to
+attach to sendmail's libmilter functionality.  Additional python
+modules provide for navigating and modifying MIME parts, sending
+DSNs, and doing CBV.
+
+%package selinux
+Summary: SELinux policy module for pymilter
+Group: System Environment/Base
+Requires: policycoreutils, selinux-policy, %{name}
+BuildRequires: policycoreutils, checkpolicy
+%if 0%{?epel} >= 6
+BuildRequires: policycoreutils-python
+%else
+BuildRequires: policycoreutils-python-utils
+%endif
+
+%description selinux
+SELinux policy module for using pymilter with sendmail with selinux enforcing
+
+%prep
+%setup -q -n pymilter-%{version}
+cp %{SOURCE1} pymilter.te
+
+%build
+env CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build
+checkmodule -m -M -o pymilter.mod pymilter.te
+semodule_package -o pymilter.pp -m pymilter.mod
+
+%install
+rm -rf $RPM_BUILD_ROOT
+%{__python} setup.py install --root=$RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/run/milter
+mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/milter
+mkdir -p $RPM_BUILD_ROOT%{libdir}
+
+# install selinux modules
+mkdir -p %{buildroot}%{_datadir}/selinux/targeted
+cp -p pymilter.pp %{buildroot}%{_datadir}/selinux/targeted
+
+%files
+%defattr(-,root,root,-)
+%doc README ChangeLog NEWS TODO CREDITS sample.py milter-template.py
+%{python_sitearch}/*
+%{libdir}
+%dir %attr(0755,mail,mail) %{_localstatedir}/run/milter
+%dir %attr(0755,mail,mail) %{_localstatedir}/log/milter
+
+%files selinux
+%doc pymilter.te
+%{_datadir}/selinux/targeted/*
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post selinux
+/usr/sbin/semodule -s targeted -i %{_datadir}/selinux/targeted/pymilter.pp \
+	&>/dev/null || :
+
+%postun selinux
+if [ $1 -eq 0 ] ; then
+/usr/sbin/semodule -s targeted -r pymilter &> /dev/null || :
+fi
+
+%changelog
+* Tue Sep 20 2016 Stuart Gathman <stuart@gathman.org> 1.0.1-1
+- Support python3
+
+* Sat Mar  1 2014 Stuart Gathman <stuart@gathman.org> 1.0-2
+- Remove start.sh to track EPEL repository, suggest daemonize as replacement
+- Selinux subpackage should not care about pymilter version
+
+* Wed Jun 26 2013 Stuart Gathman <stuart@gathman.org> 1.0-1
+- Allow ACCEPT as untrapped exception policy
+- Optional dir for getaddrset and getaddrdict in Milter.config
+- Show registered milter name in untrapped exception message.
+- Include selinux subpackage
+- Provide Milter.greylist export and Milter.greylist import to migrate data
+
+* Sat Mar  9 2013 Stuart Gathman <stuart@bmsi.com> 0.9.8-1
+- Add Milter.test module for unit testing milters.
+- Fix typo that prevented setsymlist from being active.
+- Change untrapped exception message to:
+- "pymilter: untrapped exception in milter app"
+
+* Thu Apr 12 2012 Stuart Gathman <stuart@bmsi.com> 0.9.7-1
+- Raise RuntimeError when result != CONTINUE for @noreply and @nocallback
+- Remove redundant table in miltermodule
+- Fix CNAME chain duplicating TXT records in Milter.dns (from pyspf).
+
+* Sat Feb 25 2012 Stuart Gathman <stuart@bmsi.com> 0.9.6-1
+- Raise ValueError on unescaped '%' passed to setreply
+- Grace time at end of Greylist window
+
+* Fri Aug 19 2011 Stuart Gathman <stuart@bmsi.com> 0.9.5-1
+- Print milter.error for invalid callback return type.
+  (Since stacktrace is empty, the TypeError exception is confusing.)
+- Fix milter-template.py
+- Tweak Milter.utils.addr2bin and Milter.dynip to handle IP6
+
+* Tue Mar 02 2010 Stuart Gathman <stuart@bmsi.com> 0.9.4-1
+- Handle IP6 in Milter.utils.iniplist()
+- python-2.6
+
+* Thu Jul 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.3-1
+- Handle source route in Milter.utils.parse_addr()
+- Fix default arg in chgfrom.
+- Disable negotiate callback for libmilter < 8.14.3 (1,0,1)
+
+* Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-3
+- Change result of @noreply callbacks to NOREPLY when so negotiated.
+
+* Tue Jun 02 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-2
+- Cache callback negotiation
+
+* Thu May 28 2009 Stuart Gathman <stuart@bmsi.com> 0.9.2-1
+- Add new callback support: data,negotiate,unknown
+- Auto-negotiate protocol steps 
+
+* Thu Feb 05 2009 Stuart Gathman <stuart@bmsi.com> 0.9.1-1
+- Fix missing address of optional param to addrcpt
+
+* Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-4
+- Stop using INSTALLED_FILES to make Fedora happy
+- Remove config flag from start.sh glue
+- Own /var/log/milter
+- Use _localstatedir
+
+* Wed Jan 07 2009 Stuart Gathman <stuart@bmsi.com> 0.9.0-2
+- Changes to meet Fedora standards
+
+* Mon Nov 24 2008 Stuart Gathman <stuart@bmsi.com> 0.9.0-1
+- Split pymilter into its own CVS module
+- Support chgfrom and addrcpt_par
+- Support NS records in Milter.dns
+
+* Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-2
+- /var/run/milter directory must be owned by mail
+
+* Mon Aug 25 2008 Stuart Gathman <stuart@bmsi.com> 0.8.10-1
+- improved parsing into email and fullname (still 2 self test failures)
+- implement no-DSN CBV, reduce full DSNs
+
+* Mon Sep 24 2007 Stuart Gathman <stuart@bmsi.com> 0.8.9-1
+- Use ifarch hack to build milter and milter-spf packages as noarch
+- Remove spf dependency from dsn.py, add dns.py
+
+* Fri Jan 05 2007 Stuart Gathman <stuart@bmsi.com> 0.8.8-1
+- move AddrCache, parse_addr, iniplist to Milter package
+- move parse_header to Milter.utils
+- fix plock for missing source and can't change owner/group
+- split out pymilter and pymilter-spf packages
+- move milter apps to /usr/lib/pymilter
+
+* Sat Nov 04 2006 Stuart Gathman <stuart@bmsi.com> 0.8.7-1
+- SPF moved to pyspf RPM
+
+* Tue May 23 2006 Stuart Gathman <stuart@bmsi.com> 0.8.6-2
+- Support CBV timeout

pymilter.te

@@ -0,0 +1,13 @@
+module pymilter 1.0;
+
+require {
+	type sendmail_t;
+	type var_run_t;
+	type initrc_t;
+	class sock_file { write getattr };
+	class unix_stream_socket connectto;
+}
+
+#============= sendmail_t ==============
+allow sendmail_t initrc_t:unix_stream_socket connectto;
+allow sendmail_t var_run_t:sock_file { write getattr };

sample.py

@@ -0,0 +1,182 @@
+from __future__ import print_function
+# A simple milter.
+
+# Author: Stuart D. Gathman <stuart@bmsi.com>
+# Copyright 2001 Business Management Systems, Inc.
+# This code is under GPL.  See COPYING for details.
+
+import sys
+import os
+try:
+  from io import BytesIO
+except:
+  from StringIO import StringIO as BytesIO
+import mime
+import Milter
+import tempfile
+from time import strftime
+#import syslog
+
+#syslog.openlog('milter')
+
+class sampleMilter(Milter.Milter):
+  "Milter to replace attachments poisonous to Windows with a WARNING message."
+
+  def log(self,*msg):
+    print("%s [%d]" % (strftime('%Y%b%d %H:%M:%S'),self.id),end=None)
+    for i in msg: print(i,end=None)
+    print()
+
+  def __init__(self):
+    self.tempname = None
+    self.mailfrom = None
+    self.fp = None
+    self.bodysize = 0
+    self.id = Milter.uniqueID()
+
+  # multiple messages can be received on a single connection
+  # envfrom (MAIL FROM in the SMTP protocol) seems to mark the start
+  # of each message.
+  @Milter.noreply
+  def envfrom(self,f,*str):
+    "start of MAIL transaction"
+    self.log("mail from",f,str)
+    self.fp = BytesIO()
+    self.tempname = None
+    self.mailfrom = f
+    self.bodysize = 0
+    return Milter.CONTINUE
+
+  def envrcpt(self,to,*str):
+    # mail to MAILER-DAEMON is generally spam that bounced
+    if to.startswith('<MAILER-DAEMON@'):
+      self.log('DISCARD: RCPT TO:',to,str)
+      return Milter.DISCARD
+    self.log("rcpt to",to,str)
+    return Milter.CONTINUE
+
+  def header(self,name,val):
+    lname = name.lower()
+    if lname == 'subject':
+
+      # even if we wanted the Taiwanese spam, we can't read Chinese
+      # (delete if you read chinese mail)
+      if val.startswith('=?big5') or val.startswith('=?ISO-2022-JP'):
+        self.log('REJECT: %s: %s' % (name,val))
+	#self.setreply('550','','Go away spammer')
+        return Milter.REJECT
+
+      # check for common spam keywords
+      if val.find("$$$") >= 0 or val.find("XXX") >= 0	\
+	or val.find("!!!") >= 0 or val.find("FREE") >= 0:
+        self.log('REJECT: %s: %s' % (name,val))
+	#self.setreply('550','','Go away spammer')
+        return Milter.REJECT
+
+      # check for spam that pretends to be legal
+      lval = val.lower()
+      if lval.startswith("adv:") or lval.startswith("adv.") \
+	or lval.find('viagra') >= 0:
+        self.log('REJECT: %s: %s' % (name,val))
+        return Milter.REJECT
+
+    # check for invalid message id
+    if lname == 'message-id' and len(val) < 4:
+      self.log('REJECT: %s: %s' % (name,val))
+      #self.setreply('550','','Go away spammer')
+      return Milter.REJECT
+
+    # check for common bulk mailers
+    if lname == 'x-mailer' and \
+	val.lower() in ('direct email','calypso','mail bomber'):
+      self.log('REJECT: %s: %s' % (name,val))
+      #self.setreply('550','','Go away spammer')
+      return Milter.REJECT
+
+    # log selected headers
+    if lname in ('subject','x-mailer'):
+      self.log('%s: %s' % (name,val))
+    if self.fp:
+      self.fp.write(("%s: %s\n" % (name,val)).encode())	# add header to buffer
+    return Milter.CONTINUE
+
+  def eoh(self):
+    if not self.fp: return Milter.TEMPFAIL	# not seen by envfrom
+    self.fp.write(b'\n')
+    self.fp.seek(0)
+    # copy headers to a temp file for scanning the body
+    headers = self.fp.getvalue()
+    self.fp.close()
+    self.tempname = fname = tempfile.mktemp(".defang")
+    self.fp = open(fname,"w+b")
+    self.fp.write(headers)	# IOError (e.g. disk full) causes TEMPFAIL
+    return Milter.CONTINUE
+
+  def body(self,chunk):		# copy body to temp file
+    if self.fp:
+      self.fp.write(chunk)	# IOError causes TEMPFAIL in milter
+      self.bodysize += len(chunk)
+    return Milter.CONTINUE
+
+  def _headerChange(self,msg,name,value):
+    if value:	# add header
+      self.addheader(name,value)
+    else:	# delete all headers with name
+      h = msg.getheaders(name)
+      cnt = len(h)
+      for i in range(cnt,0,-1):
+        self.chgheader(name,i-1,'')
+
+  def eom(self):
+    if not self.fp: return Milter.ACCEPT
+    self.fp.seek(0)
+    msg = mime.message_from_file(self.fp)
+    msg.headerchange = self._headerChange
+    if not mime.defang(msg,self.tempname):
+      os.remove(self.tempname)
+      self.tempname = None	# prevent re-removal
+      self.log("eom")
+      return Milter.ACCEPT	# no suspicious attachments
+    self.log("Temp file:",self.tempname)
+    self.tempname = None	# prevent removal of original message copy
+    # copy defanged message to a temp file 
+    with tempfile.TemporaryFile() as out:
+      msg.dump(out)
+      out.seek(0)
+      msg = mime.message_from_file(out)
+      fp = BytesIO(msg.as_bytes().split(b'\n\n',1)[1])
+      while 1:
+        buf = fp.read(8192)
+        if len(buf) == 0: break
+        self.replacebody(buf)	# feed modified message to sendmail
+      return Milter.ACCEPT	# ACCEPT modified message
+    return Milter.TEMPFAIL
+
+  def close(self):
+    sys.stdout.flush()		# make log messages visible
+    if self.tempname:
+      os.remove(self.tempname)	# remove in case session aborted
+    if self.fp:
+      self.fp.close()
+    return Milter.CONTINUE
+
+  def abort(self):
+    self.log("abort after %d body chars" % self.bodysize)
+    return Milter.CONTINUE
+
+if __name__ == "__main__":
+  #tempfile.tempdir = "/var/log/milter"
+  #socketname = "/var/log/milter/pythonsock"
+  socketname = os.getenv("HOME") + "/pythonsock"
+  Milter.factory = sampleMilter
+  Milter.set_flags(Milter.CHGBODY + Milter.CHGHDRS + Milter.ADDHDRS)
+  print("""To use this with sendmail, add the following to sendmail.cf:
+
+O InputMailFilters=pythonfilter
+Xpythonfilter,        S=local:%s
+
+See the sendmail README for libmilter.
+sample  milter startup""" % socketname)
+  sys.stdout.flush()
+  Milter.runmilter("pythonfilter",socketname,240)
+  print("sample milter shutdown")

setup.cfg

@@ -0,0 +1,5 @@
+[bdist_rpm]
+python=python3
+doc_files=README NEWS TODO COPYING CREDITS
+packager=Stuart D. Gathman <stuart@gathman.org>
+release=1

setup.py

@@ -0,0 +1,56 @@
+import os
+import sys
+from distutils.core import setup, Extension
+
+if sys.version < '2.6.5':
+  sys.exit('ERROR: Sorry, python 2.6.5 is required for this module.')
+
+# FIXME: on some versions of sendmail, smutil is renamed to sm.
+# On slackware and debian, leave it out entirely.  It depends
+# on how libmilter was built by the sendmail package.
+#libs = ["milter", "smutil"]
+libs = ["milter"]
+libdirs = ["/usr/lib/libmilter"]    # needed for Debian
+modules = ["mime"]
+if sys.version >= '3':
+  modules.append("sgmllib")
+  print("modules=",modules)
+
+# NOTE: importing Milter to obtain version fails when milter.so not built
+setup(name = "pymilter", version = '1.0.1',
+	description="Python interface to sendmail milter API",
+	long_description="""\
+This is a python extension module to enable python scripts to
+attach to sendmail's libmilter functionality.  Additional python
+modules provide for navigating and modifying MIME parts, and
+sending DSNs or doing CBVs.
+""",
+	author="Jim Niemira",
+	author_email="urmane@urmane.org",
+	maintainer="Stuart D. Gathman",
+	maintainer_email="stuart@bmsi.com",
+	license="GPL",
+	url="http://www.bmsi.com/python/milter.html",
+	py_modules=modules,
+	packages = ['Milter'],
+	ext_modules=[
+	  Extension("milter", ["miltermodule.c"],
+            library_dirs=libdirs,
+	    libraries=libs,
+	    # set MAX_ML_REPLY to 1 for sendmail < 8.13
+	    define_macros = [ ('MAX_ML_REPLY',32) ]
+	  ),
+	],
+	keywords = ['sendmail','milter'],
+	classifiers = [
+	  'Development Status :: 5 - Production/Stable',
+	  'Environment :: No Input/Output (Daemon)',
+	  'Intended Audience :: System Administrators',
+	  'License :: OSI Approved :: GNU General Public License (GPL)',
+	  'Natural Language :: English',
+	  'Operating System :: POSIX',
+	  'Programming Language :: Python',
+	  'Topic :: Communications :: Email :: Mail Transport Agents',
+	  'Topic :: Communications :: Email :: Filters'
+	]
+)

