Stuart Gathman
122 lines
4.6 KiB
Plaintext
122 lines
4.6 KiB
Plaintext
Auto_whitelist is checked in check_spf(), but check_spf() is not called for
|
|
trusted_relay. Hence, mail relayed via trusted relay is not whitelisted.
|
|
Should also check auto_whitelist for trusted relay - but need to extract
|
|
relay SPF result from Received-SPF or X-Guessed-SPF header field.
|
|
|
|
FIXME: DSN for Permerror shows 'None' for error.
|
|
|
|
Another metaDSN format:
|
|
Subject: Delivery Report
|
|
...
|
|
Original-Envelope-ID: SRS0...@...
|
|
|
|
For selected domains, check rcpts via CBV before accepting mail. Cache
|
|
results. This will kick out dictonary attacks against a mail domain
|
|
behind a gateway sooner.
|
|
|
|
Allow blacklisted emails as well as domains in blacklist.log. Use same
|
|
data structure as autowhitelist.log. Add emails blacklisted via CBV
|
|
so that they are remembered across milter restarts.
|
|
|
|
Make all dictionaries work like honeypot. Do not train as ham unless
|
|
whitelisted. Train on blacklisted messages, or spam feedback.
|
|
|
|
Allow unsigned DSNs from selected domains (that don't accept signed MFROM,
|
|
e.g. verizon.net).
|
|
|
|
Added Message-ID header to DSN with SRS signed sender. When seen on incoming
|
|
rfc ignorant failure message, blacklist sender.
|
|
|
|
Allow verified hostnames for trusted_relay. E.g. HELO name that
|
|
passes SPF.
|
|
|
|
Table of sendmail macros for documentation.
|
|
|
|
When do we get two hello calls? STARTTLS is one reason.
|
|
|
|
Option: accept mail from auto-whitelisted senders even with spf-fail,
|
|
but do not update dspam. This can be done for individual senders or domains
|
|
using the access file.
|
|
|
|
pysrs: SRS doesn't get applied to proper recipients when there are
|
|
multiple recipients. This requires debugging cf scripts - yuk.
|
|
|
|
auto_whitelist false_positives from quarantine - perhaps only when
|
|
user selects special button (use special header to communicate
|
|
that from dspamcgi.py to milter.)
|
|
|
|
Use send_dsn.log for blacklist also. AddrCache needs localpart
|
|
wildcard (e.g. empty localpart).
|
|
|
|
Quarantined mail is missing headers modified/added by milter after
|
|
checking dspam.
|
|
|
|
Require signed MFROM for all incoming bounces when signing all outgoing mail -
|
|
except from trusted relays.
|
|
|
|
Send DSN for permerror before processing extended result. An additional
|
|
DSN may be sent based on extended result.
|
|
|
|
Rescind whitelist for banned extensions, in case sender is infected.
|
|
|
|
Train honeypot on error only.
|
|
|
|
Find rfc2822 policy for MFROM quoting.
|
|
|
|
Support explicit errors for SPF policy in access file:
|
|
SPF-Neutral:aol.com ERROR:"550 AOL mail must get SPF PASS"
|
|
|
|
Defer TEMPERROR in SPF evaluation - give precedence to security
|
|
(only defer for PASS mechanisms).
|
|
|
|
Option to add Received-SPF header, but never reject on SPF.
|
|
I think the above will handle this.
|
|
|
|
Create null config that does nothing - except maybe add Received-SPF
|
|
headers. Many admins would like to turn features on one at a time.
|
|
|
|
Can't output messages with malformed rfc822 attachments.
|
|
|
|
Move milter,Milter,mime,spf modules to pymilter
|
|
milter package will have bms.py application
|
|
|
|
Web admin interface
|
|
message log for automated stats and blacklisting
|
|
Skip dspam when SPF pass? NO
|
|
Report 551 with rcpt on SPF fail?
|
|
check spam keywords with character classes, e.g.
|
|
{a}=[a@ãä], {i}=[i1í], {e}=[eë], {o}=[o0ö]
|
|
|
|
Implement RRS - a backdoor for non-SRS forwarders. User lists non-SRS
|
|
forwarder accounts, and a util provides a special local alias for the
|
|
user to give to the forwarder. (Or user just adds arbitrary alias
|
|
unique to that forwarder to a database.) Alias only works for mail from that
|
|
forwarder. Milter gets forwarder domain from alias and uses it to
|
|
SPF check forwarder.
|
|
|
|
Framework for modular Python milter components within a single VM.
|
|
Python milters can be already be composed through sendmail by running each in
|
|
a separate process. However, a significant amount of memory is wasted
|
|
for each additional Python VM, and communication between milters
|
|
is cumbersome (e.g., adding mail headers, writing external files).
|
|
|
|
Backup copies for outgoing/incoming mail.
|
|
|
|
Copy incoming wiretap mail, even though sendmail alias works perfectly
|
|
for the purpose, to avoid having to change two configs for a wiretap.
|
|
|
|
Provide a way to reload milter.cfg without stopping/restarting milter.
|
|
|
|
Allow selected Windows extensions for specific domains via milter.cfg
|
|
|
|
Fix setup.py so that _FFR_QUARANTINE is automatically defined when
|
|
available in libmilter.
|
|
|
|
Keep separate ismodified flag for headers and body. This is important
|
|
when rejecting outgoing mail with viruses removed (so as not to
|
|
embarrass yourself), and also removing Received headers with hidepath.
|
|
|
|
Need a test module to feed sample messages to a milter though a live
|
|
sendmail and SMTP. The mockup currently used is probably not very accurate,
|
|
and doesn't test the threading code.
|