Nigel has been suffering from mail bombing and as a result of discussing
what might be done to help handle it, I have made (and am starting to
implement) the following proposal:
Add three new options to Exim:
message_filter = file name
message_filter_user = user
message_filter_group = group
If message_filter is set, then at the start of any messages's delivery,
before any of the normal processing happens, the file is run through the
filtering mechanism, under the user/group specified. If no user/group
specified, run as root or exim, depending on the security setting.
Normal filtering are commands available (0.57 has a new "log" command for
logging things, and will be able to test the number of envelope
recipients).
If the filtering process does a significant delivery, then *ignore* the
envelope recipients. Otherwise add them to any recipients the filter
generates and proceed to routers and directors as usual.
I am wondering about adding a new header
X-Envelope-Recipients:
to any deliveries set up by this filter. Would you always want it? I
think you probably would, wouldn't you? However, Nigel points out that
some of these bombs have 2,000 recipients or more, which could make it
rather large. Perhaps some limit?
Another thought is an option to specify, via the system filter, that the
message (with all its recipients) should be delivered to a named
transport. For example, the rule could be that if the filter sets up any
deliveries and message_filter_transport is defined, those deliveries go
straight to that transport without going through the normal routers or
directors. This could be a bsmtp transport that saves the message and
its recipients in a file, for example.
Views and comments invited...
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714