sgmllib.py

@@ -0,0 +1,553 @@
+
+"""A parser for SGML, using the derived class as a static DTD."""
+
+# XXX This only supports those SGML features used by HTML.
+
+# XXX There should be a way to distinguish between PCDATA (parsed
+# character data -- the normal case), RCDATA (replaceable character
+# data -- only char and entity references and end tags are special)
+# and CDATA (character data -- only end tags are special).  RCDATA is
+# not supported at all.
+
+from __future__ import print_function
+
+try:
+  import _markupbase
+except:
+  import markupbase as _markupbase
+import re
+
+__all__ = ["SGMLParser", "SGMLParseError"]
+
+# Regular expressions used for parsing
+
+interesting = re.compile('[&<]')
+incomplete = re.compile('&([a-zA-Z][a-zA-Z0-9]*|#[0-9]*)?|'
+                           '<([a-zA-Z][^<>]*|'
+                              '/([a-zA-Z][^<>]*)?|'
+                              '![^<>]*)?')
+
+entityref = re.compile('&([a-zA-Z][-.a-zA-Z0-9]*)[^a-zA-Z0-9]')
+charref = re.compile('&#([0-9]+)[^0-9]')
+
+starttagopen = re.compile('<[>a-zA-Z]')
+shorttagopen = re.compile('<[a-zA-Z][-.a-zA-Z0-9]*/')
+shorttag = re.compile('<([a-zA-Z][-.a-zA-Z0-9]*)/([^/]*)/')
+piclose = re.compile('>')
+endbracket = re.compile('[<>]')
+tagfind = re.compile('[a-zA-Z][-_.a-zA-Z0-9]*')
+attrfind = re.compile(
+    r'\s*([a-zA-Z_][-:.a-zA-Z_0-9]*)(\s*=\s*'
+    r'(\'[^\']*\'|"[^"]*"|[][\-a-zA-Z0-9./,:;+*%?!&$\(\)_#=~\'"@]*))?')
+
+
+class SGMLParseError(RuntimeError):
+    """Exception raised for all parse errors."""
+    pass
+
+
+# SGML parser base class -- find tags and call handler functions.
+# Usage: p = SGMLParser(); p.feed(data); ...; p.close().
+# The dtd is defined by deriving a class which defines methods
+# with special names to handle tags: start_foo and end_foo to handle
+# <foo> and </foo>, respectively, or do_foo to handle <foo> by itself.
+# (Tags are converted to lower case for this purpose.)  The data
+# between tags is passed to the parser by calling self.handle_data()
+# with some data as argument (the data may be split up in arbitrary
+# chunks).  Entity references are passed by calling
+# self.handle_entityref() with the entity reference as argument.
+
+class SGMLParser(_markupbase.ParserBase):
+    # Definition of entities -- derived classes may override
+    entity_or_charref = re.compile('&(?:'
+      '([a-zA-Z][-.a-zA-Z0-9]*)|#([0-9]+)'
+      ')(;?)')
+
+    def __init__(self, verbose=0):
+        """Initialize and reset this instance."""
+        self.verbose = verbose
+        self.reset()
+
+    def reset(self):
+        """Reset this instance. Loses all unprocessed data."""
+        self.__starttag_text = None
+        self.rawdata = ''
+        self.stack = []
+        self.lasttag = '???'
+        self.nomoretags = 0
+        self.literal = 0
+        _markupbase.ParserBase.reset(self)
+
+    def setnomoretags(self):
+        """Enter literal mode (CDATA) till EOF.
+
+        Intended for derived classes only.
+        """
+        self.nomoretags = self.literal = 1
+
+    def setliteral(self, *args):
+        """Enter literal mode (CDATA).
+
+        Intended for derived classes only.
+        """
+        self.literal = 1
+
+    def feed(self, data):
+        """Feed some data to the parser.
+
+        Call this as often as you want, with as little or as much text
+        as you want (may include '\n').  (This just saves the text,
+        all the processing is done by goahead().)
+        """
+
+        self.rawdata = self.rawdata + data
+        self.goahead(0)
+
+    def close(self):
+        """Handle the remaining data."""
+        self.goahead(1)
+
+    def error(self, message):
+        raise SGMLParseError(message)
+
+    # Internal -- handle data as far as reasonable.  May leave state
+    # and data to be processed by a subsequent call.  If 'end' is
+    # true, force handling all data as if followed by EOF marker.
+    def goahead(self, end):
+        rawdata = self.rawdata
+        i = 0
+        n = len(rawdata)
+        while i < n:
+            if self.nomoretags:
+                self.handle_data(rawdata[i:n])
+                i = n
+                break
+            match = interesting.search(rawdata, i)
+            if match: j = match.start()
+            else: j = n
+            if i < j:
+                self.handle_data(rawdata[i:j])
+            i = j
+            if i == n: break
+            if rawdata[i] == '<':
+                if starttagopen.match(rawdata, i):
+                    if self.literal:
+                        self.handle_data(rawdata[i])
+                        i = i+1
+                        continue
+                    k = self.parse_starttag(i)
+                    if k < 0: break
+                    i = k
+                    continue
+                if rawdata.startswith("</", i):
+                    k = self.parse_endtag(i)
+                    if k < 0: break
+                    i = k
+                    self.literal = 0
+                    continue
+                if self.literal:
+                    if n > (i + 1):
+                        self.handle_data("<")
+                        i = i+1
+                    else:
+                        # incomplete
+                        break
+                    continue
+                if rawdata.startswith("<!--", i):
+                        # Strictly speaking, a comment is --.*--
+                        # within a declaration tag <!...>.
+                        # This should be removed,
+                        # and comments handled only in parse_declaration.
+                    k = self.parse_comment(i)
+                    if k < 0: break
+                    i = k
+                    continue
+                if rawdata.startswith("<?", i):
+                    k = self.parse_pi(i)
+                    if k < 0: break
+                    i = i+k
+                    continue
+                if rawdata.startswith("<!", i):
+                    # This is some sort of declaration; in "HTML as
+                    # deployed," this should only be the document type
+                    # declaration ("<!DOCTYPE html...>").
+                    k = self.parse_declaration(i)
+                    if k < 0: break
+                    i = k
+                    continue
+            elif rawdata[i] == '&':
+                if self.literal:
+                    self.handle_data(rawdata[i])
+                    i = i+1
+                    continue
+                match = charref.match(rawdata, i)
+                if match:
+                    name = match.group(1)
+                    self.handle_charref(name)
+                    i = match.end(0)
+                    if rawdata[i-1] != ';': i = i-1
+                    continue
+                match = entityref.match(rawdata, i)
+                if match:
+                    name = match.group(1)
+                    self.handle_entityref(name)
+                    i = match.end(0)
+                    if rawdata[i-1] != ';': i = i-1
+                    continue
+            else:
+                self.error('neither < nor & ??')
+            # We get here only if incomplete matches but
+            # nothing else
+            match = incomplete.match(rawdata, i)
+            if not match:
+                self.handle_data(rawdata[i])
+                i = i+1
+                continue
+            j = match.end(0)
+            if j == n:
+                break # Really incomplete
+            self.handle_data(rawdata[i:j])
+            i = j
+        # end while
+        if end and i < n:
+            self.handle_data(rawdata[i:n])
+            i = n
+        self.rawdata = rawdata[i:]
+        # XXX if end: check for empty stack
+
+    # Extensions for the DOCTYPE scanner:
+    _decl_otherchars = '='
+
+    # Internal -- parse processing instr, return length or -1 if not terminated
+    def parse_pi(self, i):
+        rawdata = self.rawdata
+        if rawdata[i:i+2] != '<?':
+            self.error('unexpected call to parse_pi()')
+        match = piclose.search(rawdata, i+2)
+        if not match:
+            return -1
+        j = match.start(0)
+        self.handle_pi(rawdata[i+2: j])
+        j = match.end(0)
+        return j-i
+
+    def get_starttag_text(self):
+        return self.__starttag_text
+
+    # Internal -- handle starttag, return length or -1 if not terminated
+    def parse_starttag(self, i):
+        self.__starttag_text = None
+        start_pos = i
+        rawdata = self.rawdata
+        if shorttagopen.match(rawdata, i):
+            # SGML shorthand: <tag/data/ == <tag>data</tag>
+            # XXX Can data contain &... (entity or char refs)?
+            # XXX Can data contain < or > (tag characters)?
+            # XXX Can there be whitespace before the first /?
+            match = shorttag.match(rawdata, i)
+            if not match:
+                return -1
+            tag, data = match.group(1, 2)
+            self.__starttag_text = '<%s/' % tag
+            tag = tag.lower()
+            k = match.end(0)
+            self.finish_shorttag(tag, data)
+            self.__starttag_text = rawdata[start_pos:match.end(1) + 1]
+            return k
+        # XXX The following should skip matching quotes (' or ")
+        # As a shortcut way to exit, this isn't so bad, but shouldn't
+        # be used to locate the actual end of the start tag since the
+        # < or > characters may be embedded in an attribute value.
+        match = endbracket.search(rawdata, i+1)
+        if not match:
+            return -1
+        j = match.start(0)
+        # Now parse the data between i+1 and j into a tag and attrs
+        attrs = []
+        if rawdata[i:i+2] == '<>':
+            # SGML shorthand: <> == <last open tag seen>
+            k = j
+            tag = self.lasttag
+        else:
+            match = tagfind.match(rawdata, i+1)
+            if not match:
+                self.error('unexpected call to parse_starttag')
+            k = match.end(0)
+            tag = rawdata[i+1:k].lower()
+            self.lasttag = tag
+        while k < j:
+            match = attrfind.match(rawdata, k)
+            if not match: break
+            attrname, rest, attrvalue = match.group(1, 2, 3)
+            if not rest:
+                attrvalue = attrname
+            else:
+                if (attrvalue[:1] == "'" == attrvalue[-1:] or
+                    attrvalue[:1] == '"' == attrvalue[-1:]):
+                    # strip quotes
+                    attrvalue = attrvalue[1:-1]
+                attrvalue = self.entity_or_charref.sub(
+                    self._convert_ref, attrvalue)
+            attrs.append((attrname.lower(), attrvalue))
+            k = match.end(0)
+        if rawdata[j] == '>':
+            j = j+1
+        self.__starttag_text = rawdata[start_pos:j]
+        self.finish_starttag(tag, attrs)
+        return j
+
+    # Internal -- convert entity or character reference
+    def _convert_ref(self, match):
+        if match.group(2):
+            return self.convert_charref(match.group(2)) or \
+                '&#%s%s' % match.groups()[1:]
+        elif match.group(3):
+            return self.convert_entityref(match.group(1)) or \
+                '&%s;' % match.group(1)
+        else:
+            return '&%s' % match.group(1)
+
+    # Internal -- parse endtag
+    def parse_endtag(self, i):
+        rawdata = self.rawdata
+        match = endbracket.search(rawdata, i+1)
+        if not match:
+            return -1
+        j = match.start(0)
+        tag = rawdata[i+2:j].strip().lower()
+        if rawdata[j] == '>':
+            j = j+1
+        self.finish_endtag(tag)
+        return j
+
+    # Internal -- finish parsing of <tag/data/ (same as <tag>data</tag>)
+    def finish_shorttag(self, tag, data):
+        self.finish_starttag(tag, [])
+        self.handle_data(data)
+        self.finish_endtag(tag)
+
+    # Internal -- finish processing of start tag
+    # Return -1 for unknown tag, 0 for open-only tag, 1 for balanced tag
+    def finish_starttag(self, tag, attrs):
+        try:
+            method = getattr(self, 'start_' + tag)
+        except AttributeError:
+            try:
+                method = getattr(self, 'do_' + tag)
+            except AttributeError:
+                self.unknown_starttag(tag, attrs)
+                return -1
+            else:
+                self.handle_starttag(tag, method, attrs)
+                return 0
+        else:
+            self.stack.append(tag)
+            self.handle_starttag(tag, method, attrs)
+            return 1
+
+    # Internal -- finish processing of end tag
+    def finish_endtag(self, tag):
+        if not tag:
+            found = len(self.stack) - 1
+            if found < 0:
+                self.unknown_endtag(tag)
+                return
+        else:
+            if tag not in self.stack:
+                try:
+                    method = getattr(self, 'end_' + tag)
+                except AttributeError:
+                    self.unknown_endtag(tag)
+                else:
+                    self.report_unbalanced(tag)
+                return
+            found = len(self.stack)
+            for i in range(found):
+                if self.stack[i] == tag: found = i
+        while len(self.stack) > found:
+            tag = self.stack[-1]
+            try:
+                method = getattr(self, 'end_' + tag)
+            except AttributeError:
+                method = None
+            if method:
+                self.handle_endtag(tag, method)
+            else:
+                self.unknown_endtag(tag)
+            del self.stack[-1]
+
+    # Overridable -- handle start tag
+    def handle_starttag(self, tag, method, attrs):
+        method(attrs)
+
+    # Overridable -- handle end tag
+    def handle_endtag(self, tag, method):
+        method()
+
+    # Example -- report an unbalanced </...> tag.
+    def report_unbalanced(self, tag):
+        if self.verbose:
+            print('*** Unbalanced </' + tag + '>')
+            print('*** Stack:', self.stack)
+
+    def convert_charref(self, name):
+        """Convert character reference, may be overridden."""
+        try:
+            n = int(name)
+        except ValueError:
+            return
+        if not 0 <= n <= 127:
+            return
+        return self.convert_codepoint(n)
+
+    def convert_codepoint(self, codepoint):
+        return chr(codepoint)
+
+    def handle_charref(self, name):
+        """Handle character reference, no need to override."""
+        replacement = self.convert_charref(name)
+        if replacement is None:
+            self.unknown_charref(name)
+        else:
+            self.handle_data(replacement)
+
+    # Definition of entities -- derived classes may override
+    entitydefs = \
+            {'lt': '<', 'gt': '>', 'amp': '&', 'quot': '"', 'apos': '\''}
+
+    def convert_entityref(self, name):
+        """Convert entity references.
+
+        As an alternative to overriding this method; one can tailor the
+        results by setting up the self.entitydefs mapping appropriately.
+        """
+        table = self.entitydefs
+        if name in table:
+            return table[name]
+        else:
+            return
+
+    def handle_entityref(self, name):
+        """Handle entity references, no need to override."""
+        replacement = self.convert_entityref(name)
+        if replacement is None:
+            self.unknown_entityref(name)
+        else:
+            self.handle_data(replacement)
+
+    # Example -- handle data, should be overridden
+    def handle_data(self, data):
+        pass
+
+    # Example -- handle comment, could be overridden
+    def handle_comment(self, data):
+        pass
+
+    # Example -- handle declaration, could be overridden
+    def handle_decl(self, decl):
+        pass
+
+    # Example -- handle processing instruction, could be overridden
+    def handle_pi(self, data):
+        pass
+
+    # To be overridden -- handlers for unknown objects
+    def unknown_starttag(self, tag, attrs): pass
+    def unknown_endtag(self, tag): pass
+    def unknown_charref(self, ref): pass
+    def unknown_entityref(self, ref): pass
+
+
+class TestSGMLParser(SGMLParser):
+
+    def __init__(self, verbose=0):
+        self.testdata = ""
+        SGMLParser.__init__(self, verbose)
+
+    def handle_data(self, data):
+        self.testdata = self.testdata + data
+        if len(repr(self.testdata)) >= 70:
+            self.flush()
+
+    def flush(self):
+        data = self.testdata
+        if data:
+            self.testdata = ""
+            print('data:', repr(data))
+
+    def handle_comment(self, data):
+        self.flush()
+        r = repr(data)
+        if len(r) > 68:
+            r = r[:32] + '...' + r[-32:]
+        print('comment:', r)
+
+    def unknown_starttag(self, tag, attrs):
+        self.flush()
+        if not attrs:
+            print('start tag: <' + tag + '>')
+        else:
+            print('start tag: <' + tag, end=' ')
+            for name, value in attrs:
+                print(name + '=' + '"' + value + '"', end=' ')
+            print('>')
+
+    def unknown_endtag(self, tag):
+        self.flush()
+        print('end tag: </' + tag + '>')
+
+    def unknown_entityref(self, ref):
+        self.flush()
+        print('*** unknown entity ref: &' + ref + ';')
+
+    def unknown_charref(self, ref):
+        self.flush()
+        print('*** unknown char ref: &#' + ref + ';')
+
+    def unknown_decl(self, data):
+        self.flush()
+        print('*** unknown decl: [' + data + ']')
+
+    def close(self):
+        SGMLParser.close(self)
+        self.flush()
+
+
+def test(args = None):
+    import sys
+
+    if args is None:
+        args = sys.argv[1:]
+
+    if args and args[0] == '-s':
+        args = args[1:]
+        klass = SGMLParser
+    else:
+        klass = TestSGMLParser
+
+    if args:
+        file = args[0]
+    else:
+        file = 'test.html'
+
+    if file == '-':
+        f = sys.stdin
+    else:
+        try:
+            f = open(file, 'r')
+        except IOError as msg:
+            print(file, ":", msg)
+            sys.exit(1)
+
+    data = f.read()
+    if f is not sys.stdin:
+        f.close()
+
+    x = klass()
+    for c in data:
+        x.feed(c)
+    x.close()
+
+
+if __name__ == '__main__':
+    test()

start.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+appname="$1"
+script="${2:-${appname}}"
+datadir="/var/lib/milter"
+logdir="/var/log/milter"
+piddir="/var/run/milter"
+libdir="/usr/lib/pymilter"
+python="python2.4"
+exec >>${logdir}/${appname}.log 2>&1
+if test -s ${datadir}/${script}.py; then
+  cd ${datadir} # use version in data dir if it exists for debugging
+elif test -s ${logdir}/${script}.py; then
+  cd ${logdir} # use version in log dir if it exists for debugging
+else
+  cd ${libdir}
+fi
+
+${python} ${script}.py &
+echo $! >${piddir}/${appname}.pid

test.py

@@ -0,0 +1,19 @@
+import unittest
+import testmime
+import testsample
+import testutils
+import testgrey
+import os
+
+def suite(): 
+  s = unittest.TestSuite()
+  s.addTest(testmime.suite())
+  s.addTest(testsample.suite())
+  s.addTest(testutils.suite())
+  s.addTest(testgrey.suite())
+  return s
+
+if __name__ == '__main__':
+  try: os.remove('test/milter.log')
+  except: pass
+  unittest.TextTestRunner().run(suite())

test/big5

@@ -0,0 +1,44 @@
+Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
+	by bmsaix.bmsi.com (8.12.1/8.12.1) with ESMTP id g218JVhw028058
+	for <stuart@bmsi.com>; Fri, 1 Mar 2002 03:19:31 -0500
+Received: from apol ([210.201.89.183])
+	by www.bmsi.com (8.12.1/8.12.1) with SMTP id g218JQkY030600
+	for <stuart@bmsi.com>; Fri, 1 Mar 2002 03:19:27 -0500
+Date: Fri, 1 Mar 2002 03:19:26 -0500
+Received: from tcts1
+	by yahoo.com with SMTP id KAqmIGSKwGQHv6LYDEOUUS;
+	Fri, 01 Mar 2002 16:18:13 +0800
+Message-ID: <VPvce@seed.net.tw>
+From: 大中華國際留學教育中心@www.bmsi.com
+To: 
+Subject: 8PxZzvJbH8VtozQ3rC01SOwm =?big5?Q?=A6p=AAG=A7A=B7Q=AFd=BE=C7=AA=BA=B8=DC=A1K?= BwnqwcNylfNuCIM3RG0mCx
+MIME-Version: 1.0
+Content-Type: multipart/related;
+	type="multipart/alternative";
+	boundary="----=_NextPart_kpWBTLcCozjeV8sH5gRbJoOo3aJ"
+X-Mailer: foOkz11rguOMzavzZaDTw
+X-Priority: 3
+X-MSMail-Priority: Normal
+
+This is a multi-part message in MIME format.
+
+------=_NextPart_kpWBTLcCozjeV8sH5gRbJoOo3aJ
+Content-Type: multipart/alternative;
+	boundary="----=_NextPart_kpWBTLcCozjeV8sH5gRbJoOo3aJAA"
+
+
+------=_NextPart_kpWBTLcCozjeV8sH5gRbJoOo3aJAA
+Content-Type: text/html;
+	charset="big5"
+Content-Transfer-Encoding: base64
+
+PGh0bWwgeG1sbnM6dj0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTp2bWwiDQp4bWxuczpvPSJ1
+DQoNCjwvYm9keT4NCg0KPC9odG1sPg==
+
+
+------=_NextPart_kpWBTLcCozjeV8sH5gRbJoOo3aJAA--
+------=_NextPart_kpWBTLcCozjeV8sH5gRbJoOo3aJ--
+
+
+
+

