Message-ID matching

[Mathias Koerber]

        Date:         Sat, 4 Sep 2004 16:02:30 -0500
        Reply-To:     MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
        From:         Alex Neuman van der Hans <alex at NKPANAMA.COM>
        Subject:      Re: Message-ID matching
        
        
        You can try the "bogus virus warnings" SpamAssassin rules. Works pretty
        well most of the time.
        
That may help some, but I am more after a generic solution which makes
MailScanner remember the Message-IDs of messages sent out, so that replies
that carry these in the references/in-reply-to are scored as much more
likely being genuine than apparent replies which carry unknown Message-IDs.

any hints?

All I think would be required is

a) a hook into MailScanner recording the Message-ID of outgoing messages
   (just before handing them back to sendmail)
b) a hook somewhere in the checking routine to check incoming messages
   against known Ids (and a way to specify rules how to handle matches/
   non-matches)
c) some form of maintenance tool to purge the DB every now and then
   (unless it can be a circular buffer overwriting the oldest entry
   when full by itself).


Secondly, many of the bounces we get are not virus warnings, but bounces
because some virus somewhere sent email to nonexistent users/domains
using a forged from: in our domain. From my cursory inspection the
bogus virus warnings rules do not conver that..

        Mathias Koerber wrote:
        
        > Hi MailScanner gurus,
        >
        > I am getting very frustrated by the many bounce-messages we receive
        > which are in response to some virus elsewhere using our email addresses
        > in the From: headers.
        >
        > Is there a way (in MailScanner) to
        >         a) have MailScanner record the message-id of all outgoing emails
        >            passing though it
        >         b) matching certain incoming emails, such as bounces against
        >            that list and acting differently according to whether the
        >            original mail was known or not
        >
        > formail -D does have a facility to record message-IDs, but I believe
        > calling formail on every outgoing email may be quite heavy, and we are
        > still lacking a facility to check the database on incoming emails.
        >
        > Also, some tool will be required to clean out the database regularly,
        > unless like in formail the database can be of limited size and
        > old records get lost when the database fills up.
        >
        > Has anyone implemented such a facility in Mailscanner yet?
        >
        > Any hints where I should start looking if I wanted to try this
        > myself (ie, where are the hooks etc)


-- 
Mathias Körber
mathias at lightspeed.com.sg

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).