[imp] Imp and Spamassassin

Adam Tauno Williams awilliam at opengroupware.us
Tue Feb 2 12:53:18 UTC 2010 

On Mon, 2010-02-01 at 13:57 -0500, Jon Lewis wrote:
> I'm curious if anyone has done any patches for integration of spamassassin 
> (to be used for checking mail as it's sent) with Imp?
> i.e. For ISP's customers having their customers' usernames/passwords 
> stolen or phished seems to be an ongoing problem.  Spammers then use 
> webmail to send their junk.  The problem is, the spammers frequently also 
> change the From: address to be an address at some other site (usually one 
> of the common free mail providers).  If we do spamassassin scanning on the 
> SMTP server after IMP has sent the mail, 

Scanning outbound mail won't work for a variety of technical reasons.
Most of the metadata scanners use is gone at that point.

> and the message is scored as 
> spam, then we have 2 choices.  Bounce mail to a likely forged From: 
> address.  Eat the message.

At least for inbound there is a third choice - let the user decide.  We
use Horde's *excellent* Ingo filter application to allow user's to
configure SIEVE rules (we are running the also *awesome* Cyrus IMAPd
server).  SPAMAssasin scores the mail and the user can enable a run to
put messages rated as SPAM in their SPAM folder.  Messages in SPAM
automatically expire [Cyrus IMAPd, again, awesome] 14 days after
delivery.

> I'm a firm believer in "mail should never disappear", but I really don't 
> like the idea of spam messages bouncing to sites from which they didn't 
> actually originate, in part because it's likely to set off the same sort 
> of problems the spam filtering is meant to stop.  So, it seems that 
> ideally, if the message is scored as spam, imp should fail to or refuse to 
> send it, and give the sender an error saying their message could not be 
> sent.

IMP? That looks like a job for the MTA if you want to be that draconian
about things categorized as SPAM.  I think, in the real [not
theoretical] world, it just doesn't work to be that absolute.  You'll
end up with frustrated users.

> It looks like imp/lib/Compose.php could be hacked to pipe $msg to spamc -c 
> and check the result...or am I better off just using 
> $conf['mailer']['type'] = 'smtp'; and an SMTP server that can do content 
> scanning during the SMTP dialog?

I've run Horde for years (decade?).  I'd avoid hacking beyond hooks and
conf files - it makes upgrades a real pain.

More information about the imp mailing list