test/bounce

@@ -0,0 +1,86 @@
+Received: from localhost (localhost)
+	by bmsaix.bmsi.com (8.12.9/8.12.6) id h62JqW5p030912;
+	Wed, 2 Jul 2003 15:52:32 -0400
+Date: Wed, 2 Jul 2003 15:52:32 -0400
+From: Mail Delivery Subsystem <MAILER-DAEMON@bmsaix.bmsi.com>
+Message-Id: <200307021952.h62JqW5p030912@bmsaix.bmsi.com>
+To: <annagh000@bellsouth.net>
+MIME-Version: 1.0
+Content-Type: multipart/report; report-type=delivery-status;
+	boundary="h62JqW5p030912.1057175552/bmsaix.bmsi.com"
+Subject: Returned mail: see transcript for details
+Auto-Submitted: auto-generated (failure)
+
+This is a MIME-encapsulated message
+
+--h62JqW5p030912.1057175552/bmsaix.bmsi.com
+
+The original message was received at Fri, 27 Jun 2003 15:28:03 -0400
+from IDENT:ndcHoBWTR9Bf/rEFYJRejRoPTaRDgSCl@bmsweb.bmsi.com [192.168.9.81]
+
+   ----- The following addresses had permanent fatal errors -----
+makurat@erols.com
+    (reason: 452 4.3.0 Filter failure)
+    (expanded from: <makurat@bmsi.com>)
+
+   ----- Transcript of session follows -----
+... while talking to [192.168.9.81]:
+>>> DATA
+<<< 452 4.3.0 Filter failure
+makurat@erols.com... Deferred: 452 4.3.0 Filter failure
+Message could not be delivered for 5 days
+Message will be deleted from queue
+
+--h62JqW5p030912.1057175552/bmsaix.bmsi.com
+Content-Type: message/delivery-status
+
+Reporting-MTA: dns; bmsaix.bmsi.com
+Arrival-Date: Fri, 27 Jun 2003 15:28:03 -0400
+
+Final-Recipient: RFC822; makurat@bmsi.com
+X-Actual-Recipient: RFC822; makurat@erols.com
+Action: failed
+Status: 4.4.7
+Remote-MTA: DNS; [192.168.9.81]
+Diagnostic-Code: SMTP; 452 4.3.0 Filter failure
+Last-Attempt-Date: Wed, 2 Jul 2003 15:52:32 -0400
+
+--h62JqW5p030912.1057175552/bmsaix.bmsi.com
+Content-Type: message/rfc822
+
+Return-Path: <annagh000@bellsouth.net>
+Received: from spidey.bmsi.com (IDENT:ndcHoBWTR9Bf/rEFYJRejRoPTaRDgSCl@bmsweb.bmsi.com [192.168.9.81])
+	by bmsaix.bmsi.com (8.12.9/8.12.6) with ESMTP id h5RJS3Vi042394
+	for <makurat@bmsi.com>; Fri, 27 Jun 2003 15:28:03 -0400
+Received: from sunlong.com ([202.105.130.54])
+	by spidey.bmsi.com (8.11.6/8.11.6) with SMTP id h5RJS2o03547
+	for <makurat@bmsi.com>; Fri, 27 Jun 2003 15:28:02 -0400
+Message-Id: <200306271928.h5RJS2o03547@spidey.bmsi.com>
+Received: from mx06.mail.bellsouth.net([218.104.6.10]) by sunlong.com(JetMail 2.5.3.0)
+	with SMTP id jma73efca64b; Fri, 27 Jun 2003 19:23:44 -0000
+To: <Undisclosed.Recipients@spidey.bmsi.com>
+From: "Stacy McClain" <annagh000@bellsouth.net>
+Subject: Defy Gravity in 15 minutes
+Date: Sat, 28 Jun 2003 03:34:15 -1600
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+	boundary="----=_NextPart_000_646C_00001D33.00000BE1"
+Reply-To: annagh000@bellsouth.net
+X-AntiAbuse: : This header was added to track abuse, please include it with any abuse report
+X-AntiAbuse: Primary Hostname -	210.222.2.13
+X-Originating-Host: : 210.188.201.159
+
+------=_NextPart_000_646C_00001D33.00000BE1
+Content-Type: text/html;
+	charset="iso-8859-1"
+Content-Transfer-Encoding: base64
+
+PGh0bWw+DQoNCjxoZWFkPg0KPHRpdGxlPjwvdGl0bGU+DQo8L2hlYWQ+DQoNCjxib2R5Pg0KDQo8cD4NCjxhIGhyZWY9Imh0dHA6Ly9zcmQueWFob28uY29tL2Ryc3QvNzQxMjQzMjM1LypodHRwOi93d3cuZnJ5YmVlLmNvbS8iPg0KPGltZyBzcmM9Imh0dHA6Ly8yMTAuMTUuNTEuOTUvcGljX3dlbGwvZ3YyLmdpZiIgYm9yZGVyPSIwIiB3aWR0aD0iNDA1IiBoZWlnaHQ9IjI3MCI+PC9hPjwvcD4NCg0KPHA+DQo8YSBocmVmPSJodHRwOi8vc3JkLnlhaG9vLmNvbS9kcnN0Lzc0MTQxNjg4Mjc3NzcvKmh0dHA6L3d3dy5mcnliZWUuY29tL3BhZ2UvYS5odG1sIj4NCjxpbWcgc3JjPSJodHRwOi8vY2xpY2suanVzdGZvcnlvdS1tYWlsLmNvbS9pbWFnZXMvRjEuZ2lmIiB3aWR0aD0iNDEwIiBoZWlnaHQ9IjE0IiBib3JkZXI9IjAiPjwvYT48L3A+DQoNCjxwIGFsaWduPSJsZWZ0Ij4NCiZuYnNwOzwvcD4NCg0KPHAgc3R5bGU9Im1hcmdpbi10b3A6IDA7IG1hcmdpbi1ib3R0b206IDAiPg0KJm5ic3A7PC9wPg0KDQo8cCBzdHlsZT0ibWFyZ2luLXRvcDogMDsgbWFyZ2luLWJvdHRvbTogMCI+DQombmJzcDs8L3A+DQoNCjxwIHN0eWxlPSJtYXJnaW4tdG9wOiAwOyBtYXJnaW4tYm90dG9tOiAwIj4NCiZuYnNwOzwvcD4NCg0KPHAgc3R5bGU9Im1hcmdpbi10b3A6IDA7IG1hcmdpbi1ib3R0b206IDAiPjxmb250IHNpemU9IjEiPnFhd3NteXp0ciBxYXdzYW9lZHRhZ2ZwdiANCnFhd3N5ZmRhb3FqIHFhd3NjaSBxYXdzY!
+212Z3ZrIHFhd3NvaW55d3pkbyBxYXdzbXVxYXdza29jIA0KcWF3c2hobmVkZCBxYXdzZWllbiBxYXdzemlnZ3hucGN2cyBxYXdzd3lkZSBxYXdzeWFwIHFhd3NxamVkeWhxYXdzZmt1bSANCnFhd3NmbSBxYXdzdW11Ym1mYmR3IHFhd3Nkc29ka2xvIHFhd3Nhc2VtayBxYXdzZXdzIHFhd3NxdWRneGVvcWF3c3J6IA0KcWF3c290dSBxYXdzcHplbnJoZW1xYSBxYXdzdXplcmpqcWZxIHFhd3NydWFucyBxYXdzbnBjcGFoZ2pwIHFhd3NxYXdoZHJxYXdzYmFscXNxaiANCnFhd3N5bmggcWF3c2VrIHFhd3N0YmNndGd0IHFhd3N0ZnhzeHd4ICBxYXdzandlcHFhd3NsYmN6ZWRuIHFhd3NzcW1nb3YgDQpxYXdzZ3phdiBxYXdzZ2N2aCBxYXdzd21sYWt1bW5sbiBxYXdzZHpqcW9yeCBxYXdzdGhvbHRmaWxmeHFhd3NpcGJneSANCnFhd3NpbHp5Znd2dnMgIHFhd3NpdmJwdmNiIHFhd3NrZXRpYmtocGRhIHFhd3N6ZmJqYm1yayBxYXdzbWZvZ29ucWF3c2FvIA0KcWF3c21vcXggcWF3c3FkeWVuaCBxYXdzYnMgcWF3c2l5aXBkYWx4IHFhd3N6aXlpbyBxYXdzaWZ6dXFyamltcSANCnFhd3NuayBxYXdza3dhciBxYXdzanNleHNmc2IgcWF3c3RxaWlhY2cgcWF3c2p0YnFobnFlIHFhd3Niam1pcGpxYXdzaHl4anNwbXhuIA0KIHFhd3NqcmJlbnIgcWF3c3p6b3p0ZndydyBxYXdzZ25uaHdjIHFhd3NrdXkgcWF3c3ZwcWF3c25qbmd5eHl1eCBxYXdzd3lvc2EgDQpxYXdzb2lnIHFhd3Nub25rcm5pbWcgcWF3c2NtcGdxemtwcm!
+U8L2ZvbnQ+PC9wPg0KDQo8L2JvZHk+DQoNCjwvaHRtbD48L3RpdGxlPg0K
+
+------=_NextPart_000_646C_00001D33.00000BE1--
+
+
+--h62JqW5p030912.1057175552/bmsaix.bmsi.com--
+

test/bounce1

@@ -0,0 +1,85 @@
+Received: from zuul.kastle.com (root@localhost)
+	by zuul.kastle.com with ESMTP id h7JGdwn27534
+	for <amy@koger.bmsi.com>; Tue, 19 Aug 2003 12:39:58 -0400 (EDT)
+Received: from kastle.com (netgate.kastle.com [172.17.2.8])
+	by zuul.kastle.com with ESMTP id h7JGdwV27530
+	for <amy@koger.bmsi.com>; Tue, 19 Aug 2003 12:39:58 -0400 (EDT)
+Received: by kastle.com
+	with XWall v3.27 ;
+	Tue, 19 Aug 2003 12:45:41 -0400
+From: System Administrator <postmaster@kastle.com>
+To: "amy@koger.bmsi.com" <amy@koger.bmsi.com>
+Subject: Non delivery report: 5.9.5 (Blocked attachment)
+Date: Tue, 19 Aug 2003 12:45:41 -0400
+X-Mailer: XWall v3.27
+Mime-Version: 1.0
+Content-Type: multipart/report; report-type=delivery-status;
+	boundary="_NextPart_1_qmZrHLajoetbkwlTZTViemHPfyb"
+
+This is a multi part message in MIME format.
+
+--_NextPart_1_qmZrHLajoetbkwlTZTViemHPfyb
+Content-Type: text/plain; charset="us-ascii"
+Content-Transfer-Encoding: 7bit
+
+Your message
+
+ From:	amy@koger.bmsi.com
+
+ To:	lwilliams@kastle.com
+
+ Subj:	Thank you!
+ Sent:	2003-08-19 08:51
+
+has encountered a delivery problem.
+
+
+Reason: Blocked attachment
+One of the attachment(s) in the message is blocked.
+For security reasons the message was not or not completely delivered to
+the recipient.
+
+Additional info:
+The blocked attachment is: thank_you.pif
+
+--_NextPart_1_qmZrHLajoetbkwlTZTViemHPfyb
+Content-Type: message/xdelivery-status ; name="delivery-status.txt"
+
+Reporting-MTA: dns; kastle.com
+Received-From-MTA: dns; zuul.kastle.com
+Arrival-Date: Tue, 19 Aug 2003 12:45:41 -0400
+
+Final-Recipient: rfc822; lwilliams@kastle.com
+Action: failed
+Status: 5.9.5
+
+--_NextPart_1_qmZrHLajoetbkwlTZTViemHPfyb
+Content-Type: message/rfc822
+
+Received: from zuul.kastle.com [172.17.2.100]
+	by kastle.com
+	with XWall v3.27 ;
+	Tue, 19 Aug 2003 12:45:41 -0400
+Received: from zuul.kastle.com (root@localhost)
+	by zuul.kastle.com with ESMTP id h7JGduo27526
+	for <lwilliams@kastle.com>; Tue, 19 Aug 2003 12:39:56 -0400 (EDT)
+Received: from 1333AVE2 (wan-vc8f35e.norva3.biz.mindspring.com [216.135.140.174])
+	by zuul.kastle.com with ESMTP id h7JGdqS27522
+	for <lwilliams@kastle.com>; Tue, 19 Aug 2003 12:39:53 -0400 (EDT)
+Message-Id: <200308191639.h7JGdqS27522@zuul.kastle.com>
+From: <amy@koger.bmsi.com>
+To: <lwilliams@kastle.com>
+Subject: Thank you!
+Date: Tue, 19 Aug 2003 12:51:38 --0400
+X-MailScanner: Found to be clean
+Importance: Normal
+X-Mailer: Microsoft Outlook Express 6.00.2600.0000
+X-MSMail-Priority: Normal
+X-Priority: 3 (Normal)
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+	boundary="_NextPart_000_062C48F7"
+
+--_NextPart_1_qmZrHLajoetbkwlTZTViemHPfyb--
+
+

test/bound

@@ -0,0 +1,84 @@
+From dspam Mon Sep 29 16:36:23 2003
+Received: from orcon.net.nz (port-219-88-129-82.orcon.net.nz [219.88.129.82])
+	by spidey.planet.com (8.11.6/8.11.6) with SMTP id h8Q85c414321
+	for <postmaster@bugle.com>; Fri, 26 Sep 2003 04:05:39 -0400
+Date: Fri, 26 Sep 2003 20:05:56 +1200
+From: Mail Delivery Subsystem <MAILER-DAEMON@orcon.net.nz>
+Message-Id: <200309262005.IEI23104@mx1.orcon.net.nz>
+To: <postmaster@bugle.com>
+MIME-Version: 1.0
+Content-Type: multipart/report; report-type=delivery-status;
+ boundary="IEI23104.1064534400/mx1.orcon.net.nz"
+Subject: Returned mail: User unknown
+Auto-Submitted: auto-generated (failure)
+X-DSpam-HeaderScore: 0.007433
+
+This is a MIME-encapsulated message
+
+--IEI23104.1064534400/mx1.orcon.net.nz
+
+The original message was received at Fri, 26 Sep 2003 20:05:56 +1200
+from 
+
+   ----- The following addresses had permanent fatal errors -----
+<mike-liz@orcon.net.nz>
+    (expanded from: <mike-liz@orcon.net.nz>)
+
+   ----- Transcript of session follows -----
+mail.local: unknown name: mike-liz
+550 <mike-liz@orcon.net.nz>... User unknown
+
+--IEI23104.1064534400/mx1.orcon.net.nz
+Content-Type: message/delivery-status
+
+Reporting-MTA: dns; mx1.orcon.net.nz
+Received-From-MTA: DNS; 
+Arrival-Date: Fri, 26 Sep 2003 20:05:56 +1200
+
+Final-Recipient: RFC822; <mike-liz@orcon.net.nz>
+X-Actual-Recipient: RFC822; mike-liz@orcon.net.nz
+Action: failed
+Status: 5.1.1
+Last-Attempt-Date: Fri, 26 Sep 2003 20:05:56 +1200
+
+--IEI23104.1064534400/mx1.orcon.net.nz
+Content-Type: message/rfc822
+
+Return-Path: <MAILER-DAEMON>
+Received: from global_1.bugle.com ([12.4.120.82])
+	by dbmail-mx3.orcon.co.nz (8.12.6/8.12.6/Debian-7) with ESMTP id h8O6CRJ8015038
+	for <mike-liz@orcon.net.nz>; Wed, 24 Sep 2003 18:12:28 +1200
+From: postmaster@bugle.com
+To: mike-liz@orcon.net.nz
+Date: Wed, 24 Sep 2003 02:13:53 -0400
+MIME-Version: 1.0
+Content-Type: multipart/report; report-type=delivery-status;
+	boundary="9B095B5ADSN=_01C3664F7D2C23400000BC00global_1.bugle."
+X-DSNContext: 335a7efd - 4457 - 00000001 - 80040546
+Message-ID: <YkMSnhRpy00001453@global_1.bugle.com>
+Subject: Delivery Status Notification (Failure)
+X-Spam-Score: 3.5 (***) BANG_MONEY,CASHCASHCASH,EXCUSE_10,EXCUSE_14,MAILTO_TO_SPAM_ADDR,NO_REAL_NAME,SENT_IN_COMPLIANCE
+X-Scanned-By: MIMEDefang 2.32 (www . roaringpenguin . com / mimedefang)
+This is a MIME-formatted message.  
+Portions of this message may be unreadable without a MIME-capable mail program.
+
+--9B095B5ADSN=_01C3664F7D2C23400000BC00global_1.bugle.
+Content-Type: text/plain; charset=unicode-1-1-utf-7
+
+This is an automatically generated Delivery Status Notification.
+
+Delivery to the following recipients failed.
+
+       jholt@bugle.com
+
+
+
+
+--9B095B5ADSN=_01C3664F7D2C23400000BC00global_1.bugle.
+Content-Type: message/delivery-status
+
+Reporting-MTA: dns;global_1.bugle.com
+Received-From-MTA: dns;gts.bugle.com
+--IEI23104.1064534400/mx1.orcon.net.nz--
+
+

test/honey

@@ -0,0 +1,36 @@
+From: downs <downs@elit.com>
+To: luv@elit.com
+Subject: Hello,luv,welcome to my hometown
+MIME-Version: 1.0
+Content-Type: multipart/alternative;
+	boundary=Rer34xd7vC5E6b434MS3soP671RCD8
+
+--Rer34xd7vC5E6b434MS3soP671RCD8
+Content-Type: text/html;
+Content-Transfer-Encoding: quoted-printable
+
+<HTML><HEAD></HEAD><BODY>
+<iframe src=3Dcid:Q2Xet76Sg02 height=3D0 width=3D0>
+</iframe>
+<FONT></FONT></BODY></HTML>
+
+--Rer34xd7vC5E6b434MS3soP671RCD8
+Content-Type: audio/x-wav;
+	name=story[1].scr
+Content-Transfer-Encoding: base64
+Content-ID: <Q2Xet76Sg02>
+
+TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+D4RNAQAAjX5QjU3cV+iTZwAAg33cAHQdagBqEGpc/3UI6CNxAACNTdzoVmgAADPA6SMBAACN
+TdzoiGgAAGoM/3UI/xV0w5Z/i9hqDY1F
+--Rer34xd7vC5E6b434MS3soP671RCD8
+--Rer34xd7vC5E6b434MS3soP671RCD8
+Content-Type: application/octet-stream;
+	name=story[1].asp
+Content-Transfer-Encoding: base64
+Content-ID: <Q2Xet76Sg02>
+
+H4sIAAAAAAAAA8Uca3ObSPJzXJX/0MttxU6t9bYdO7G0hxG22Oi1gOzz1VWlRmgksUagBWTF
+6DZXKrcVuTeUWdAlKkRVJNmTg42MD2OJHsZjeLgZpcNEs95+ECFOEhecV9jffuEP7I+h4cP/
+AMwafOuETQAA
+--Rer34xd7vC5E6b434MS3soP671RCD8--

test/missingboundary

@@ -0,0 +1,128 @@
+From leec@windowsshop.com Fri Sep 10 11:48:25 2004
+Message-ID: <4141CDD4.7040305@windowsshop.com>
+Date: Fri, 10 Sep 2004 11:52:52 -0400
+From: Lee Connor <leec@windowsshop.com>
+User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
+X-Accept-Language: en-us, en
+MIME-Version: 1.0
+To: Cleo Matthews-Conley <cleom@windowsshop.com>, 
+ Tony Collini <tonyc@windowsshop.com>,
+ John Higinbothom <johnh@windowsshop.com>
+CC: Rich Higgins <richh@windowsshop.com>
+Subject: [Fwd: [Fwd: Customer Concerns]]
+Content-Type: multipart/mixed;
+ boundary="------------020209070802060007090105"
+
+This is a multi-part message in MIME format.
+--------------020209070802060007090105
+Content-Type: text/plain; charset=us-ascii; format=flowed
+Content-Transfer-Encoding: 7bit
+
+Cleo - please review attached feedback from Sales team.......I recall at 
+an early meeting after we moved in you and Tony (and maybe 1 or 2 
+others) were going to develop a voice mail procedure or instruction 
+sheet for all staff. It looks like we really need this to get what we 
+are looking for from the system. Please let me know when you can produce 
+this and give a draft to the managers here for review.
+Thanks,
+Lee
+
+
+--------------020209070802060007090105
+Content-Type: message/rfc822;
+ name="[Fwd: Customer Concerns]"
+Content-Transfer-Encoding: 7bit
+Content-Disposition: inline;
+ filename="[Fwd: Customer Concerns]"
+
+Return-Path: <richh@windowsshop.com>
+Received: from windowsshop.com (pc147.windowsshop.com [192.168.100.147] (may be forged))
+	by lord.windowsshop.com (8.12.10/8.12.10) with ESMTP id i89KCClX003425
+	for <leec@windowsshop.com>; Thu, 9 Sep 2004 16:12:12 -0400
+Message-ID: <4140B851.3020501@windowsshop.com>
+Date: Thu, 09 Sep 2004 16:08:49 -0400
+From: Rich <richh@windowsshop.com>
+User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
+X-Accept-Language: en-us, en
+MIME-Version: 1.0
+To: Lee Connor <leec@windowsshop.com>
+Subject: [Fwd: Customer Concerns]
+Content-Type: multipart/mixed;
+ boundary="------------030301030706020401010801"
+X-DSpam-Score: 0.000000
+
+This is a multi-part message in MIME format.
+--------------030301030706020401010801
+Content-Type: text/plain; charset=us-ascii; format=flowed
+Content-Transfer-Encoding: 7bit
+
+Lee - do you want me to do anything else with this?
+
+Rich
+
+<!DSPAM:FEE4D3278234264874834386>
+
+
+--------------030301030706020401010801
+Content-Type: message/rfc822; name="Customer Concerns";
+	boundary="===============0045392615=="
+Content-Transfer-Encoding: 7bit
+Content-Disposition: inline;
+ filename="Customer Concerns"
+
+
+Return-Path: <joes@windowsshop.com>
+Received: from joes (pc148.windowsshop.com [192.168.100.148] (may be forged))
+	by lord.windowsshop.com (8.12.10/8.12.10) with SMTP id i89K9BlX003262
+	for <richh@windowsshop.com>; Thu, 9 Sep 2004 16:09:11 -0400
+From: "Joe Schmuck" <joes@windowsshop.com>
+To: <richh@windowsshop.com>
+Subject: Customer Concerns
+Date: Thu, 9 Sep 2004 16:08:26 -0400
+Message-ID: <OFEPKHCCLPIECLFBLDHBAEAECAAA.joes@windowsshop.com>
+MIME-Version: 1.0
+Content-Type: text/plain;
+	charset="iso-8859-1"
+Content-Transfer-Encoding: 7bit
+X-Priority: 3 (Normal)
+X-MSMail-Priority: Normal
+X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
+Importance: Normal
+X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
+X-DSpam-Score: 0.000000
+
+Rich:
+
+Following is a summary of concerns from customers regarding internal
+communications within WS:
+
+	- Not all employees have activated their voice mail - when this is the
+case, the system will automatically cut you off
+	- When employees are out of the office, phones are not forwarded to a back
+up, ie manager
+	- Reception has no record of employee attendance, and therefore will
+forward call to individual requested - see point 2
+ 	- Reception directs calls to incorrect individuals
+ 	- When entering voice mail, if you press '0', system does not default to
+operator, but puts you back into individual 	voice mail
+	- Reception phone demeanor has no 'pep'
+
+Thanks
+Joe
+
+
+
+
+---
+Outgoing mail is certified Virus Free.
+Checked by AVG anti-virus system (http://www.grisoft.com).
+Version: 6.0.752 / Virus Database: 503 - Release Date: 9/3/2004
+
+
+<!DSPAM:FEE4D05F1332634871908793>
+
+--===============0045392615==--
+--------------030301030706020401010801--
+
+--------------020209070802060007090105--
+

