Re: [exim] Using IMAP folders as quarantine

Top Page
Delete this message
Reply to this message
Author: Fred Viles
Date:  
To: exim-users
Subject: Re: [exim] Using IMAP folders as quarantine
On 20 May 2005 at 11:12, Craig Jackson wrote about
    "[exim] Using IMAP folders as quaran":


|...
| The idea is to drop the mail into
| IMAP folders (a single account) on the gateway for admin to review
| befire sending,


That's what I do, but I quarantine into several different mailboxes
based on the criteria.

| but I have several issues that I'm hoping people here
| with experience can help with.
|
| 1) Some mail with cc'd addresses is being duplicated in local delivery
| as many times as there are addresses from our domain.


But not when you quarantine. Only one copu gets delivered to the
quarantine folder, no matter how many local recipients it originally
had.

| 2) If the mail is good, how do we "release it" (using Mozilla
| Thunderbird and Courier-imap's Outbox feature) without Exim trying to
| send to all of the cc'd addresses not in our domain?


My approach works well enough for my small site, but doesn't scale.
I have all the local user's mailboxes as well as the quarantine
mailboxes mounted via IMAP in my admin MUA. So for the rare false
positive, all I have to do is drag the message to each of the
original recpient's (listed in the Envelope-To: header) inboxes.

It would also work to forward the message to each recpient (using a
proper redirect type forward that does not modify the message other
than adding Resent-* headers).

I don't know what the result of the "Outbox feature" is, but if it
means the message is sent to all the addresses in To:, Cc:, and Bcc:
headers, it's not what you want. In addition to perhaps including
off-site addresses, the header addresses don't necessarily have
anything to do with the actual recipients. You only want to forward
the message to the Envelope-To: recipients. Those should all be
local unless you potentially quarantine outbound mail as well as
inbound - in which case you *do* want to deliver to the off-site
addresses when the message is released.

I imagine an automated "release" procedure could be implemented in
exim fairly easily. Something like this, maybe:

1. In your quarantine redirect router, use headers_add to add a
header saving the original recipients (they will also be in Envelope-
to:, but that will be removed when the message is re-injected).

2. In your MUA, "release" a message by redirect-forward to a local
pseudo-user (named "quarantine-release", say).

3. In exim, make sure that messages from the admin MUA bypass the
quarantine checks. Add a redirect router just for the
quarantine-release "user" that redirects to the addresses extracted
from the header added in step 1. And remove the header, else you
potentially expose BCC recpients.

- Fred