Re: [Exim] filtering during the data phase

Top Page
Delete this message
Reply to this message
Author: Phil Chambers
Date:  
To: Philip Hazel
CC: exim-users
Subject: Re: [Exim] filtering during the data phase
On Tue, 12 Jun 2001 10:45:20 +0100 (BST) Philip Hazel <ph10@???> wrote:

> On Tue, 12 Jun 2001, Phil Chambers wrote:
>
> > My previous message leads me to ask about filtering being handled differently. At
> > present the SMTP phase is completed before the filter is run. That means that any
> > rejection caused by the filter can only be returned to the sender if the sender is
> > not spoofed. These days "MAIL FROM: <>" seems to be the standard means of sending
> > out viruses, so it is MAILER-DAEMON at the receiving site which gets them all.
> >
> > Exim provides for the header recipient and sender fields to be checked during the
> > SMTP data phase and produce a 550 response at the end. It would be nice if system
> > filters could be run during this phase too. That way the problem of sorting out
> > bounced messages would remain with the sending site, not the receiving site.
> >
> > Any chance of such a change for Exim 4?
>
> Expanding what can be checked at SMTP time is something that I'm working
> on for Exim 4. I don't think it will include full filter running. It
> will, however, include more general expansion checking - after the DATA
> phase, for example, $message_body will be accessible.
>


I feel quite strongly that one should reject a message at the earliest stage
possible so that the sending system has the responsibility for dealing with problems
which it is the cause of. Junk mail and viruses are invariably sent with spoofed
addresses, so if my system accepts a message and then decides it does not want it,
it is too late. The bounce message does not get back to the sending system and
I am left to clear it out.

For me, the ideal setup would be:

check the MAIL FROM: and give a 550 response if I don't like it, then
check the RCPT TO: and do likewise, then
check the From: and give a 550 at the end of the DATA phase if I don't like it,
virus-scan the body and give a 550 at the end of the DATA phase if there is a virus.

That way I have maximised the chances of keeping rubbish out and leaving the
tidying up to the MTA that is trying to send it. It seems to me that giving a 200
return at the end of the DATA phase and then deciding that we don't like the message
should be avoided.

Phil.
---------------------------------------
Phil Chambers (postmaster@???)
University of Exeter