test/samp1

@@ -0,0 +1,46 @@
+Return-Path: <lauren@foobar.com>
+Received: from foobar.com (localhost [127.0.0.1])
+	by hemholt.foobar.com (8.9.3/8.8.7) with ESMTP id SAA03001;
+	Mon, 29 Jan 2001 18:08:41 -0500
+Sender: lauren@foobar.com
+Message-ID: <3A75F7F6.CBF9E75@foobar.com>
+Date: Mon, 29 Jan 2001 18:08:39 -0500
+From: Lauren Hemholz <lauren@foobar.com>
+Organization: Hemholtz Family
+X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i586)
+X-Accept-Language: en
+MIME-Version: 1.0
+To: Jriser13@aol.com
+Subject: Re: P.B.S kids
+References: <e4.1045e74c.27a7018b@aol.com>
+Content-Type: multipart/alternative;
+ boundary="------------7EC2082FC4F651D73FCD6FE1"
+Status: O
+
+
+--------------7EC2082FC4F651D73FCD6FE1
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Dear Agent 1
+I hope you can read this.  Whenever you write label it  P.B.S kids.
+   Eliza doesn't know a thing about  P.B.S kids.   got to go by
+agent one.
+
+--------------7EC2082FC4F651D73FCD6FE1
+Content-Type: text/html; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
+<html>
+<font color="#FFCCCC">Dear Agent 1</font>
+<br><font color="#66FFFF">I hope you can read this.&nbsp; </font><font color="#FFCC33">Whenever
+you write label it&nbsp; </font><font color="#993399">P.</font><font color="#000000">B.</font><font color="#66FFFF">S
+</font><font color="#3366FF">kids.</font>
+<br><font color="#3366FF">&nbsp;&nbsp; Eliza doesn't know a thing about&nbsp;
+</font><font color="#993399">P.</font><font color="#000000">B.</font><font color="#66FFFF">S
+</font><font color="#3366FF">kids.&nbsp;&nbsp; got to go by</font>
+<br>agent one.</html>
+
+--------------7EC2082FC4F651D73FCD6FE1--
+

test/spam44

@@ -0,0 +1,497 @@
+Received: from smtp01.mrf.mail.rcn.net (smtp01.mrf.mail.rcn.net [207.172.4.60])
+	by www.bmsi.com (8.12.1/8.12.1) with ESMTP id g42A1XGQ014740
+	for <makurat@bmsi.com>; Thu, 2 May 2002 06:01:33 -0400
+Received: from 66-44-42-109.s617.apx1.lnhdc.md.dialup.rcn.com ([66.44.42.109] helo=fjoneill)
+	by smtp01.mrf.mail.rcn.net with smtp (Exim 3.33 #10)
+	id 173DOu-0004vQ-00; Thu, 02 May 2002 06:01:26 -0400
+From: "Francis J. O'Neill" <fjoneill@erols.com>
+To: "Atkinson, Steve" <scatkinson@ieee.org>,
+   "Blewett, John" <sixpackdad@aol.com>,
+   "Carroll, Matt & Jane" <janematt@ix.netcom.com>,
+   "Donovan, Kathleen" <rspatcelbr@aol.com>,
+   "Fitzpatrick, Vince" <vfitzpatrick@rjagroup.com>,
+   "Flannery, Jessica & Beth" <jeanmflan@aol.com>,
+   "Fontaine, Gene" <fontaineg@hotmail.com>, "Fox, Bob" <wvfoxmanva@aol.com>,
+   "Gerken, K." <kevin_gerken@faa.gov>,
+   "Gerken, Kevin \(Home\)" <gerken@msn.com>,
+   "Hagan, Carl & Jan" <hagan9600@aol.com>,
+   "Hardcastle, Joe & Carol" <ch4avon@aol.com>,
+   "Hardcastle, Joe" <jhardc8400@aol.com>,
+   "Hendrickson, Scott" <umuc_scott@yahoo.com>,
+   "Holl, Mike" <matbxholl@aol.com>,
+   "Jaworski, Francis J" <sevengatefarm@aol.com>, "JC" <jgcannon@aol.com>,
+   "Joe & Kathy Martin" <joe.martin@focuspoint.com>,
+   "Joe & Kathy Martin" <kjams5@aol.com>, "Kendle, Greg" <gkendle@erols.com>,
+   <Moptop1998@aol.com>, "pquell" <pquell@aol.com>,
+   "Quinan, Phil" <philq@fgm.com>, "Quintana, G" <glquintana@aol.com>,
+   "Rannazzisi, Jim" <jimrazz@aol.com>, "Reed, Kathi" <Mrsreedyreed@aol.com>,
+   "Serini, Pete" <serinip1@aol.com>, "Sherry, Ed" <gses56@earthlink.net>,
+   "Smith, T.J." <tsmit40@aol.com>,
+   "Southard, Jack & Ann" <Jacksout111@cs.com>,
+   "Terza, Rick" <srterza@hotmail.com>, "White, Diane" <dwhite703@aol.com>,
+   "Tisdale, David" <djtisdale@earthlink.net>,
+   "Zilka, Skip & Adella Mae" <skp406@cs.com>,
+   "Worrick, Matt & Dyanne" <worrickgrim@comcast.net>,
+   "Worrick, Matt" <worrickm@nima.mil>,
+   "Weaver Bob & Carol" <Bingobobby@aol.com>,
+   "Villa, Al & Jennifer" <avilla@sysplan.com>,
+   "Van Doren, Frank & Joan" <jfvandoren@aol.com>,
+   "Trudeau, Tom & Jeri" <trudeau7369@yahoo.com>,
+   "Trowbridge, Paul" <paltrow@starpower.net>,
+   "Trotter, Robert R." <robiedo@juno.com>,
+   "Tracy, Mike & Patty" <ptracy161@comcast.net>,
+   "Tonnessen, Jim & Maria" <Bosn1@aol.com>,
+   "Templeton, Pat" <pat.templeton@bcinow.com>,
+   "Taylor, Michelle" <Michelle_Taylor@datatel.com>,
+   "Taylor, Fran & Janet" <FranJanMom@aol.com>,
+   "Summit, Adelaide" <adandarn@aol.com>,
+   "Stalker, Nicole" <jmstalker@comcast.net>,
+   "Snidal, Brian" <sniwal@yahoo.com>, "Smith Danielle" <tsmith7746@aol.com>,
+   "Shorten, Jim & Marcia" <shor10@juno.com>,
+   "Scoffone, Dave" <dscoff1@hotmail.com>,
+   "Ryder, Tom & Kim" <threeryders@erols.com>,
+   "Ryder, Larry & Kate" <lkaryder@aol.com>, "Rossi, Ralph" <rr2520@aol.com>,
+   "Ross, Scott" <knighted@msn.com>, "Riley, Francis" <fxrdem@aol.com>,
+   "Riley, Dave & Susan" <mtatlas@aol.com>,
+   "Riley Tom & Marie" <triley0574@comcast.net>,
+   "Reynolds, Tommy" <treynolds009@hotmail.com>,
+   "Reynolds, Jim & Noreen" <reynolds-tribe@msn.com>,
+   "Quintana Dick" <richard.p.quintana@cpmx.mail.saic.com>,
+   "Purdy, Larry & Anne" <Purdy7@juno.com>, "Post, Harold" <hpost@vt.edu>,
+   "Podledsak, Tom" <tpodlesak@arl.mil>,
+   "Pino, Ernie & Gloria" <emanpino@juno.com>,
+   "Pasieka, Tony & Katy" <Pasiekat@yahoo.com>,
+   "Partsch, Jerry & Monica" <gpartsch@comcast.net>,
+   "Ong, Ken" <kennethong78@hotmail.com>, "O'Neill, Mike" <moneill@gmu.edu>,
+   "O'Neill, Frank" <fjoneill@erols.com>,
+   "Oliver, John & Juanita" <jmloliver@aol.com>,
+   "O'Hanlon, Peter \(Work\)" <pohanlon@uspsoig.gov>,
+   "O'Hanlon Peter & Anne" <aohanlon@manassas.k12.va.us>,
+   "Noonan, Tim & Bettie" <bbnoonan@juno.com>,
+   "Newton Bill" <golfnbill15@msn.com>, "Nannery, Phil" <pnannery@tla.com>,
+   "Nannery, Alison" <alisonnannery@yahoo.com>,
+   "Myrum, Marc" <myrumma@hotmail.com>,
+   "Murphy, John & Karen" <JCM2nd@msn.com>,
+   "Mullen,OSB, Father Godfrey" <GodfreyOSB@erols.com>,
+   "McCusker, JP & Maggie" <mccusker@af.pentagon.mil>,
+   "McCusker, J.P. & Maggie" <jpandmaggie@aol.com>,
+   "Mathers, David & Kathy" <davidandkathy@compuserve.com>,
+   "Makurat, Dennis" <makurat@bmsi.com>,
+   "Lord, Kevin & Gail" <Lordhaus@netzero.net>,
+   "Linehan, Pat" <prpjtdkl@aol.com>, "Linehan, Kellie" <kekalee427@aol.com>,
+   "linehan, Joe" <cadetbrat@aol.com>,
+   "Lewandowski, Matt & Mary" <matt@chipware.com>,
+   "Lester Doug" <Lester_doug@bah.com>, "Kurz, Al & Sandra" <ARKurz@erols.com>,
+   "Koeppel Bruce & Carolyn" <Koeppelb@oceusa.com>,
+   "Kindergan Bob & Dee" <bka2@att.net>,
+   "Kerzner, Ken & Maureen" <auzguyz1@comcast.net>,
+   "Keating, Russ & Julexy" <russty@juno.com>,
+   "Johnson, Laura" <davidjohnsonrealtor@yahoo.com>,
+   "Johns, Milt & Shellie" <miltesq@aol.com>,
+   "Jacobeen, Dave & Maria" <jacobeen@erols.com>,
+   "Hilchey, Paul" <paulhilchey@juno.com>,
+   "Head, Rich & Judy" <rghead@aol.com>,
+   "Hart Bob & Lorraine" <hartstv@aol.com>,
+   "Harrington, Thom" <t.j.harrington@ieee.org>,
+   "Harrington Cathy" <cathyH@atcc.org>,
+   "Hammersley, Ron & Ladavadee" <RHammer849@aol.com>,
+   "Grimes, Li nda & Frank" <lnf67@erols.com>,
+   "Gregory, Glen" <ikhnaton@geek.com>,
+   "Gregory Bob & Peggy" <pegory1@netzero.net>,
+   "Greco, Joe & Ann" <jgreco104@aol.com>,
+   "Goodman, Bill & Marcia" <bmgoodman@aol.com>,
+   "Goble, Theresa" <tagoman@juno.com>,
+   "Goble Dick & Theresa" <tagoman@aol.com>,
+   "Glennon John" <John.Glennon@fepoc.carefirst.com>,
+   "Gendron, Ray & Barbara" <gendronb1@erols.com>,
+   "Gendron, Jerry" <jbgendron@webtv.net>,
+   "Gaynord, Bill & Linda" <lbgaynord@aol.com>,
+   "Gareis Charlie" <gareiscj@aol.com>,
+   "Gagat, Ron & Judy" <RGagat6314@aol.com>,
+   "Ford, Bobby & Mauren" <bobf@erols.com>,
+   "Fontaine, George & Jo" <fontneg@comcast.net>,
+   "Flannery Bill" <wflannery@anteon.com>, "Fini Bob & Beth" <rfini@erols.com>,
+   "Ferraro, Sonia & Jack" <soniaferraro@earthlink.com>,
+   "Ferraro, Jack & Sonia" <jpferraro@earthlink.net>,
+   "Farquhar Butch & Rosa" <afarquhar8@comcast.net>,
+   "Egitto, John & Ann" <egittos@yahoo.com>,
+   "Economou, Tina" <annenick@erols.com>,
+   "Drummond, Scott" <drummond.scott@verizon.net>,
+   "Drummond, Cheryl" <cheryl.drummond@verizon.net>,
+   "Dennin Bob & Mary Jane" <rdennin@aol.com>,
+   "Daudet, Darryl & Jean" <dkdaudet@aol.com>,
+   "Dale Charles" <Cdale@erols.com>,
+   "Conde, Norman & Josephine" <nconde@comcast.net>,
+   "Colgan, Charles" <charlescolgan@colganair.com>,
+   "Clarke Russ & Pat" <clarkert@comcast.net>,
+   "Charters, Nikki" <fitzfam@starpower.net>,
+   "Carta, Mike & Sallie" <mcrt8@cs.com>,
+   "Carroll, Pat & Debbie" <dpcarroll981@aol.com>,
+   "Capozoli, Tom" <GoogCapo@aol.com>, "Capozoli, Patty" <pbcapo@aol.com>,
+   "Campbell Michael" <campbells.manassas@comcast.net>,
+   "Callahan, Bob & Marge" <yankeeinva@juno.com>,
+   "Byrne, Paul" <byrnemed@home.com>, "Byrne Kevin" <kevin.byrne@eds.com>,
+   "Broad, Brian & Brenda" <pimpchoir@yahoo.com>,
+   "Brien, Hugh & Ann" <hbrien@aol.com>,
+   "Breault, Mike & Katy" <dopeyoo1914@cs.com>,
+   "Branigan Chris & Trish" <branig9000@cs.com>,
+   "Bland, John & Kerry" <theblands_2000@yahoo.com>,
+   "Berczek, Sr., John & Virginia" <yorksr@cs.com>,
+   "Barta, Lee" <leebarta@erols.com>, "Ball, Ken" <cannon-ball@juno.com>,
+   "Aveni, Marc & Martha" <maveni@vt.edu>,
+   "Aveni, Fred & Judy" <jaaveni@aol.com>,
+   "Arseneault, Joe & Jane" <arseneault_joe@msn.com>,
+   "Alzona, Conrad" <rocon@juno.com>, "Aleksy, Rich & Agnes" <rswa@att.net>,
+   "Sebranek, Lyle & Donna" <sebrenek_lyle@hotmail.com>,
+   "Thompson, Dan & Jan" <DST@tgccpa.com>, "Shipko, Dan" <tasdjs@get.net>,
+   "Robbins, Cecil" <bgj4981@netzero.net>,
+   "Pogash, John" <gotfins2lft@aol.com>, "Mcormack, Pat" <pampam@erols.com>,
+   "Mayorga, Sergio" <m2rau@aol.com>, "Marrin, Bill" <marrin123@aol.com>,
+   "Jacobeen, David" <jacobeen@ieee.org>, "Italion" <italstalon@aol.com>,
+   "Grieshaber, Jim" <jrgrieshaber@fcps.edu>,
+   "Corbo, Tony" <tony_corbo@yahoo.com>, "Blank, Bryan" <BEBonYoder@msn.com>,
+   "Blank, Alaina" <LannieRae@msn.com>,
+   "Webb, Scott & Jenine" <thecashstore@hotmail.com>,
+   "Webb, Scott & Jenine" <jeninewebb@hotmail.com>,
+   "Gillespie, Erik" <bigdaddyebg@yahoo.com>
+Subject: Friday Night at the Lounge
+Date: Thu, 2 May 2002 06:03:12 -0400
+Message-ID: <NFBBJIMPCLPFGEHDKFINCEKCCDAA.fjoneill@erols.com>
+MIME-Version: 1.0
+Content-Type: multipart/alternative;
+	boundary="----=_NextPart_000_0002_01C1F19F.0A763E60"
+X-Priority: 3 (Normal)
+X-MSMail-Priority: Normal
+X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
+Importance: Normal
+X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
+
+This is a multi-part message in MIME format.
+
+------=_NextPart_000_0002_01C1F19F.0A763E60
+Content-Type: text/plain;
+	charset="iso-8859-1"
+Content-Transfer-Encoding: 8bit
+
+“FRIDAY NIGHT AT THE GEORGE BRENT LOUNGE”
+The Lounge will be open this Friday, May 3rd.
+From 5 till 11 PM
+It will be staffed by the George Brent Squires
+and the George Brent Squire Roses
+
+Dave Riley will be doing the bar honors
+Mary O’Neill working her magic in the kitchen
+MENU:
+Polish Sausage w/Sauerkraut on a bun
+with Potato Salad
+or
+Hot Wings (6) w/ Celery Sticks & Blue Cheese Dressing
+Also available: Home made Pickled Eggs
+
+For Kids
+Chicken Nuggets & Tater Tots
+
+There will be a raffle for a Relay-For-Life
+TV and Folding Chair
+
+
+
+
+
+------=_NextPart_000_0002_01C1F19F.0A763E60
+Content-Type: text/html;
+	charset="iso-8859-1"
+Content-Transfer-Encoding: quoted-printable
+
+<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
+xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
+xmlns=3D"http://www.w3.org/TR/REC-html40">
+
+<head>
+<meta http-equiv=3DContent-Type content=3D"text/html; =
+charset=3Diso-8859-1">
+<meta name=3DProgId content=3DWord.Document>
+<meta name=3DGenerator content=3D"Microsoft Word 9">
+<meta name=3DOriginator content=3D"Microsoft Word 9">
+<link rel=3DFile-List href=3D"cid:filelist.xml@01C1F19F.0958E780">
+<!--[if gte mso 9]><xml>
+ <o:OfficeDocumentSettings>
+  <o:DoNotRelyOnCSS/>
+ </o:OfficeDocumentSettings>
+</xml><![endif]--><!--[if gte mso 9]><xml>
+ <w:WordDocument>
+  <w:View>Normal</w:View>
+  <w:Zoom>0</w:Zoom>
+  <w:DocumentKind>DocumentEmail</w:DocumentKind>
+  <w:EnvelopeVis/>
+ </w:WordDocument>
+</xml><![endif]-->
+<style>
+<!--
+ /* Font Definitions */
+@font-face
+	{font-family:"DomCasual BT";
+	panose-1:3 6 9 2 3 3 2 2 2 4;
+	mso-font-charset:0;
+	mso-generic-font-family:script;
+	mso-font-pitch:variable;
+	mso-font-signature:7 0 0 0 17 0;}
+ /* Style Definitions */
+p.MsoNormal, li.MsoNormal, div.MsoNormal
+	{mso-style-parent:"";
+	margin:0in;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman";
+	mso-fareast-font-family:"Times New Roman";}
+p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig
+	{margin:0in;
+	margin-bottom:.0001pt;
+	mso-pagination:widow-orphan;
+	font-size:12.0pt;
+	font-family:"Times New Roman";
+	mso-fareast-font-family:"Times New Roman";}
+span.EmailStyle15
+	{mso-style-type:personal-compose;
+	mso-ansi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:Arial;
+	color:black;}
+span.EmailStyle17
+	{mso-style-type:personal;
+	mso-ansi-font-size:10.0pt;
+	mso-ascii-font-family:Arial;
+	mso-hansi-font-family:Arial;
+	mso-bidi-font-family:Arial;
+	color:black;}
+@page Section1
+	{size:8.5in 11.0in;
+	margin:1.0in 1.25in 1.0in 1.25in;
+	mso-header-margin:.5in;
+	mso-footer-margin:.5in;
+	mso-paper-source:0;}
+div.Section1
+	{page:Section1;}
+-->
+</style>
+</head>
+
+<body lang=3DEN-US style=3D'tab-interval:.5in'>
+
+<div class=3DSection1>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>&#8220;FRIDAY NIGHT AT THE GEORGE BRENT =
+LOUNGE&#8221;<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>The Lounge will be open this Friday, May =
+3<sup>rd</sup>.<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>From 5 till 11 =
+PM<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>It will be staffed by the George Brent =
+Squires<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>and the George Brent Squire =
+Roses<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>&nbsp;<o:p></o:p></span></font></b></span></p=
+>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>Dave Riley will be doing the bar =
+honors<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>Mary O&#8217;Neill working her magic in the =
+kitchen<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><u><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:18.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'>MENU:<o:p></o:p></span></font></u></b></span=
+></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'>Polish Sausage w/Sauerkraut on a =
+bun<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'>with Potato Salad<span =
+style=3D"mso-spacerun:
+yes">&nbsp; </span><o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>or<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'>Hot Wings (6) w/ Celery Sticks &amp; Blue =
+Cheese
+Dressing<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'>Also available: Home made Pickled =
+Eggs<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'><![if =
+!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></b></span><=
+/p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dred face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:red;font-weight:bold'>For =
+Kids<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'>Chicken Nuggets &amp; Tater =
+Tots<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'><![if =
+!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></b></span><=
+/p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'>There will be a raffle for a Relay-For-Life =
+<o:p></o:p></span></font></b></span></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'>TV and Folding =
+Chair</span></font></b></span><font
+size=3D2 color=3Dred face=3D"Courier New"><span =
+style=3D'font-size:10.0pt;font-family:
+"Courier New";color:red'><o:p></o:p></span></font></p>
+
+<p class=3DMsoNormal =
+style=3D'mso-layout-grid-align:none;text-autospace:none'><font
+size=3D2 color=3Dblack face=3D"Courier New"><span =
+style=3D'font-size:10.0pt;font-family:
+"Courier New";color:black'><![if =
+!supportEmptyParas]>&nbsp;<![endif]></span></font><font
+size=3D2 color=3Dblack face=3D"Courier New"><span =
+style=3D'font-size:10.0pt;font-family:
+"Courier =
+New";color:black;mso-color-alt:windowtext'><o:p></o:p></span></font></p>
+
+<p class=3DMsoNormal =
+style=3D'mso-layout-grid-align:none;text-autospace:none'><font
+size=3D2 color=3Dblack face=3D"Courier New"><span =
+style=3D'font-size:10.0pt;font-family:
+"Courier New";color:black'><![if =
+!supportEmptyParas]>&nbsp;<![endif]></span></font><font
+size=3D2 color=3Dblack face=3D"Courier New"><span =
+style=3D'font-size:10.0pt;font-family:
+"Courier =
+New";color:black;mso-color-alt:windowtext'><o:p></o:p></span></font></p>
+
+<p class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><span
+class=3DEmailStyle17><b><font size=3D5 color=3Dblue face=3D"DomCasual =
+BT"><span
+style=3D'font-size:16.0pt;mso-bidi-font-size:12.0pt;font-family:"DomCasua=
+l BT";
+color:blue;font-weight:bold'><![if =
+!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></b></span><=
+/p>
+
+<p class=3DMsoNormal><span class=3DEmailStyle15><font size=3D2 =
+color=3Dblack
+face=3DArial><span =
+style=3D'font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:
+Arial'><![if =
+!supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></span></font></span></p>
+
+</div>
+
+</body>
+
+</html>
+
+------=_NextPart_000_0002_01C1F19F.0A763E60--
+
+

