Discussion:
New feature: content filter rejects message but don't bounce
(too old to reply)
Jeremy Morton
2013-01-12 19:03:12 UTC
Permalink
Hello,

Postfix allows a content filter to be configured as part of the message
sending chain (via the content_filter parameter), and the content filter
can be a script which is invoked using the pipe delivery agent. Looking
at the pipe.c source code, it looks like the eval_command_status
function will always bounce or defer e-mail unless command_status is
PIPE_STAT_OK, in which case Postfix will log 2.0.0 (mail delivered via...)

The trouble is, a content filter may want to discard the e-mail (for
instance, if it is sure it's spam), yet not generate a bounce. At the
moment, it looks like the only way to do this is to drop the message,
then lie to Postfix and return 0, causing Postfix to log the e-mail as
delivered. There is no way to tell Postfix "the e-mail wasn't
delivered, but don't generate a bounceback".

Looking at RFC 3463 (http://tools.ietf.org/html/rfc3463) I think an
appropriate error code for when an e-mail is rejected because it's spam
(and therefore you likely don't want to generate a bounceback) would be
5.6.0:

Other or undefined media error

Something about the content of a message caused it to be
considered undeliverable and the problem cannot be well
expressed with any of the other provided detail codes.

So how about modifying the pipe delivery agent so that when the called
script returns EX_DATAERR (65, which maps to 5.6.0 in sys_exits.c),
Postfix by default does not generate a bounceback, but have a
configuration option that can be set to turn bounces on again for
EX_DATAERR?
--
Best regards,
Jeremy Morton (Jez)
Viktor Dukhovni
2013-01-12 22:31:06 UTC
Permalink
Post by Jeremy Morton
Postfix allows a content filter to be configured as part of the
message sending chain (via the content_filter parameter), and the
content filter can be a script which is invoked using the pipe
delivery agent. Looking at the pipe.c source code, it looks like
the eval_command_status function will always bounce or defer e-mail
unless command_status is PIPE_STAT_OK, in which case Postfix will
log 2.0.0 (mail delivered via...)
The content filter should log the fact that it discarded the message.
No ad-hoc changes in Postfix are required or appropriate in this
case.

Content filters may also quarantine mail, modify it in transit, ...
All non-cosmetic filter actions should be logged by the filter.
--
Viktor.
Jeremy Morton
2013-01-12 23:02:06 UTC
Permalink
Sure, but Postfix still logs the mail as "2.0.0 delivered via
(whatever)" - don't you think that's semantically wrong if the message
was discarded or quarantined?
--
Best regards,
Jeremy Morton (Jez)
Post by Viktor Dukhovni
Post by Jeremy Morton
Postfix allows a content filter to be configured as part of the
message sending chain (via the content_filter parameter), and the
content filter can be a script which is invoked using the pipe
delivery agent. Looking at the pipe.c source code, it looks like
the eval_command_status function will always bounce or defer e-mail
unless command_status is PIPE_STAT_OK, in which case Postfix will
log 2.0.0 (mail delivered via...)
The content filter should log the fact that it discarded the message.
No ad-hoc changes in Postfix are required or appropriate in this
case.
Content filters may also quarantine mail, modify it in transit, ...
All non-cosmetic filter actions should be logged by the filter.
Wietse Venema
2013-01-12 23:05:53 UTC
Permalink
Post by Jeremy Morton
The trouble is, a content filter may want to discard the e-mail (for
instance, if it is sure it's spam), yet not generate a bounce. At the
To discard mail:

1) Read the message from stdin until EOF.

2) Produce zero output on stdout or stderr.

3) Return a zero exit status.

Wietse
Jeremy Morton
2013-01-12 23:07:33 UTC
Permalink
As I said, that will log the semantically wrong 2.0.0 delivered
successfully (I think). It works, but it feels like a hack.
--
Best regards,
Jeremy Morton (Jez)
Post by Wietse Venema
Post by Jeremy Morton
The trouble is, a content filter may want to discard the e-mail (for
instance, if it is sure it's spam), yet not generate a bounce. At the
1) Read the message from stdin until EOF.
2) Produce zero output on stdout or stderr.
3) Return a zero exit status.
Wietse
Wietse Venema
2013-01-12 23:14:23 UTC
Permalink
Post by Jeremy Morton
The trouble is, a content filter may want to discard the e-mail (for
instance, if it is sure it's spam), yet not generate a bounce. At the
1) Read the message from stdin until EOF.
2) Produce zero output on stdout or stderr.
3) Return a zero exit status.
As I said, that will log the semantically wrong 2.0.0 delivered
Not at all. The mail is successfully delivered to a black hole. It
very successfully shredded the bits.

Wietse

Loading...