Hi,
Ok I understand what you are saying and I agree. But that would mean a total rewrite of SMTP itself and then have everyone use that SMTP engine.
As I see it - unrealistic. People have been talking about a re-write of SMTP for quite some time now, but nothing has happend - og yeah, one thing has happend; the amount of spam sent has increased dramatically... Next thing is to get everyone to use that new engine... But somewhere you still need to have backwards compatible systems. You won't be able to have all mail-servers changed to a new standard within a couple of weeks or months. What should happen if a mail-server isn't capable of handling the new standard ? Should mails from it be rejected ?
This is a good idea, it isn't unrealistic and it is possible to do it with qmail-scanner (without rewriting the SMTP protocol...)
The point is that qmail-smtpd waits for a return code from qmail-scanner-queue.pl, before closing the connection with the remote server, so we can send a proper error code tho reject the mail.
To do this without modifying the source of qmail it is possible to use one of the return codes built-in, for example:
31: return "Dmail server permanently rejected message (#5.3.0)"; 73: return "Zconnection to mail server rejected (#4.4.1)";
The first one send to the remote server a "554" (that means: Transaction failed) the second send "451" (Requested action aborted: local error in processing)
If a message if reject for RBL, qmail-smtpd sends a "451", so this could be a good choice.
I've tested it and it works. I've just added one line in my patched version (in my server) after the line:
&minidebug("SA: yup, this smells like SPAM - deleting message...");
I've added:
&error_condition("We have reasons to believe this mail is SPAM\n",73);
This is not very elegant, but at the moment is the fastest way to test it, I'm planning to write a subroutine for this...
Here is the log of qmail-smtpd
2003-12-01 11:14:54.267605500 tcpserver: status: 1/10
2003-12-01 11:14:54.268192500 tcpserver: pid 7111 from 193.43.129.200
2003-12-01 11:14:54.271150500 tcpserver: ok 7111 0:193.43.129.135:25 apo200.usc.urbe.it:193.43.129.200::61853
2003-12-01 11:14:55.142447500 X-Antivirus-PUSC-1.20:[apo135.usc.urbe.it10702736944977112] We have reasons to believe this mail is SPAM
2003-12-01 11:14:55.142455500
And this is from qmail-queue.log with minidebug enabled:
01/12/2003 11:14:54:7112: +++ starting debugging for process 7112 by uid=81
01/12/2003 11:14:54:7112: w_c: elapsed time from start 0.004333 secs
01/12/2003 11:14:54:7112: return-path='[EMAIL PROTECTED]', recips='[EMAIL PROTECTED]'
01/12/2003 11:14:54:7112: from='"Sammie Stinson" <[EMAIL PROTECTED]> (by way of SalvatoreToribio)', subj='hai fatto gli auguri a marco? wa piwmjdm urgo', via SMTP from 193.43.129.200
01/12/2003 11:14:54:7112: p_s: finished scan in 0.007102 secs
01/12/2003 11:14:54:7112: sophie: finished scan in 0.032649 secs
01/12/2003 11:14:54:7112: SA: yup, this smells like SPAM - deleting message...
01/12/2003 11:14:54:7112: error_condition: X-Antivirus-PUSC-1.20: We have reasons to believe this mail is SPAM
The remote server recieves something like this:
Mon Dec 01 11:14:54 2003
MAIN 1:1.10.11 apo135.usc.urbe.it 25
MAIN 1:0.0.43 Sending [EMAIL PROTECTED], 11:14 +0100, hai fatto gli auguri a marco? wa piwmjdm urgo.
MAIN 8:0.2.42 DATA
MAIN 8:0.2.42 451 connection to mail server rejected (#4.4.1)
MAIN 8:0.2.42 SMTP
MAIN 8:0.2.44 There has been an error transferring your mail. I said:
DATA
And then the SMTP server said:
451 connection to mail server rejected (#4.4.1)
MAIN 8:0.48.35 Dismissed with 1.
MAIN 1:0.48.35 Failed (451).
I've tested it telneting to port 25 and I always receive "451 connection to mail server rejected (#4.4.1)"
And this could also be used with the "sub rbl_scanner" from "mike's RBL scanner <mbowe at pipeline.com.au>" rejecting mail that has passed through a server in the RBL list.
I will work it out and I'll add it to my pathed version <http://xoomer.virgilio.it/j.toribio/qmail-scanner/>, I think that is better rejecting a mail than just drop it.
Salvatore
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