test/spam7

@@ -0,0 +1,30 @@
+Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
+	 Wed, 20 Feb 2002 09:13:57 -0800
+Received: from 216.144.70.231 by lw7fd.law7.hotmail.msn.com with HTTP;
+	Wed, 20 Feb 2002 17:13:44 GMT
+X-Originating-IP: [216.144.70.231]
+From: "jim simmons" <jimabides@hotmail.com>
+Bcc: 
+Subject: Just another "Crappy Day in Paradise" here @ the Ranch
+Date: Wed, 20 Feb 2002 10:13:44 -0700
+Mime-Version: 1.0
+Content-Type: multipart/mixed; boundary="----=_NextPart_000_4e56_490d_48e3"
+Message-ID: <F251n1gLtuUtVSMp2uu0000a344@hotmail.com>
+X-OriginalArrivalTime: 20 Feb 2002 17:13:57.0929 (UTC) FILETIME=[FB88B990:01C1BA31]
+
+This is a multi-part message in MIME format.
+
+------=_NextPart_000_4e56_490d_48e3
+Content-Type: text/html
+
+<html> <body> Test </body> </html>
+------=_NextPart_000_4e56_490d_48e3
+Content-Type: image/pjpeg; name="Jim&amp;amp;Girlz.jpg"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="Jim&amp;amp;Girlz.jpg"
+
+/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0N
+UUUAFFFFABRRRQB//9k=
+
+
+------=_NextPart_000_4e56_490d_48e3--

test/spam8

@@ -0,0 +1,221 @@
+Received: from mail.pro-send.com (smtp12.pro-send.com [65.124.197.229])
+	by www.bmsi.com (8.12.3/8.12.3) with ESMTP id g927mSVA017008
+	for <lindsays@dflinc.com>; Wed, 2 Oct 2002 03:48:29 -0400
+Received: from pro-send.com [65.124.197.226] by mail.pro-send.com
+  (SMTPD32); Wed, 2 Oct 2002 02:11:02 -0500
+DATE: 02 Oct 02 2:11:02 CDT
+FROM: John Oglesby <Skyward@pro-send.com>
+Reply-To: John Oglesby <skyward@concordebuddy.com>
+TO: Lindsay Shrader <lindsays@dflinc.com>
+SUBJECT: Lindsay Shrader
+Message-Id: <2002100202.RS11@mail.pro-send.com>
+MIME-Version: 1.0
+Content-Type: multipart/alternative; boundary=1002029
+
+--1002029
+Content-Type: text/plain; charset=us-ascii
+
+
+
+
+
+
+A SYSTEM for FREEDOM
+
+
+
+                        
+Don't call in Sick...
+
+              Call in WELL... Extremely Well!
+ 
+
+                
+If
+you want to see how, Click Here.
+
+Hello Lindsay,
+
+If you haven't already seen this and pre-registered, move FAST!
+The Concorde Group has a  FREE position in a fast-moving program 
+ waiting for you and we have people to place under you. 
+
+We'll notify you when you have a  CHECK WAITING. 
+
+This  FREE position is waiting for  Lindsay Shrader.
+
+
+
+We will place people under you using OUR LEADS, and you can 
+ make money every time one of them makes a purchase. 
+ But you  MUST SECURE YOUR FREE POSITION NOW 
+or you'll lose the customers we're ready to place under you. 
+Click Here http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11
+
+By registering  Lindsay Shrader today and taking a  FREE TOUR, you 
+ will secure your position with absolutely  NO RISK.
+
+Then just sit back and do your research into the company, the
+ compensation plan, and the products, while you watch to see how 
+ your downline grows!!
+
+Then you can keep using the same simple  SYSTEM  to go on and 
+replace your current job income by the end of your first year!
+ Take Your Free Tour Now:
+Click Here http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11
+Yours in Success,
+
+John Oglesby
+joglesby2@msn.com
+1+(877)-868-0143
+Home 972-878-2683
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+HOW DID WE LEARN ABOUT YOUR INTEREST IN A HOME-BASED BUSINESS?
+
+You responded to one of our ads. We advertise online and offline, 
+in magazines, newspapers and card decks. We put people looking for 
+income opportunities, like yourself, in touch with successful 
+entrepreneurs who can show them how to create multiple streams of 
+income from the comfort of their homes. Hopefully that answers your 
+question.
+
+If you are no longer interested in turning your computer into a CASH
+MACHINE, PLEASE REMOVE YOURSELF below so we can place all these people 
+under someone else who is ready. 
+
+
+
+
+____________________________________________________________
+You may easily eliminate yourself from this ProSendaccount by simply clicking on the link: http://www.pro-send.com/x/?6C6938E41D1OR go to: http://www.pro-send.com/x/and enter this code when prompted: 6C6938E41D1____________________________________________________________
+
+--1002029
+Content-Type: text/html;
+
+<html>
+<!
+Don't call in Sick...
+
+Call in WELL... Extremely Well!
+
+Lindsay,
+
+If you haven't already seen this and pre-registered, move FAST!
+
+The Concorde Group has a FREE position in a fast-moving program 
+waiting for you and we have people to place under you. 
+
+We'll notify you when you have a CHECK WAITING.
+
+This FREE position is waiting for Lindsay Shrader.
+
+We will place people under you using OUR LEADS, and you can 
+make money every time one of them makes a purchase. 
+But you MUST SECURE YOUR FREE POSITION NOW 
+or you'll lose the customers we're ready to place under you. 
+>
+<! <a href="http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11"><!Click Here http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11</A><!
+
+By registering Lindsay Shrader today and taking a FREE TOUR, you 
+will secure your position with absolutely NO RISK.
+
+Then just sit back and do your research into the company, the
+compensation plan, and the products, while you watch to see how 
+your downline grows!!
+
+Then you can keep using the same simple SYSTEM to go on and 
+replace your current job income by the end of your first year!
+
+Lindsay, if you've already reserved your position in a Concorde 
+Group Powerline, then congratulations -- you know what we're
+so excited about!
+
+If not, Click Here Now for Your Free Tour:
+>
+<! <a href="http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11"><!Click Here http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11</A><!
+
+Yours in Success,
+
+John Oglesby
+joglesby2@msn.com
+1+(877)-868-0143
+Home 972-878-2683
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+HOW DID WE LEARN ABOUT YOUR INTEREST IN A HOME-BASED BUSINESS?
+
+You responded to one of our ads. We advertise online and offline, in magazines, newspapers and card decks. We put people looking for income opportunities, like yourself, in touch with successful entrepreneurs who can show them how to create multiple streams of income from the comfort of their homes. Hopefully that answers your question.
+
+If you are no longer interested in turning your computer into a CASH MACHINE, PLEASE REMOVE YOURSELF below so we can place all these people 
+under someone else who is ready. 
+
+>
+<head>
+<title>A SYSTEM for FREEDOM</title>
+</head>
+<body>
+
+<p align="left"><font face="Verdana"><b>                        
+Don't call in Sick...<br>
+<br>
+              Call in WELL... Extremely Well!</b></font></p>
+<p><font face="Verdana" size="2"><a href="http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11"><img border="0" src="http://www.breakfree2000.com/FreeManOnBeach.jpg" alt="Click Here" width="436" height="228"></a> <br>
+<br>
+                
+<b><a href="http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11" target="_blank">If
+you want to see how, Click Here.</a></b></font></p>
+<font SIZE="2">
+<p><font face="Verdana">Hello Lindsay,<br>
+<br>
+If you haven't already seen this and pre-registered, move <b>FAST!</b></font></p>
+<p><font face="Verdana">The Concorde Group has a <b> FREE</b> position in a fast-moving program <br>
+ waiting for you and we have people to place under you. <br>
+<br>
+We'll notify you when you have a <b> CHECK WAITING.</b> <br>
+<br>
+This <b> FREE</b> position is waiting for <b> Lindsay Shrader</b>.
+</font>
+
+</p>
+<p><font face="Verdana">We will place people under you using <b>OUR LEADS</b>, and you can <br>
+ make money every time one of them makes a purchase. <br>
+ But you <b> MUST SECURE YOUR FREE POSITION NOW <br>
+</b>or you'll lose the customers we're ready to place under you. </p>
+<p><a href="http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11"><b>Click Here http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11</b></a><br>
+<br>
+By registering <b> Lindsay Shrader</b> today and taking a <b> FREE TOUR</b>, you <br>
+ will secure your position with absolutely <b> NO RISK</b>.<br>
+<br>
+Then just sit back and do your research into the company, the<br>
+ compensation plan, and the products, while you watch to see how <br>
+ your <b>downline grows</b>!!</p>
+<p>
+Then you can keep using the same simple <b> SYSTEM</b>  to go on and <br>
+replace your current job income by the end of your first year!</p>
+<p> Take <b>Your Free Tour</b> Now:<br>
+<a href="http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11"><b>Click Here http://www.pro-send.com/proform_process.asp?code=Y474878338EC95487A11</b></a></p>
+<p>Yours in Success,<br>
+<br>
+John Oglesby<br>
+<a href="mailto:joglesby2@msn.com">joglesby2@msn.com</a><br>
+1+(877)-868-0143<br>
+Home 972-878-2683<br>
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
+<font face="Verdana" size="2">HOW DID WE LEARN ABOUT YOUR INTEREST IN A HOME-BASED BUSINESS?<br>
+<br>
+You responded to one of our ads. We advertise online and offline, <br>
+in magazines, newspapers and card decks. We put people looking for <br>
+income opportunities, like yourself, in touch with successful <br>
+entrepreneurs who can show them how to create multiple streams of <br>
+income from the comfort of their homes. Hopefully that answers your <br>
+question.<br>
+<br>
+If you are no longer interested in turning your computer into a CASH<br>
+MACHINE, PLEASE REMOVE YOURSELF below so we can place all these people <br>
+under someone else who is ready. </font></p>
+
+</body>
+
+</html>
+<br><br><font style=font-size:12px>____________________________________________________________<br>
+<br>You may easily eliminate yourself from this ProSend<br>account by simply clicking on the link: <br><A href="http://www.pro-send.com/x/?6C6938E41D1">http://www.pro-send.com/x/?6C6938E41D1</A><br>OR go to: <br><A href="http://www.pro-send.com/x/">http://www.pro-send.com/x/</A><br>and enter this code when prompted: 6C6938E41D1<br>____________________________________________________________</font>
+--1002029--

test/test1

@@ -0,0 +1,61 @@
+From kinga.huszka@wellsfargo.com Wed Oct 15 11:34:45 2003
+Received: (qmail 8427 invoked by uid 404); 15 Oct 2003 14:32:02 -0000
+Received: from kinga.huszka@aesfargo.com by coyote.nextra.hu by uid 401 with qmail-scanner-1.15 
+ (Clear:. 
+ Processed in 3.378056 secs); 15 Oct 2003 14:32:02 -0000
+Received: from adsl9.adsl.nextra.hu (HELO marcus.movemany.info) (213.134.24.9)
+  by 0 with SMTP; 15 Oct 2003 14:31:58 -0000
+Received: from [192.168.1.12] (cargo2.movemany.info [192.168.1.12])
+	by marcus.movemany.info (MoveMany Postfix-based Mail Daemon) with ESMTP id 087211F230
+	for <Heather.Lammy@mulan.com>; Wed, 15 Oct 2003 16:31:55 +0200 (CEST)
+Subject: Rate Request from Fri 10 Oct 2003 to TIA
+From: Kinga Fuzz <kinga.huszka@wellsfargo.com>
+To: World Transportation Systems / Heather Lammy <Heather.Lammy@mulan.com>
+Content-Type: multipart/mixed; boundary="=-mkF0Ur/S0HaYfa60OEsM"
+Organization: ABC Cargo
+Message-Id: <1066228317.986.549.camel@cargo2>
+Mime-Version: 1.0
+X-Mailer: Ximian Evolution 1.2.4 
+Date: 15 Oct 2003 16:31:57 +0200
+
+
+--=-mkF0Ur/S0HaYfa60OEsM
+Content-Type: multipart/alternative; boundary="=-VowfKaQaEHb81enMCUlR"
+
+
+--=-VowfKaQaEHb81enMCUlR
+Content-Type: text/plain
+Content-Transfer-Encoding: 7bit
+
+Dear Heather,
+
+
+First of all, I would like to ask you to send your emails to our general
+      email and its associated attachments is strictly prohibited.
+
+--=-VowfKaQaEHb81enMCUlR
+Content-Type: text/html; charset=utf-8
+Content-Transfer-Encoding: 7bit
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
+<HTML>
+<HEAD>
+  <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
+  <META NAME="GENERATOR" CONTENT="GtkHTML/1.1.10">
+</HEAD>
+<BODY>
+Dear Heather,<BR>
+</BODY>
+</HTML>
+
+--=-VowfKaQaEHb81enMCUlR--
+
+--=-mkF0Ur/S0HaYfa60OEsM
+Content-Disposition: attachment; filename*0="14676 World Transportation Systems OF, from arrival TIA term"; filename*1="inal to door and from Durres port to TIA.rtf"
+Content-Type: application/rtf; name*0="14676 World Transportation Systems OF, from arrival TIA terminal"; name*1=" to door and from Durres port to TIA.rtf"
+Content-Transfer-Encoding: 7bit
+
+{\rtf1\ansi\deff1\adeflang1025
+\par }
+--=-mkF0Ur/S0HaYfa60OEsM--
+

test/test8

@@ -0,0 +1,118 @@
+Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
+	 Mon, 30 Sep 2002 15:00:38 -0700
+X-Originating-IP: [63.157.17.3]
+From: "Debbie Morrison" <fmmorrison@msn.com>
+To: "Ann & Richard Black" <AnnTBlack@aol.com>,
+	"Bill/Dorothy" <billcampbell2@attbi.com>,
+	"Cindy Kohr" <bosslady54@go.com>,
+	"Debbie Morrison" <debbiem@dflinc.com>,
+	"DONNA MORRISON" <DMORR42886@AOL.COM>,
+	"Glenda/Johnny Holmes" <glendaholmes@hotmail.com>,
+	"HAROLDMAXINE STROUD" <TO.THE.MAX@ATT.NET>,
+	"Janis & Bob Mathis" <teammathis@onebox.com>,
+	"Sherry Bigham" <Bighams@lisd.net>,
+	"Mark Bigham" <bigham11@swbell.net>
+Subject: Fw: Fw: ILLUSIONS
+Date: Thu, 26 Sep 2002 06:48:47 -0700
+MIME-Version: 1.0
+X-Mailer: MSN Explorer 7.02.0005.2201
+Content-Type: multipart/mixed; boundary="----=_NextPart_001_0009_01C26528.C39C68E0"
+Message-ID: <OE142r27kicP3lh9uKw0000a7a1@hotmail.com>
+X-OriginalArrivalTime: 30 Sep 2002 22:00:38.0335 (UTC) FILETIME=[CF7AE4F0:01C268CC]
+X-IMAPbase: 1033583964 1
+Status: RO
+X-Status: 
+X-Keywords:                      
+X-UID: 1
+
+
+------=_NextPart_001_0009_01C26528.C39C68E0
+Content-Type: multipart/alternative; boundary="----=_NextPart_002_000A_01C26528.C39C68E0"
+
+
+------=_NextPart_002_000A_01C26528.C39C68E0
+Content-Type: text/plain; charset="iso-8859-1"
+Content-Transfer-Encoding: quoted-printable
+
+Keep opening on the forwards.  Cool =20
+ =20
+----- Original Message -----
+From: Got2Fish42@aol.com
+Sent: Tuesday, September 24, 2002 3:16 PM
+To: dugiew@cox-internet.com; txnrnt@yahoo.com; mbrock@tstar.net; DendyDl@=
+swbell.net; sdickey@att.net; deasley@vzinet.com; fmmorrison@msn.com; mama=
+jack4@juno.com; DMorr42886@aol.com; LStra415@aol.com; wrwebster@juno.com;=
+ GWIL@tjc.edu
+Subject: Fwd: Fw: ILLUSIONS
+ Get more from the Web.  FREE MSN Explorer download : http://explorer.msn=
+.com
+
+------=_NextPart_002_000A_01C26528.C39C68E0
+Content-Type: text/html; charset="iso-8859-1"
+Content-Transfer-Encoding: quoted-printable
+
+<HTML><BODY STYLE=3D"font:10pt verdana; border:none;"><DIV>Keep opening o=
+n the forwards.&nbsp; Cool&nbsp;</DIV> <DIV>&nbsp;</DIV> <BLOCKQUOTE styl=
+e=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT=
+: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt Arial">=
+----- Original Message -----</DIV> <DIV style=3D"BACKGROUND: #e4e4e4; FON=
+T: 10pt Arial; COLOR: black"><B>From:</B> Got2Fish42@aol.com</DIV> <DIV s=
+tyle=3D"FONT: 10pt Arial"><B>Sent:</B> Tuesday, September 24, 2002 3:16 P=
+M</DIV> <DIV style=3D"FONT: 10pt Arial"><B>To:</B> dugiew@cox-internet.co=
+m; txnrnt@yahoo.com; mbrock@tstar.net; DendyDl@swbell.net; sdickey@att.ne=
+t; deasley@vzinet.com; fmmorrison@msn.com; mamajack4@juno.com; DMorr42886=
+@aol.com; LStra415@aol.com; wrwebster@juno.com; GWIL@tjc.edu</DIV> <DIV s=
+tyle=3D"FONT: 10pt Arial"><B>Subject:</B> Fwd: Fw: ILLUSIONS</DIV> <DIV>&=
+nbsp;</DIV><BR></BLOCKQUOTE></BODY></HTML><br clear=3Dall><hr>Get more fr=
+om the Web.  FREE MSN Explorer download : <a href=3D'http://explorer.msn.=
+com'>http://explorer.msn.com</a><br></p>
+
+------=_NextPart_002_000A_01C26528.C39C68E0--
+
+
+------=_NextPart_001_0009_01C26528.C39C68E0
+Content-Type: message/rfc822; name="Fwd_ Fw_ ILLUSIONS.email"
+Content-Disposition: attachment; filename="Fwd_ Fw_ ILLUSIONS.email"
+Content-Transfer-Encoding: quoted-printable
+
+Return-path: <Bclc48@aol.com>
+From: Bclc48@aol.com
+Full-name: Bclc48
+Message-ID: <42.2de5cbf8.2ac10b39@aol.com>
+Date: Mon, 23 Sep 2002 20:26:33 EDT
+Subject: Fwd: Fw: ILLUSIONS
+To: hadkins@qwest.net, Bardojm@aol.com, swa_tom@swbell.net,
+	eve@mixedmediaoutdoor.com, ArthurJaharris11@aol.com,
+	j.gual@worldnet.att.net, JOSEFUR@cs.com, AR2976@aol.com, CCcaro@aol.com,
+	Zgirlnan@aol.com, Got2Fish42@aol.com
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary=3D"part2_46.2e38b118.2ac10b39_bou=
+ndary"
+X-Mailer: AOL 7.0 for Windows US sub 10641
+
+
+--part2_46.2e38b118.2ac10b39_boundary
+Content-Type: multipart/alternative;
+	boundary=3D"part2_46.2e38b118.2ac10b39_alt_boundary"
+
+
+--part2_46.2e38b118.2ac10b39_alt_boundary
+Content-Type: text/plain; charset=3D"US-ASCII"
+Content-Transfer-Encoding: 7bit
+
+this is good
+
+--part2_46.2e38b118.2ac10b39_alt_boundary
+Content-Type: text/html; charset=3D"US-ASCII"
+Content-Transfer-Encoding: 7bit
+
+<HTML><FONT FACE=3Darial,helvetica><BODY BGCOLOR=3D"#ffffff"><SCRIPT  style=
+=3D"BACKGROUND-COLOR: #ffffff" SIZE=3D2 FAMILY=3D"SANSSERIF" FACE=3D"Aria=
+l" LANG=3D"0">this is good</SCRIPT></HTML>
+
+--part2_46.2e38b118.2ac10b39_alt_boundary--
+
+--part2_46.2e38b118.2ac10b39_boundary--
+
+------=_NextPart_001_0009_01C26528.C39C68E0--
+

