On Mon, 2010-02-01 at 13:57 -0500, Jon Lewis wrote: > I'm curious if anyone has done any patches for integration of spamassassin > (to be used for checking mail as it's sent) with Imp? > i.e. For ISP's customers having their customers' usernames/passwords > stolen or phished seems to be an ongoing problem. Spammers then use > webmail to send their junk. The problem is, the spammers frequently also > change the From: address to be an address at some other site (usually one > of the common free mail providers). If we do spamassassin scanning on the > SMTP server after IMP has sent the mail,
Scanning outbound mail won't work for a variety of technical reasons. Most of the metadata scanners use is gone at that point. > and the message is scored as > spam, then we have 2 choices. Bounce mail to a likely forged From: > address. Eat the message. At least for inbound there is a third choice - let the user decide. We use Horde's *excellent* Ingo filter application to allow user's to configure SIEVE rules (we are running the also *awesome* Cyrus IMAPd server). SPAMAssasin scores the mail and the user can enable a run to put messages rated as SPAM in their SPAM folder. Messages in SPAM automatically expire [Cyrus IMAPd, again, awesome] 14 days after delivery. > I'm a firm believer in "mail should never disappear", but I really don't > like the idea of spam messages bouncing to sites from which they didn't > actually originate, in part because it's likely to set off the same sort > of problems the spam filtering is meant to stop. So, it seems that > ideally, if the message is scored as spam, imp should fail to or refuse to > send it, and give the sender an error saying their message could not be > sent. IMP? That looks like a job for the MTA if you want to be that draconian about things categorized as SPAM. I think, in the real [not theoretical] world, it just doesn't work to be that absolute. You'll end up with frustrated users. > It looks like imp/lib/Compose.php could be hacked to pipe $msg to spamc -c > and check the result...or am I better off just using > $conf['mailer']['type'] = 'smtp'; and an SMTP server that can do content > scanning during the SMTP dialog? I've run Horde for years (decade?). I'd avoid hacking beyond hooks and conf files - it makes upgrades a real pain. -- IMP mailing list - Join the hunt: http://horde.org/bounties/#imp Frequently Asked Questions: http://horde.org/faq/ To unsubscribe, mail: imp-unsubscr...@lists.horde.org