assassind - Spam filtering SMTP proxy that uses SpamAssassin
assassind [--port=n] [--relayhost=hostname[:port]] [--user=username] [--group=groupname] [--maxrequests=n] [--dead-letters=/path] [--pid=filename] [--green=n] [--blue=n] [--yellow=n] [--red=n] [--maximum-check-size=n] [--[no]scan] [--infected-action=email|store|discard|header] [--infected-address=address] [--infected-directory=directory] [--infected-header=header]
assassind is a relaying SMTP proxy that filters spam using SpamAssassin. The proxy is designed to be robust in the face of exceptional errors, and will (hopefully) never lose a message. In addition to scanning for spam, assassind can optionally scan for viruses using F-Prot.
assassind is meant to be used as a system-wide message processor, so the proxy does not make any changes to existing message contents or headers; instead choosing just to add four headers of its own, which end users can use to make decisions about filtering (or not filtering) their spam.
When acting as a virus scanner, assassind can be configured to simply add a special header to infected messages, discard the messages, store them somewhere in the filesystem, or forward them to a special mailbox.
The most important header that assassind adds is the X-Spam-Color header. This header will have one of five values: green, blue, yellow, orange and red. Green messages are very unlikely to be spam, while red messages are almost guaranteed to be spam. You can use this header as the basis for your own message filtering rules, using any common message filtering system (procmail, sieve, etc.).
In addition to the X-Spam-Color header, assassind adds a X-Spam-Score header, which contains the exact SpamAssassin spam score for the message.
assassind also adds a X-Spam-Status filter. This header is the same as the header generated by the standard SpamAssassin message processor, and contains the message's SpamAssassin score and other information.
Finally, assassind adds one or more X-Spam-Report headers, which contain a plain-text report of the rules that SpamAssassin used to assign the message its score.
assassind logs all aspects of its operation to syslog(8), using the mail syslog facility. Note: some versions of Net::Server have a bug with logging to syslog. This bug seems to affect at least version 0.85, and possibly others. Contact me for more information.
assassind is meant to operate as a mail relay that sits between the Internet and your internal mail system. The three most common configurations include
Important! This path should not be on the same partition as your mail server's message spool, because if your mail server rejects a message because of a full disk, assassind will not be able to save the message, and it will be lost.
Note that every message is scanned for viruses, regardless of its size.
The header action will add an extra email header to the message before relaying. The name of the header is specified with the --infected-header option. The value of the header is always Yes.
The email action relays the email to an alternate mailbox rather than relaying the message to the original recipient(s). The --infected-email option specifies the mailbox to use.
The store action stores the email in a file in the filesystem. The --infected-directory specifies the directory where the file will be stored.
The discard action discards the email.
assassind --port=25 --relayhost=internal.serv.er
assassind --port=25 --relayhost=localhost:2025
Dave Carrigan, <email@example.com>
This program is Copyright © 2002-2004, Dave Carrigan. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl.
This program is distributed ``as is'', without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction.
perl(1), Spam::Assassin(3), http://www.rudedog.org/assassind/
Due to the nature of Perl's SMTP::Server module, a SMTP message is stored completely in memory. However, as soon as the module receives its entire message data from the SMTP client, it returns a 250, signifying to the client that the message has been delivered. However, this means that there is a period of time where the message is vulnerable to being lost if the assassind process is killed before it has relayed or saved the message. Caveat Emptor!