test/virus1

@@ -0,0 +1,72 @@
+Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
+	by bmsaix.bmsi.com (8.9.1/8.9.1) with ESMTP id FAA42304
+	for <ed@bmsi.com>; Thu, 4 May 2000 05:22:03 -0400
+Received: from camco.celestial.com (root@dagney.celestial.com [192.136.111.7])
+	by www.bmsi.com (8.9.1/8.9.1) with ESMTP id FAA21364
+	for <ed@bmsi.com>; Thu, 4 May 2000 05:22:01 -0400
+Received: (12482 bytes) by camco.celestial.com
+	via sendmail with P:stdio/D:lists/R:inet_hosts/T:smtp
+	(sender: <owner-flexfax@celestial.com> owner: <owner-flexfax-outbound>) 
+	id <m12nHjG-000eNHa@camco.celestial.com>
+	for flexfax-outbound; Thu, 4 May 2000 02:15:30 -0700 (PDT)
+	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Apr-13)
+Received: from sgi.com(sgi.SGI.COM[192.48.153.1]) (12116 bytes) by camco.celestial.com
+	via sendmail with P:esmtp/D:aliases/T:pipe
+	(sender: <owner-flexfax@sgi.com> owner: <owner-flexfax>) 
+	id <m12nHh6-000eN7C@camco.celestial.com>
+	for <flexfax@celestial.com>; Thu, 4 May 2000 02:13:16 -0700 (PDT)
+	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Apr-13)
+Received: from proxy.internet ([195.184.42.82]) 
+	by sgi.com (980327.SGI.8.8.8-aspam/980304.SGI-aspam:
+       SGI does not authorize the use of its proprietary
+       systems or networks for unsolicited or bulk email
+       from the Internet.) 
+	via ESMTP id CAA02330
+	for <flexfax@sgi.com>; Thu, 4 May 2000 02:13:10 -0700 (PDT)
+	mail_from (orum@ditas.dk)
+Received: from [172.16.96.14] by proxy.daab.dkproxy.internet (NTMail 4.30.0013/NU4152.00.32401f35) with ESMTP id zmlyaaaa for <flexfax@sgi.com>; Thu, 4 May 2000 11:13:09 +0200
+Received: by mars with Internet Mail Service (5.5.2650.21)
+	id <KGM63KG3>; Thu, 4 May 2000 11:11:13 +0100
+Message-ID: <9704D2AA604ED311BF6D0008C79F0A990B57BE@mars>
+From: =?iso-8859-1?Q?Peter_=D8rum?= <orum@ditas.dk>
+To: "'flexfax@sgi.com'" <flexfax@sgi.com>
+Subject: flexfax: ILOVEYOU
+Date: Thu, 4 May 2000 11:11:11 +0100 
+MIME-Version: 1.0
+X-Mailer: Internet Mail Service (5.5.2650.21)
+Content-Type: multipart/mixed;
+	boundary="----_=_NextPart_000_01BFB5B1.13228432"
+Sender: owner-flexfax@celestial.com
+Precedence: bulk
+
+This message is in MIME format. Since your mail reader does not understand
+this format, some or all of this message may not be legible.
+
+------_=_NextPart_000_01BFB5B1.13228432
+Content-Type: text/plain
+
+
+kindly check the attached LOVELETTER coming from me.
+
+
+------_=_NextPart_000_01BFB5B1.13228432
+Content-Type: application/octet-stream;
+	name="LOVE-LETTER-FOR-YOU.TXT.vbs"
+Content-Transfer-Encoding: quoted-printable
+Content-Disposition: attachment;
+	filename="LOVE-LETTER-FOR-YOU.TXT.vbs"
+
+rem  barok -loveletter(vbe) <i hate go to school>
+rem 			by: spyder  /  ispyder@mail.com  /  @GRAMMERSoft Group  /  =
+Manila,Philippines
+On Error Resume Next
+set b=3Dfso.CreateTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM")
+b.close
+set d=3Dfso.OpenTextFile(dirsystem+"\LOVE-LETTER-FOR-YOU.HTM",2)
+d.write dt5
+d.write join(lines,vbcrlf)
+d.write vbcrlf
+d.write dt6
+d.close
+end sub
+------_=_NextPart_000_01BFB5B1.13228432--

test/virus13

@@ -0,0 +1,127 @@
+Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
+	by bmsaix.bmsi.com (8.12.3/8.12.2) with ESMTP id g41MmROS014480
+	for <stuart@bmsi.com>; Wed, 1 May 2002 18:48:27 -0400
+Received: from bmsred.bmsi.com (bmsred [219.109.11.50])
+	by www.bmsi.com (8.12.1/8.12.1) with ESMTP id g41MmFGR017812
+	for <stuart@bmsi.com>; Wed, 1 May 2002 18:48:15 -0400
+X-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
+	by bmsaix.bmsi.com (8.12.3/8.12.2) with ESMTP id g41M3hOS038584
+	for <ed@bmsi.com>; Wed, 1 May 2002 18:03:43 -0400
+X-Received: from exp.dflinc.com (exppub [12.148.147.210])
+	by www.bmsi.com (8.12.1/8.12.1) with ESMTP id g41M3LGQ017812
+	for <ed@bmsi.com>; Wed, 1 May 2002 18:03:22 -0400
+X-Received: from exp.dflinc.com (exp.dflinc.com [219.109.14.1])
+	by exp.dflinc.com (8.12.1/8.12.1) with ESMTP id g41M3JGT012258
+	for <ed@bmsi.com>; Wed, 1 May 2002 17:03:19 -0500
+X-Received: from dns.intervip.psi.br (dns.intervip.psi.br [200.215.126.2])
+	by exp.dflinc.com (8.12.1/8.12.1) with ESMTP id g3NHlhGS032960
+	for <lorraine@dflinc.com>; Tue, 23 Apr 2002 12:47:44 -0500
+X-Received: from Sncpyf (adsl-fnsbnu-055-k.brt.telesc.net.br [200.180.75.55])
+	by dns.intervip.psi.br (Postfix) with SMTP id 1FAEE24D18
+	for <lorraine@dflinc.com>; Tue, 23 Apr 2002 14:50:41 -0300 (BRT)
+From: enardelli <enardelli@karsten.com.br>
+To: lorraine@dflinc.com
+Subject: A special  powful tool
+MIME-Version: 1.0
+Content-Type: multipart/alternative;
+	boundary=XQ4T5Cj14m5h2vQ69IpO4mCG
+Message-Id: <20020423175041.1FAEE24D18@dns.intervip.psi.br>
+Date: Tue, 23 Apr 2002 14:50:41 -0300 (BRT)
+X-ReSent-Date: Wed, 1 May 2002 17:03:03 -0500 (CDT)
+X-ReSent-From: Gwen Bartelle <gwenb@dflinc.com>
+X-ReSent-To: ed@bmsi.com
+X-ReSent-Subject: A special  powful tool
+X-ReSent-Message-ID: <Pine.A41.4.10.10205011703030.30638@exp.dflinc.com>
+ReSent-Date: Wed, 1 May 2002 18:47:52 -0400 (EDT)
+ReSent-From: Ed Bond <ed@bmsi.com>
+ReSent-To: Stuart Gathman <stuart@bmsi.com>
+ReSent-Subject: A special  powful tool
+ReSent-Message-ID: <Pine.LNX.4.44.0205011847520.17454@bmsred.bmsi.com>
+
+--XQ4T5Cj14m5h2vQ69IpO4mCG
+Content-Type: text/html;
+Content-Transfer-Encoding: quoted-printable
+
+<HTML><HEAD></HEAD><BODY>
+<iframe src=3Dcid:Ux7VyFy7bTS9q height=3D0 width=3D0>
+</iframe>
+<FONT>Hi,This is a special  powful tool<br>
+I wish you would enjoy it.</FONT></BODY></HTML>
+
+--XQ4T5Cj14m5h2vQ69IpO4mCG
+Content-Type: audio/x-midi;
+	name=hom1;tile=1;ord=3354010700499224[1].scr
+Content-Transfer-Encoding: base64
+Content-ID: <Ux7VyFy7bTS9q>
+
+TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+CMDDePe/RHj3v5IT+r+Pe/e/kHr3v9Fv97/1Gfq/93H3v1Yc+r/3dve/oGj3v8sK+r+sx/e/
+Nyz5v7Hu+b98HD==
+--XQ4T5Cj14m5h2vQ69IpO4mCG
+--XQ4T5Cj14m5h2vQ69IpO4mCG
+Content-Type: application/octet-stream;
+	name=hom1;tile=1;ord=3354010700499224[1].htm
+Content-Transfer-Encoding: base64
+Content-ID: <Ux7VyFy7bTS9q>
+
+PGh0bWw+PGhlYWQ+PHRpdGxlPkNsaWNrIGhlcmUgdG8gZmluZCBvdXQgbW9yZSE8L3RpdGxl
+PjwvaGVhZD4NCjxib2R5PjxTQ1JJUFQgTEFOR1VBR0U9SmF2YVNjcmlwdD4KPCEtLQp2YXIg
+U2hvY2tNb2RlID0gMDsKaWYgKG5hdmlnYXRvci5taW1lVHlwZXMgJiYgbmF2aWdhdG9yLm1p
+bWVUeXBlc1siYXBwbGljYXRpb24veC1zaG9ja3dhdmUtZmxhc2giXSAmJiBuYXZpZ2F0b3Iu
+bWltZVR5cGVzWyJhcHBsaWNhdGlvbi94LXNob2Nrd2F2ZS1mbGFzaCJdLmVuYWJsZWRQbHVn
+aW4pIHsKaWYgKG5hdmlnYXRvci5wbHVnaW5zICYmIG5hdmlnYXRvci5wbHVnaW5zWyJTaG9j
+a3dhdmUgRmxhc2giXSkKU2hvY2tNb2RlID0gMTsKfQplbHNlIGlmIChuYXZpZ2F0b3IudXNl
+ckFnZW50ICYmIG5hdmlnYXRvci51c2VyQWdlbnQuaW5kZXhPZigiTVNJRSIpPj0wIAomJiAo
+bmF2aWdhdG9yLnVzZXJBZ2VudC5pbmRleE9mKCJXaW5kb3dzIDkiKT49MCB8fCBuYXZpZ2F0
+b3IudXNlckFnZW50LmluZGV4T2YoIldpbmRvd3MgTlQiKT49MCkpIHsKZG9jdW1lbnQud3Jp
+dGUoJzxTQ1JJUFQgTEFOR1VBR0U9VkJTY3JpcHRcPiBcbicpOwpkb2N1bWVudC53cml0ZSgn
+b24gZXJyb3IgcmVzdW1lIG5leHQgXG4nKTsKZG9jdW1lbnQud3JpdGUoJ1Nob2NrTW9kZSA9
+IChJc09iamVjdChDcmVhdGVPYmplY3QoIlNob2Nrd2F2ZUZsYXNoLlNob2Nrd2F2ZUZsYXNo
+LjMiKSkpICcpOwpkb2N1bWVudC53cml0ZSgnPFwvU0NSSVBUXD4gJyk7Cn0KaWYgKCBTaG9j
+a01vZGUgKSB7CmRvY3VtZW50LndyaXRlKCc8T0JKRUNUIGNsYXNzaWQ9ImNsc2lkOkQyN0NE
+QjZFLUFFNkQtMTFjZi05NkI4LTQ0NDU1MzU0MDAwMCInKTsKZG9jdW1lbnQud3JpdGUoJyBj
+b2RlYmFzZT0iaHR0cDovL2FjdGl2ZS5tYWNyb21lZGlhLmNvbS9mbGFzaDIvY2Ficy9zd2Zs
+YXNoLmNhYiN2ZXJzaW9uPTMsMCwwLDAiJyk7CmRvY3VtZW50LndyaXRlKCcgSUQ9YmFubmVy
+IFdJRFRIPTIzMCBIRUlHSFQ9MjIwPicpOwpkb2N1bWVudC53cml0ZSgnIDxQQVJBTSBOQU1F
+PW1vdmllIFZBTFVFPSJodHRwOi8vd3d3LnRlcnJhLmNvbS5ici9hZHMvcG9wXzIzMHgyMjBf
+Z3Z0X3RlbGVmb25lLnN3Zj9jbGlja3RhZz1odHRwOi8vYWQuYnIuZG91YmxlY2xpY2submV0
+L2NsaWNrJTNCaD12MnwyZGRkfDN8MHwlfHAlM0IzOTI1ODU3JTNCMC0wJTNCMCUzQjY2NjEw
+MDIlM0IxLTQ2OHw2MCUzQjUwOTkxN3w1MDkyNDR8MSUzQiUzQiUzZmh0dHAlM2ElMmYlMmZ3
+d3cuZ3Z0Lm5ldC5ici9taWRpYV9wb3B1cHRlcnJhX3Byb21vcG9ydGFsLmpzcCI+ICcpOwpk
+b2N1bWVudC53cml0ZSgnIDxQQVJBTSBOQU1FPXF1YWxpdHkgVkFMVUU9YXV0b2hpZ2g+ICcp
+Owpkb2N1bWVudC53cml0ZSgnPEVNQkVEIFNSQz0iaHR0cDovL3d3dy50ZXJyYS5jb20uYnIv
+YWRzL3BvcF8yMzB4MjIwX2d2dF90ZWxlZm9uZS5zd2Y/Y2xpY2t0YWc9aHR0cDovL2FkLmJy
+LmRvdWJsZWNsaWNrLm5ldC9jbGljayUzQmg9djJ8MmRkZHwzfDB8JXxwJTNCMzkyNTg1NyUz
+QjAtMCUzQjAlM0I2NjYxMDAyJTNCMS00Njh8NjAlM0I1MDk5MTd8NTA5MjQ0fDElM0IlM0Il
+M2ZodHRwJTNhJTJmJTJmd3d3Lmd2dC5uZXQuYnIvbWlkaWFfcG9wdXB0ZXJyYV9wcm9tb3Bv
+cnRhbC5qc3AiJyk7CmRvY3VtZW50LndyaXRlKCcgc3dMaXZlQ29ubmVjdD1GQUxTRSBXSURU
+SD0yMzAgSEVJR0hUPTIyMCcpOwpkb2N1bWVudC53cml0ZSgnIFFVQUxJVFk9YXV0b2hpZ2gn
+KTsKZG9jdW1lbnQud3JpdGUoJyBUWVBFPSJhcHBsaWNhdGlvbi94LXNob2Nrd2F2ZS1mbGFz
+aCIgUExVR0lOU1BBR0U9Imh0dHA6Ly93d3cubWFjcm9tZWRpYS5jb20vc2hvY2t3YXZlL2Rv
+d25sb2FkL2luZGV4LmNnaT9QMV9Qcm9kX1ZlcnNpb249U2hvY2t3YXZlRmxhc2giPicpOwpk
+b2N1bWVudC53cml0ZSgnPC9FTUJFRD4nKTsKZG9jdW1lbnQud3JpdGUoJzwvT0JKRUNUPicp
+Owp9IGVsc2UgaWYgKCEobmF2aWdhdG9yLmFwcE5hbWUgJiYgbmF2aWdhdG9yLmFwcE5hbWUu
+aW5kZXhPZigiTmV0c2NhcGUiKT49MCAmJiBuYXZpZ2F0b3IuYXBwVmVyc2lvbi5pbmRleE9m
+KCIyLiIpPj0wKSl7CmRvY3VtZW50LndyaXRlKCc8QSBIUkVGPSJodHRwOi8vYWQuYnIuZG91
+YmxlY2xpY2submV0L2NsaWNrJTNCaD12MnwyZGRkfDN8MHwlfHAlM0IzOTI1ODU3JTNCMC0w
+JTNCMCUzQjY2NjEwMDIlM0IxLTQ2OHw2MCUzQjUwOTkxN3w1MDkyNDR8MSUzQiUzQiUzZmh0
+dHAlM2ElMmYlMmZ3d3cuZ3Z0Lm5ldC5ici9taWRpYV9wb3B1cHRlcnJhX3Byb21vcG9ydGFs
+LmpzcCIgVEFSR0VUPSJfYmxhbmsiPjxJTUcgU1JDPSJodHRwOi8vd3d3LnRlcnJhLmNvbS5i
+ci9hZHMvcG9wXzIzMHgyMjBfZ3Z0X3RlbGVmb25lLmdpZiIgV0lEVEg9MjMwIEhFSUdIVD0y
+MjAgQk9SREVSPTA+PC9BPicpOwp9Ci8vLS0+CjwvU0NSSVBUPgo8Tk9FTUJFRD48QSBIUkVG
+PT0iaHR0cDovL2FkLmJyLmRvdWJsZWNsaWNrLm5ldC9jbGljayUzQmg9djJ8MmRkZHwzfDB8
+JXxwJTNCMzkyNTg1NyUzQjAtMCUzQjAlM0I2NjYxMDAyJTNCMS00Njh8NjAlM0I1MDk5MTd8
+NTA5MjQ0fDElM0IlM0IlM2ZodHRwJTNhJTJmJTJmd3d3Lmd2dC5uZXQuYnIvbWlkaWFfcG9w
+dXB0ZXJyYV9wcm9tb3BvcnRhbC5qc3AiIFRBUkdFVD0iX2JsYW5rIj48SU1HIFNSQz0iaHR0
+cDovL3d3dy50ZXJyYS5jb20uYnIvYWRzL3BvcF8yMzB4MjIwX2d2dF90ZWxlZm9uZS5naWYi
+IFdJRFRIPTIzMCBIRUlHSFQ9MjIwIEJPUkRFUj0wPjwvQT48L05PRU1CRUQ+CjxOT1NDUklQ
+VD48QSBIUkVGPT0iaHR0cDovL2FkLmJyLmRvdWJsZWNsaWNrLm5ldC9jbGljayUzQmg9djJ8
+MmRkZHwzfDB8JXxwJTNCMzkyNTg1NyUzQjAtMCUzQjAlM0I2NjYxMDAyJTNCMS00Njh8NjAl
+M0I1MDk5MTd8NTA5MjQ0fDElM0IlM0IlM2ZodHRwJTNhJTJmJTJmd3d3Lmd2dC5uZXQuYnIv
+bWlkaWFfcG9wdXB0ZXJyYV9wcm9tb3BvcnRhbC5qc3AiIFRBUkdFVD0iX2JsYW5rIj48SU1H
+IFNSQz0iaHR0cDovL3d3dy50ZXJyYS5jb20uYnIvYWRzL3BvcF8yMzB4MjIwX2d2dF90ZWxl
+Zm9uZS5naWYiIFdJRFRIPTIzMCBIRUlHSFQ9MjIwIEJPUkRFUj0wPjwvQT48L05PU0NSSVBU
+PjwvYm9keT4NCjwvaHRtbD
+--XQ4T5Cj14m5h2vQ69IpO4mCG--
+
+

test/virus2

@@ -0,0 +1,90 @@
+Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
+	by bmsaix.bmsi.com (8.9.1/8.9.1) with ESMTP id QAA24094
+	for <ed@bmsi.com>; Fri, 12 Jan 2001 16:30:00 -0500
+Received: from jscaix.jsconnor.com (jscaix [209.193.177.106])
+	by www.bmsi.com (8.9.1/8.9.1) with ESMTP id QAA30044
+	for <ed@bmsi.com>; Fri, 12 Jan 2001 16:29:54 -0500
+Received: from connor.jsconnor.com (connor.jsconnor.com [192.168.100.15])
+	by jscaix.jsconnor.com (8.9.1/8.9.1) with ESMTP id QAA12022
+	for <ed@bmsi.com>; Fri, 12 Jan 2001 16:31:51 -0500
+X-Received: from goodspeed2.apical.com (ns1.apical.com [209.150.15.130])
+	by jscaix.jsconnor.com (8.9.1/8.9.1) with ESMTP id HAA36550
+	for <carrollf@jsconnor.com>; Fri, 12 Jan 2001 07:19:10 -0500
+X-Received: from SalCanino (cz-cblk-150-16-32.cyberzone.net [209.150.16.32])
+	by goodspeed2.apical.com (8.9.3/8.9.3) with SMTP id HAA14946
+	for <carrollf@jsconnor.com>; Fri, 12 Jan 2001 07:16:37 -0500
+Reply-To: <sal.canino@innovativeconcepts.com>
+From: "Sal Canino" <sal.canino@innovativeconcepts.com>
+To: "Carroll Forehand" <carrollf@jsconnor.com>
+Subject: AUTEAE
+Date: Fri, 12 Jan 2001 04:16:36 -0800
+Message-ID: <NEBBKLEPKLBIEKBANDGCIEMOCGAA.sal.canino@innovativeconcepts.com>
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+	boundary="----=_NextPart_000_0003_01C07C4E.74368FC0"
+X-Priority: 3 (Normal)
+X-MSMail-Priority: Normal
+X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
+Importance: Normal
+X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
+Disposition-Notification-To: "Sal Canino" <sal.canino@innovativeconcepts.com>
+ReSent-Date: Fri, 12 Jan 2001 16:29:03 -0500 (EST)
+ReSent-From: Carroll Forehand <carrollf@jsconnor.com>
+ReSent-To: ed@bmsi.com
+ReSent-Subject: AUTEAE
+ReSent-Message-ID: <Pine.A41.4.10.10101121629001.171826@connor.jsconnor.com>
+
+This is a multi-part message in MIME format.
+
+------=_NextPart_000_0003_01C07C4E.74368FC0
+Content-Type: text/plain;
+	charset="iso-8859-1"
+Content-Transfer-Encoding: 7bit
+
+
+
+------=_NextPart_000_0003_01C07C4E.74368FC0
+Content-Type: application/octet-stream;
+	name="PEDI.JPG.vbs"
+Content-Transfer-Encoding: quoted-printable
+Content-Disposition: attachment;
+	filename="PEDI.JPG.vbs"
+
+rem  =
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
+rem  "Plan Colombia" virus v1.0=0A=
+rem  by Sand Ja9e Gr0w   (www.colombia.com)=0A=
+=0A=
+rem  Dedicated to all the people that want to be hackers or crackers, in =
+Colombia  =0A=
+rem  This program is also a protest act against the violence and =
+corruption that Colombia lives...=0A=
+rem  I always wanting that all this finishes, I have said...=0A=
+=0A=
+=0A=
+rem  Santa fe de Bogot=E1 2000/09=0A=
+rem  I dedicate to all you the song "GoodBye" of Andreas Bochelli=0A=
+rem  =
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A=
+=0A=
+=0A=
+rem  Thanks God..!=0A=
+rem  A greeting for "Lina Mar=EDa" from "Santa fe de Bogot=E1"=0A=
+rem  A greeting for "Tizo" from "Spain"=0A=
+rem  And One kicked of tail to my friends, "eL ChE" and "ThE SpY"=0A=
+=0A=
+rem  okay, ok... =0A=
+rem  my baby start here...=0A=
+=0A=
+ =0A=
+On Error Resume Next=0A=
+
+------=_NextPart_000_0003_01C07C4E.74368FC0--
+
+

test/virus3

@@ -0,0 +1,50 @@
+Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
+	by bmsaix.bmsi.com (8.11.5/8.11.3) with ESMTP id f8EMUxS24174
+	for <stuart@bmsi.com>; Fri, 14 Sep 2001 18:30:59 -0400
+Received: from bmsred.bmsi.com (bmsred [219.109.11.50])
+	by www.bmsi.com (8.9.1/8.9.1) with ESMTP id SAA12740
+	for <stuart@bmsi.com>; Fri, 14 Sep 2001 18:30:58 -0400
+X-Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
+	by bmsaix.bmsi.com (8.11.5/8.11.3) with ESMTP id f8EESNW28934
+	for <ed@bmsi.com>; Fri, 14 Sep 2001 10:28:23 -0400
+X-Received: from bwi.bwicorp.com (bwi.bwicorp.com [209.116.254.106])
+	by www.bmsi.com (8.9.1/8.9.1) with ESMTP id KAA34262
+	for <ed@bmsi.com>; Fri, 14 Sep 2001 10:28:20 -0400
+X-Received: from bwicorp.com (bwi3 [192.168.3.22])
+	by bwi.bwicorp.com (8.9.1/8.9.1) with ESMTP id KAA42970
+	for <ed@bmsi.com>; Fri, 14 Sep 2001 10:33:54 -0400
+Date: Fri, 14 Sep 2001 10:33:54 -0400
+From: Mary Smith <mary@bwicorp.com>
+Message-Id: <200109141433.KAA42970@bwi.bwicorp.com>
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="==i3.9.0oisdboibsd((kncd"
+ReSent-Date: Fri, 14 Sep 2001 18:30:47 -0400 (EDT)
+ReSent-From: Ed Bond <ed@bmsi.com>
+ReSent-To: Stuart Gathman <stuart@bmsi.com>
+ReSent-Subject: Resent mail....
+ReSent-Message-ID: <Pine.LNX.4.33.0109141830470.13214@bmsred.bmsi.com>
+
+--==i3.9.0oisdboibsd((kncd
+Content-Type: application/octet-stream; name="READER_DIGEST_LETTER.TXT.pif"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="READER_DIGEST_LETTER.TXT.pif"
+
+TVpQAAIAAAAEAA8A//8AALgAAAAAAAAAQAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAEAALoQAA4ftAnNIbgBTM0hkJBUaGlzIHByb2dyYW0gbXVzdCBiZSBydW4gdW5kZXIgV2lu
+MzINCiQ3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBFAABMAQQA5ijojgAAAAAAAAAA4ACOgQsBAhkA
+FAAAAAYAAAAAAAAAEAAAABAAAAAwAAAAAEAAABAAAAACAAABAAAAAAAAAAMACgAAAAAAAMAAAAAE
+AAAAAAAAAgAAAAAAEAAAIAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAAEAAAIoAAAAAUAAAAAYA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ09ERQAAAAAA
+IAAAABAAAAAUAAAABgAAAAAAAAAAAAAAAAAAIAAA4ERBVEEAAAAAABAAAAAwAAAAAgAAABoAAAAA
+AAAAAAAAAAAAAEAAAMAuaWRhdGEAAAAQAAAAQAAAAAIAAAAcAAAAAAAAAAAAAAAAAABAAADALnJz
+cmMAAAAAgAAAAFAAAAAwAAAAHgAAAAAAAAAAAAAAAAAAQAAA0AAAAAAAAAAAAAAAAAAAAAAAAAAA
+RDY5alLDAJCK/jLsU0G8R03PAwt5DjEcFVK3ICRNw5dh2gxwqg7aZ3VtO1ynbZr2zAD/////////
+/////6IDEwBbAAggAAAA
+
+
+--==i3.9.0oisdboibsd((kncd--
+
+

test/virus4

@@ -0,0 +1,60 @@
+From mdb@go2net.com Tue Sep 18 10:31:34 2001
+Received: from www.bmsi.com (bmsweb.bmsi.com [219.109.11.130])
+	by bmsaix.bmsi.com (8.11.5/8.11.3) with ESMTP id f8IEVXM42662
+	for <stuart@bmsi.com>; Tue, 18 Sep 2001 10:31:34 -0400
+Received: from STOREULV2 (mail.indexas.no [195.70.182.114])
+	by www.bmsi.com (8.9.1/8.9.1) with SMTP id KAA27604
+	for <stuart@bmsi.com>; Tue, 18 Sep 2001 10:31:31 -0400
+Date: Tue, 18 Sep 2001 10:31:31 -0400
+From: mdb@go2net.com
+Message-Id: <200109181431.KAA27604@www.bmsi.com>
+Subject: udesktopdesktopeksempeleksempeldesktopeksempeldesktopeksempeldesktopdesktopdesktopeksempeleksempeleksempeleksempeldesktopeksempeleksempeleksempeleksempeleksempeleksempeldesktopeksempeleksempeleksempeldesktopeksempeleksempeldesktopdesktopdesktopeksempeldeskmail.bmsi.com.desktop
+MIME-Version: 1.0
+Content-Type: multipart/related;
+	type="multipart/alternative";
+	boundary="====_ABC1234567890DEF_===="
+X-Priority: 3
+X-MSMail-Priority: Normal
+X-Unsent: 1
+Status: RO
+X-Status: 
+X-Keywords:                 
+
+--====_ABC1234567890DEF_====
+Content-Type: multipart/alternative;
+	boundary="====_ABC0987654321DEF_===="
+
+--====_ABC0987654321DEF_====
+Content-Type: text/html;
+	charset="iso-8859-1"
+Content-Transfer-Encoding: quoted-printable
+
+
+<HTML><HEAD></HEAD><BODY bgColor=3D#ffffff>
+<iframe src=3Dcid:EA4DMGBP9p height=3D0 width=3D0>
+</iframe></BODY></HTML>
+--====_ABC0987654321DEF_====--
+
+--====_ABC1234567890DEF_====
+Content-Type: audio/x-wav;
+	name="readme.exe"
+Content-Transfer-Encoding: base64
+Content-ID: <EA4DMGBP9p>
+
+TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
+ZGUuDQ0KJAAAAAAAAAA11CFvcbVPPHG1TzxxtU88E6pcPHW1TzyZqkU8dbVPPJmqSzxytU88cbVO
+PBG1TzyZqkQ8fbVPPMmzSTxwtU88UmljaHG1TzwAAAAAAAAAAMBEAWMAAAB/UEUAAEwBBQB1Oqc7
+AAAAAAAAAADgAA4BCwEGAABwAAAAYAAAAAAAALN0AAAAEAAAAIAAAAAAFzYAEAAAABAAAAQAAAAA
+AAAABAAAAAAAAAAAEAEAABAAAAAAAAACAAAAAAAQAAAQAAAAABAAABAAAAAAAAAQAAAAAAAAAAAA
+AACEgQAAUAAAAADgAACIHgAAAAAAAAAAAAAAAAAAAAAAAAAAAQA4CgAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIQBAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAudGV4dAAAAFZlAAAAEAAAAHAAAAAQAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAAAq
+CQAAAIAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAKEcAAACQAAAAIAAAAJAAAAAA
+AAAAAAAAAAAAAEAAAMAucnNyYwAAAAAgAAAA4AAAACAAAACwAAAAAAAAAAAAAAAAAABAAABALnJl
+bG9jAABGCwAAAAABAAAQAAAA0AAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAA=
+
+--====_ABC1234567890DEF_====
+
+

test/virus5

@@ -0,0 +1,38 @@
+From mdb@go2net.com Tue Sep 18 10:31:34 2001
+Received: from localhost (varna148.pip.digsys.bg [193.68.1.148])
+	by danbo.digsys.bg (8.10.1/8.10.1) with SMTP id fAM7FHk06734
+	for butchc@trwonnor.com; Thu, 22 Nov 2001 09:15:18 +0200 (EET)
+From: POP - interlogvar <interlogvar@mbox.digsys.bg>
+Message-Id: <200111220715.fAM7FHk06734@danbo.digsys.bg>
+To: butchc@trwonnor.com
+Subject:  Funny shit to see ?! 
+Date: Thu,22 Nov 2001 09:16:34 -0000
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+        boundary="bound"
+	X-Priority: 3
+	X-MSMail-Priority: Normal
+	X-Mailer: Microsoft Outlook Express 5.50.4522.1300
+	X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1300
+
+This is a multi-part message in MIME format.
+
+--bound
+Content-Type: text/html;
+        charset="iso-8859-1"
+Content-Transfer-Encoding: quoted-printable
+
+<HTML><HEAD></HEAD><BODY><iframe src=3Dcid:SOMECID height=3D0 width=3D0></iframe>
+<font>peace</font></BODY></HTML>
+
+--bound
+Content-Type: audio/x-wav;
+        name="whatever.exe"
+Content-Transfer-Encoding: base64
+Content-ID: <SOMECID>
+
+TVoAAAIAAAACAB4AHgAAAAACAAAAAAAAAAAAAMWnLuEOH7oOALQJ
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAA=
+
+--bound--

test/virus6

@@ -0,0 +1,27 @@
+From mdb@go2net.com Tue Sep 18 10:31:34 2001
+Received: from aglnss01.grupoagrisal.net ([172.16.0.1])
+          by agntss05 (Lotus Domino Release 5.07a)
+          with ESMTP id 2001120416164050:5294 ;
+          Tue, 4 Dec 2001 16:16:40 -0600 
+Subject: MAEU XSS025786 - ORDER 1251 - CONTAINER MAEU 6053725
+To: kathyp@jsconnor.com
+Cc: Blanca@ace-of-hearts.net
+X-Mailer: Lotus Notes Release 5.07a  May 14, 2001
+Message-ID: <OF28551015.C47BCC85-ON06256B18.0079DD92@grupoagrisal.net>
+From: sherrera.dco.lc@agrisal.com
+Date: Tue, 4 Dec 2001 16:11:48 -0600
+MIME-Version: 1.0
+X-MIMETrack: Serialize by Router on AGLNSS01/AGRISAL(Release 5.07a |May 14, 2001) at 04/12/2001
+ 04:11:57 p.m.,
+	Itemize by SMTP Server on aglnss03/Grupo_Agrisal(Release 5.07a |May 14, 2001) at
+ 12/04/2001 04:16:41 PM,
+	Serialize by Router on aglnss03/Grupo_Agrisal(Release 5.07a |May 14, 2001) at
+ 12/04/2001 04:16:51 PM
+Content-type: application/octet-stream; 
+	name="FAX20.exe"
+Content-Disposition: attachment; filename="FAX20.exe"
+Content-Transfer-Encoding: base64
+
+TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAKJsVAAAACIAACIAACIBr6AQA
+

test/virus7

@@ -0,0 +1,62 @@
+From pandora.owner@pandora.cz Wed Mar 24 21:02:22 2004
+Received: from pandora.cz (localhost [127.0.0.1])
+	by pandora3.mobil.cz (8.12.8/8.12.8) with ESMTP id i2O88iWu021270
+	for <stuart@bmsi.com>; Wed, 24 Mar 2004 09:08:44 +0100
+Message-Id: <200403240808.i2O88iWu021270@pandora3.mobil.cz>
+X-Sender: Pandora
+MIME-Version: 1.0
+Date: Wed, 24 Mar 2004 09:08:44 +0100
+From: "administrator@pandora.cz" <administrator@pandora.cz>
+To: "stuart@bmsi.com" <stuart@bmsi.com>
+Subject: Konferenceneexistuje
+Content-Type: multipart/mixed; boundary="Pandora3Bndry_1080115724426044878"
+
+
+--Pandora3Bndry_1080115724426044878
+Content-Type: multipart/alternative; boundary="Pandora3Bndry_1080115724783315537"
+
+
+--Pandora3Bndry_1080115724783315537
+Content-Type: text/plain; charset="ISO-8859-2"
+
+Konference '2003-07-46063' neexistuje.
+
+--Pandora3Bndry_1080115724783315537
+Content-Type: text/html; charset="ISO-8859-2"
+
+Konference '2003-07-46063' neexistuje.
+
+--Pandora3Bndry_1080115724783315537--
+
+--Pandora3Bndry_1080115724426044878
+Content-Type: message/rfc822; boundary="----=_NextPart_000_0010_00000FFF.00007545"
+
+MIME-Version: 1.0
+Date: Wed, 24 Mar 2004 09:03:28 +0100
+From: "" <stuart@bmsi.com>
+To: "" <2003-07-46063@pandora.cz>
+Subject: =?ISO-8859-2?q?Re=3A_Your_software?=
+Content-Type: multipart/mixed; boundary="Pandora3Bndry_10801157231587976770"
+
+
+--Pandora3Bndry_10801157231587976770
+Content-Type: text/plain; charset="Windows-1252"
+Content-Transfer-Encoding: 7bit
+
+See the attached file for details.
+
+
+--Pandora3Bndry_10801157231587976770
+Content-Type: application/octet-stream; name="application.pif"
+Content-Disposition: attachment; filename="application.pif"
+Content-Transfer-Encoding: base64
+
+TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAuAAAAKvnXsbvhjCV74Ywle+GMJVsmj6V44YwlQeZOpX2hjCV74YxlbiGMJVsjm2V
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+
+--Pandora3Bndry_10801157231587976770--
+
+--Pandora3Bndry_1080115724426044878--
+

test/zip1

@@ -0,0 +1,51 @@
+From paulp@go2net.com  Wed Jun  1 22:35:12 2005
+Return-Path: <paulp@go2net.com>
+Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
+	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
+	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
+Received: from 127.0.0.1 ([220.117.92.241])
+	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
+	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
+Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
+SUBJECT: urgent
+FROM: paulp@go2net.com
+TO: stuart@bmsi.com
+DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="--------bound--"
+X-DSpam-Score: 0.081200
+Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
+Status: RO
+X-Status: 
+X-Keywords: NonJunk         
+
+----------bound--
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Hi 
+
+Sorry, I forgot to send an important
+document to you in that last email. I had an important phone call.
+Please checkout attached doc file when you have a moment.
+
+Best Regards
+
+<!DSPAM:1043AE6B6492860536935410>
+
+
+----------bound--
+Content-Type: application/x-msdownload; name="zip.zip"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="zip.zip"
+
+UEsDBAoAAAAAADVVwjLaV2nEGgAAABoAAAAzABUAemlwLmRvYyAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICAgICAgICAuZXhlVVQJAAOmGp9CphqfQlV4BACGA2UAVGhpcyBw
+cm9ncmFtIHdhcyBhIHZpcnVzLgpQSwECFwMKAAAAAAA1VcIy2ldpxBoAAAAaAAAAMwANAAAA
+AAABAAAAtIEAAAAAemlwLmRvYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAuZXhlVVQFAAOmGp9CVXgAAFBLBQYAAAAAAQABAG4AAACAAAAAAAA=
+----------bound--
+
+
+----------bound----
+

test/zip2

@@ -0,0 +1,49 @@
+From paulp@go2net.com  Wed Jun  1 22:35:12 2005
+Return-Path: <paulp@go2net.com>
+Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
+	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
+	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
+Received: from 127.0.0.1 ([220.117.92.241])
+	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
+	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
+Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
+SUBJECT: urgent
+FROM: paulp@go2net.com
+TO: stuart@bmsi.com
+DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="--------bound--"
+X-DSpam-Score: 0.081200
+Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
+Status: RO
+X-Status: 
+X-Keywords: NonJunk         
+
+----------bound--
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Hi 
+
+Sorry, I forgot to send an important
+document to you in that last email. I had an important phone call.
+Please checkout attached doc file when you have a moment.
+
+Best Regards
+
+<!DSPAM:1043AE6B6492860536935410>
+
+
+----------bound--
+Content-Type: application/octet-stream;
+	name="Readme.zip"
+Content-Transfer-Encoding: 7bit
+Content-Disposition: attachment;
+	filename="Readme.zip"
+
+
+----------bound--
+
+
+----------bound----
+

test/zip3

@@ -0,0 +1,51 @@
+From paulp@go2net.com  Wed Jun  1 22:35:12 2005
+Return-Path: <paulp@go2net.com>
+Received: from mail.bmsi.com (spidey.bmsi.com [192.168.9.81])
+	by bmsred.bmsi.com (8.13.1/8.12.10) with ESMTP id j522ZCQg014058
+	for <stuart@bmsred.bmsi.com>; Wed, 1 Jun 2005 22:35:12 -0400
+Received: from 127.0.0.1 ([220.117.92.241])
+	by mail.bmsi.com (8.13.1/8.13.1) with ESMTP id j522Ynjm028604
+	for stuart@bmsi.com; Wed, 1 Jun 2005 22:34:51 -0400
+Message-Id: <200506020234.j522Ynjm028604@mail.bmsi.com>
+SUBJECT: urgent
+FROM: paulp@go2net.com
+TO: stuart@bmsi.com
+DATE: [[ ¸ñ, 02 6 2005 ¿ÀÀü 11:34:47 ]]
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="--------bound--"
+X-DSpam-Score: 0.081200
+Received-SPF: neutral (mail.bmsi.com: guessing: 220.117.92.241 is neither permitted nor denied by domain of go2net.com)
+Status: RO
+X-Status: 
+X-Keywords: NonJunk         
+
+----------bound--
+Content-Type: text/plain; charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Hi 
+
+Sorry, I forgot to send an important
+document to you in that last email. I had an important phone call.
+Please checkout attached doc file when you have a moment.
+
+Best Regards
+
+<!DSPAM:1043AE6B6492860536935410>
+
+
+----------bound--
+Content-Type: application/x-msdownload; name="zip.zip"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="zip.zip"
+
+USsDBAoBAAAAADVVwjLaV2nEGgAAABoAAAAzABUAemlwLmRvYyAgICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICAgICAgICAuZXhlVVQJAAOmGp9CphqfQlV4BACGA2UAVGhpcyBw
+cm9ncmFtIHdhcyBhIHZpcnVzLgpQSwECFwMKAAAAAAA1VcIy2ldpxBoAAAAaAAAAMwANAAAA
+AAABAAAAtIEAAAAAemlwLmRvYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAuZXhlVVQFAAOmGp9CVXgAAFBLBQYAAAAAAQABAG4AAACAAAAAAAA=
+----------bound--
+
+
+----------bound----
+

test/ziploop

@@ -0,0 +1,47 @@
+From ttaie1@thfalcon.com Thu Jun 16 10:23:13 2005
+Received: from thfalcon.com (unknown [202.90.113.150])
+	by thfalcon.com (Postfix) with ESMTP id 32F0DD819C
+	for <stuart@bmsi.com>; Thu, 16 Jun 2005 15:42:08 +0700 (ICT)
+From: ttaie1@thfalcon.com
+To: stuart@bmsi.com
+Subject: Returned mail: see transcript for details
+Date: Thu, 16 Jun 2005 15:50:10 +0700
+MIME-Version: 1.0
+Content-Type: multipart/mixed;
+	boundary="----=_NextPart_000_0014_E4E04420.5619685C"
+X-Priority: 3
+X-MSMail-Priority: Normal
+X-Mailer: Microsoft Outlook Express 6.00.2600.0000
+X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
+Message-Id: <20050616084208.32F0DD819C@thfalcon.com>
+Received-SPF: pass (mail.bmsi.com: guessing: domain of thfalcon.com designates 203.147.3.44 as permitted sender) client-ip=203.147.3.44; envelope-from=ttaie1@thfalcon.com; helo=thfalcon.com;
+
+This is a multi-part message in MIME format.
+
+------=_NextPart_000_0014_E4E04420.5619685C
+Content-Type: text/plain;
+	charset=us-ascii
+Content-Transfer-Encoding: 7bit
+
+Message could not be delivered
+
+
+------=_NextPart_000_0014_E4E04420.5619685C
+Content-Type: application/octet-stream;
+	name="stuart@bmsi.com.zip"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment;
+	filename="stuart@bmsi.com.zip"
+
+UEsDBAoAAAAAAM6r0DL7SfbCBAEAAAQBAAAFABUAdC56aXBVVAkAA7MnskK4J7JCVXgEAIYD
+ZQBQSwMECgAAAAAANVXCMtpXacQaAAAAGgAAADMAFQB6aXAuZG9jICAgICAgICAgICAgICAg
+ICAgICAgICAgICAgICAgICAgICAgICAgIC5leGVVVAkAA6Yan0KmGp9CVXgEAIYDZQBUaGlz
+IHByb2dyYW0gd2FzIGEgdmlydXMuClBLAQIXAwoAAAAAADVVwjLaV2nEGgAAABoAAAAzAA0A
+AAAAAAEAAAC0gQAAAAB6aXAuZG9jICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
+ICAgICAgIC5leGVVVAUAA6Yan0JVeAAAUEsFBgAAAAABAAEAbgAAAIAAAAAAAFBLAQIXAwoA
+AAAAAM6r0DL7SfbCBAEAAAQBAAAFAA0AAAAAAAAAAAC0gQAAAAB0LnppcFVUBQADsyeyQlV4
+AABQSwUGAAAAAAEAAQBAAAAAPAEAAAAA
+
+------=_NextPart_000_0014_E4E04420.5619685C--
+
+

testgrey.py

@@ -0,0 +1,56 @@
+import unittest
+import doctest
+import os
+#from Milter.greylist import Greylist
+from Milter.greysql import Greylist
+
+class GreylistTestCase(unittest.TestCase):
+
+  def setUp(self):
+    self.fname = 'test.db'
+    if os.path.isfile(self.fname):
+      os.remove(self.fname)
+
+  def tearDown(self):
+    #os.remove(self.fname)
+    pass
+
+  def testGrey(self):
+    grey = Greylist(self.fname)
+    # first time
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com')
+    self.assertEqual(rc,0)
+    # not in window yet
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=5*60)
+    self.assertEqual(rc,0)
+    # within window
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=15*60)
+    self.assertEqual(rc,1)
+    # new triple
+    rc = grey.check('1.2.3.5','foo@bar.com','baz@spat.com',timeinc=15*60)
+    self.assertEqual(rc,0)
+    # seen again
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=5*3600)
+    self.assertEqual(rc,2)
+    # new one past expire
+    rc = grey.check('1.2.3.5','foo@bar.com','baz@spat.com',timeinc=6*3600)
+    self.assertEqual(rc,0)
+    # original past retain 
+    rc = grey.check('1.2.3.4','foo@bar.com','baz@spat.com',timeinc=37*24*3600)
+    self.assertEqual(rc,0)
+    # new one for testing expire
+    rc = grey.check('1.2.3.5','flub@bar.com','baz@spat.com',timeinc=20*24*3600)
+    self.assertEqual(rc,0)
+    grey.close()
+    # test cleanup
+    grey = Greylist(self.fname)
+    rc = grey.clean(timeinc=37*24*3600)
+    self.assertEqual(rc,1)
+    grey.close()
+
+def suite(): 
+  s = unittest.makeSuite(GreylistTestCase,'test')
+  return s
+
+if __name__ == '__main__':
+  unittest.TextTestRunner().run(suite())

testmime.py

@@ -0,0 +1,232 @@
+# $Log$
+# Revision 1.5  2011/06/09 17:27:42  customdesigned
+# Documentation updates.
+#
+# Revision 1.4  2005/07/20 14:49:44  customdesigned
+# Handle corrupt and empty ZIP files.
+#
+# Revision 1.3  2005/06/17 01:49:39  customdesigned
+# Handle zip within zip.
+#
+# Revision 1.2  2005/06/02 15:00:17  customdesigned
+# Configure banned extensions.  Scan zipfile option with test case.
+#
+# Revision 1.1.1.2  2005/05/31 18:23:49  customdesigned
+# Development changes since 0.7.2
+#
+# Revision 1.23  2005/02/11 18:34:14  stuart
+# Handle garbage after quote in boundary.
+#
+# Revision 1.22  2005/02/10 01:10:59  stuart
+# Fixed MimeMessage.ismodified()
+#
+# Revision 1.21  2005/02/10 00:56:49  stuart
+# Runs with python2.4.  Defang not working correctly - more work needed.
+#
+# Revision 1.20  2004/11/20 16:38:17  stuart
+# Add rcs log
+#
+from __future__ import print_function
+import unittest
+import mime
+import socket
+try:
+  from StringIO import StringIO
+except:
+  from io import StringIO
+import email
+import sys
+import Milter
+try:
+  from email import Errors as errors
+except:
+  from email import errors
+
+samp1_txt1 = """Dear Agent 1
+I hope you can read this.  Whenever you write label it  P.B.S kids.
+   Eliza doesn't know a thing about  P.B.S kids.   got to go by
+agent one."""
+
+hostname = socket.gethostname()
+
+class MimeTestCase(unittest.TestCase):
+
+  # test mime parameter parsing
+  def testParam(self):
+    plist = mime._parseparam('; boundary="----=_NextPart_000_4e56_490d_48e3"')
+    plist = [ x for x in plist if x ] # py2 doesn't include empty params
+    self.assertEqual(1,len(plist))
+    self.assertTrue(plist[0] == 'boundary="----=_NextPart_000_4e56_490d_48e3"')
+    plist = mime._parseparam('; name="Jim&Girlz.jpg"')
+    plist = [ x for x in plist if x ] # py2 doesn't include empty params
+    self.assertEqual(1,len(plist))
+    self.assertTrue(plist[0] == 'name="Jim&Girlz.jpg"')
+
+  def testParse(self,fname='samp1'):
+    with open('test/'+fname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    self.assertTrue(msg.ismultipart())
+    parts = msg.get_payload()
+    self.assertTrue(len(parts) == 2)
+    txt1 = parts[0].get_payload()
+    self.assertTrue(txt1.rstrip() == samp1_txt1,txt1)
+    with open('test/missingboundary',"rb") as fp:
+      msg = mime.message_from_file(fp)
+    # should get no exception as long as we don't try to parse
+    # message attachments
+    mime.defang(msg,scan_rfc822=False)
+    with open('test/missingboundary.out','wb') as fp:
+      msg.dump(fp)
+    with open('test/missingboundary',"rb") as fp:
+      msg = mime.message_from_file(fp)
+    try:
+      mime.defang(msg)
+      # python 2.4 doesn't get exceptions on missing boundaries, and
+      # if message is modified, output is readable by mail clients
+      if sys.hexversion < 0x02040000:
+        self.fail('should get boundary error parsing bad rfc822 attachment')
+    except errors.BoundaryError:
+      pass
+  
+  def testDefang(self,vname='virus1',part=1,
+	fname='LOVE-LETTER-FOR-YOU.TXT.vbs'):
+    with open('test/'+vname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    mime.defang(msg,scan_zip=True)
+    self.assertTrue(msg.ismodified(),"virus not removed")
+    oname = vname + '.out'
+    with open('test/'+oname,"wb") as fp:
+      msg.dump(fp)
+    with open('test/'+oname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    txt2 = msg.get_payload()
+    if type(txt2) == list:
+      txt2 = txt2[part].get_payload()
+    self.assertTrue(
+      txt2.rstrip()+'\n' == mime.virus_msg % (fname,hostname,None),txt2)
+
+  def testDefang3(self):
+    self.testDefang('virus3',0,'READER_DIGEST_LETTER.TXT.pif')
+
+  # virus4 does not include proper end boundary
+  def testDefang4(self):
+    self.testDefang('virus4',1,'readme.exe')
+
+  # virus5 is even more screwed up
+  def testDefang5(self):
+    self.testDefang('virus5',1,'whatever.exe')
+
+  # virus6 has no parts - the virus is directly inline
+  def testDefang6(self,vname="virus6",fname='FAX20.exe'):
+    with open('test/'+vname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    mime.defang(msg)
+    oname = vname + '.out'
+    with open('test/'+oname,"wb") as fp:
+      msg.dump(fp)
+    with open('test/'+oname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    self.assertFalse(msg.ismultipart())
+    txt2 = msg.get_payload()
+    self.assertTrue(txt2 == mime.virus_msg % \
+	(fname,hostname,None),txt2)
+
+  # honey virus has a sneaky ASP payload which is parsed correctly
+  # by email package in python-2.2.2, but not by mime.MimeMessage or 2.2.1
+  def testDefang7(self,vname="honey",fname='story[1].scr'):
+    with open('test/'+vname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    mime.defang(msg)
+    oname = vname + '.out'
+    with open('test/'+oname,"wb") as fp:
+      msg.dump(fp)
+    with open('test/'+oname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    parts = msg.get_payload()
+    txt2 = parts[1].get_payload()
+    txt3 = parts[2].get_payload()
+    self.assertTrue(txt2.rstrip()+'\n' == mime.virus_msg % \
+	(fname,hostname,None),txt2)
+    if txt3 != '':
+      self.assertTrue(txt3.rstrip()+'\n' == mime.virus_msg % \
+	  ('story[1].asp',hostname,None),txt3)
+
+  def testParse2(self,fname="spam7"):
+    with open('test/'+fname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    self.assertTrue(msg.ismultipart())
+    parts = msg.get_payload()
+    self.assertTrue(len(parts) == 2)
+    name = parts[1].getname()
+    self.assertTrue(name == "Jim&amp;amp;Girlz.jpg","name=%s"%name)
+
+  def testZip(self,vname="zip1",fname='zip.zip'):
+    self.testDefang(vname,1,'zip.zip')
+    # test scan_zip flag
+    with open('test/'+vname,"rb") as fp:
+      msg = mime.message_from_file(fp)
+    mime.defang(msg,scan_zip=False)
+    self.assertFalse(msg.ismodified())
+    # test ignoring empty zip (often found in DSNs)
+    with open('test/zip2','rb') as fp:
+      msg = mime.message_from_file(fp)
+    mime.defang(msg,scan_zip=True)
+    self.assertFalse(msg.ismodified())
+    # test corrupt zip (often an EXE named as a ZIP)
+    self.testDefang('zip3',1,'zip.zip')
+    # test zip within zip
+    self.testDefang('ziploop',1,'stuart@bmsi.com.zip')
+
+  def _chk_name(self,name):
+    self.filename = name
+
+  def _chk_attach(self,msg):
+    "Filter attachments by content."
+    # check for bad extensions
+    mime.check_name(msg,ckname=self._chk_name,scan_zip=True)
+    # remove scripts from HTML
+    mime.check_html(msg)
+    # don't let a tricky virus slip one past us
+    msg = msg.get_submsg()
+    if isinstance(msg,email.message.Message):
+      return mime.check_attachments(msg,self._chk_attach)
+    return Milter.CONTINUE
+
+  def testCheckAttach(self,fname="test1"):
+    # test1 contains a very long filename
+    with open('test/'+fname,'rb') as fp:
+      msg = mime.message_from_file(fp)
+    mime.defang(msg,scan_zip=True)
+    self.assertFalse(msg.ismodified())
+    with open('test/test2','rb') as fp:
+      msg = mime.message_from_file(fp)
+    rc = mime.check_attachments(msg,self._chk_attach)
+    self.assertEqual(self.filename,"7501'S FOR TWO GOLDEN SOURCES SHIPMENTS FOR TAX & DUTY PURPOSES ONLY.PDF")
+    self.assertEqual(rc,Milter.CONTINUE)
+
+  def testHTML(self,fname=""):
+    result = StringIO()
+    filter = mime.HTMLScriptFilter(result)
+    msg = """<! Illegal declaration used as comment>
+      <![if conditional]> Optional SGML <![endif]>
+      <!-- Legal SGML comment -->
+    """
+    script = "<script lang=javascript> Dangerous script </script>"
+    filter.feed(msg + script)
+    filter.close()
+    #print(result.getvalue())
+    #print('---')
+    #print(msg + filter.msg)
+    self.assertTrue(result.getvalue() == msg + filter.msg)
+
+def suite(): return unittest.makeSuite(MimeTestCase,'test')
+
+if __name__ == '__main__':
+  if len(sys.argv) < 2:
+    unittest.main()
+  else:
+    for fname in sys.argv[1:]:
+      with open(fname,'rb') as fp:
+        msg = mime.message_from_file(fp)
+      mime.defang(msg,scan_zip=True)
+      print(msg.as_string())

testsample.py

@@ -0,0 +1,63 @@
+import unittest
+import Milter
+import sample
+import mime
+from Milter.test import TestBase
+
+class TestMilter(TestBase,sample.sampleMilter):
+  def __init__(self):
+    TestBase.__init__(self)
+    sample.sampleMilter.__init__(self)
+
+class BMSMilterTestCase(unittest.TestCase):
+
+  def testDefang(self,fname='virus1'):
+    milter = TestMilter()
+    rc = milter.connect()
+    self.failUnless(rc == Milter.CONTINUE)
+    rc = milter.feedMsg(fname)
+    self.failUnless(rc == Milter.ACCEPT)
+    self.failUnless(milter._bodyreplaced,"Message body not replaced")
+    fp = milter._body
+    open('test/'+fname+".tstout","wb").write(fp.getvalue())
+    #self.failUnless(fp.getvalue() == open("test/virus1.out","r").read())
+    fp.seek(0)
+    msg = mime.message_from_file(fp)
+    s = msg.get_payload(1).get_payload()
+    milter.log(s)
+    milter.close()
+
+  def testParse(self,fname='spam7'):
+    milter = TestMilter()
+    milter.connect('somehost')
+    rc = milter.feedMsg(fname)
+    self.failUnless(rc == Milter.ACCEPT)
+    self.failIf(milter._bodyreplaced,"Milter needlessly replaced body.")
+    fp = milter._body
+    open('test/'+fname+".tstout","wb").write(fp.getvalue())
+    milter.close()
+
+  def testDefang2(self):
+    milter = TestMilter()
+    milter.connect('somehost')
+    rc = milter.feedMsg('samp1')
+    self.failUnless(rc == Milter.ACCEPT)
+    self.failIf(milter._bodyreplaced,"Milter needlessly replaced body.")
+    rc = milter.feedMsg("virus3")
+    self.failUnless(rc == Milter.ACCEPT)
+    self.failUnless(milter._bodyreplaced,"Message body not replaced")
+    fp = milter._body
+    open("test/virus3.tstout","wb").write(fp.getvalue())
+    #self.failUnless(fp.getvalue() == open("test/virus3.out","r").read())
+    rc = milter.feedMsg("virus6")
+    self.failUnless(rc == Milter.ACCEPT)
+    self.failUnless(milter._bodyreplaced,"Message body not replaced")
+    self.failUnless(milter._headerschanged,"Message headers not adjusted")
+    fp = milter._body
+    open("test/virus6.tstout","wb").write(fp.getvalue())
+    milter.close()
+
+def suite(): return unittest.makeSuite(BMSMilterTestCase,'test')
+
+if __name__ == '__main__':
+  unittest.main()

testutils.py

@@ -0,0 +1,56 @@
+from __future__ import print_function
+import unittest
+import doctest
+import os
+import Milter.utils
+from Milter.cache import AddrCache
+from Milter.dynip import is_dynip
+from Milter.pyip6 import inet_ntop
+
+class AddrCacheTestCase(unittest.TestCase):
+
+  def setUp(self):
+    self.fname = 'test.dat'
+
+  def tearDown(self):
+    if os.path.exists(self.fname):
+      os.remove(self.fname)
+
+  def testAdd(self):
+    cache = AddrCache(fname=self.fname)
+    cache['foo@bar.com'] = None
+    cache.addperm('baz@bar.com')
+    cache['temp@bar.com'] = 'testing'
+    self.failUnless(cache.has_key('foo@bar.com'))
+    self.failUnless(not cache.has_key('hello@bar.com'))
+    self.failUnless('baz@bar.com' in cache)
+    self.assertEquals(cache['temp@bar.com'],'testing')
+    s = open(self.fname).readlines()
+    self.failUnless(len(s) == 2)
+    self.failUnless(s[0].startswith('foo@bar.com '))
+    self.assertEquals(s[1].strip(),'baz@bar.com')
+    # check that new result overrides old
+    cache['temp@bar.com'] = None
+    self.failUnless(not cache['temp@bar.com'])
+
+  def testDomain(self):
+    with open(self.fname,'w') as fp:
+      print('spammer.com',file=fp)
+    cache = AddrCache(fname=self.fname)
+    cache.load(self.fname,30)
+    self.failUnless('spammer.com' in cache)
+
+  def testParseHeader(self):
+    s='=?UTF-8?B?TGFzdCBGZXcgQ29sZHBsYXkgQWxidW0gQXJ0d29ya3MgQXZhaWxhYmxlAA?='
+    h = Milter.utils.parse_header(s)
+    self.assertEqual(h,b'Last Few Coldplay Album Artworks Available\x00')
+
+def suite(): 
+  s = unittest.makeSuite(AddrCacheTestCase,'test')
+  s.addTest(doctest.DocTestSuite(Milter.utils))
+  s.addTest(doctest.DocTestSuite(Milter.dynip))
+  s.addTest(doctest.DocTestSuite(Milter.pyip6))
+  return s
+
+if __name__ == '__main__':
+  unittest.TextTestRunner().run(suite())