SMTP Plugin Implementation

JanS
Posts: 5
Joined: Sun Jan 27, 2013 4:57 pm

SMTP Plugin Implementation

Postby JanS » Thu Feb 23, 2017 2:37 pm

Hi,

I have some questions about the SMTP plugin interface.

SMTP plugins should be DLLs that export a function named "Execute". This function is defined as:

long Execute(char *Configuration,char *Response);

I have three issues here:
* Which character set is being used for the parameters Configuration and Response? ASCII? UTF8? Unicode?
* What is the maximum length of the Response?
* Is it possible to get the whole mail content (if called after the "DATA" statement)?

What I want to do is to attach the spam filtering to the SMTP service. This way I want to reject incoming messages rather than moving them to the quarantine. Having a quarantine can be a showstopper for many customers. In Germany we are required to put every (accepted) incoming message into a persistent and unchangeable mail archive. If we accept spam mails, we have to archive them. If the server accepts a mail (false positive) and moves it to the quarantine, the message sender does not get notified. This is a big problem for us.

Jan

lusu
Posts: 6
Joined: Wed Nov 20, 2013 10:03 am

Re: SMTP Plugin Implementation

Postby lusu » Thu Feb 01, 2018 11:16 am

Hi,

Sorry to bump this year old question...

I have the same question regarding "After DATA" event. From the documentation, it is unclear for me too if this can be achieved. I am also interested in filtering the body of the message during message receving.

Currently I'm filtering with an MTA pickup event (SNIMTA), but that's a little too late since the message was already accepted by the server; blocking SPAM at protocol level is much better.

(My setup requires that blacklisted senders to be marked as spam rather than rejected, so I need to have in place a mechanism to reject some specific spam messages before they come in.)

Best regards,
Lusu

schmidtc63
Posts: 7
Joined: Thu Feb 08, 2018 10:38 pm

Re: SMTP Plugin Implementation

Postby schmidtc63 » Tue Mar 27, 2018 10:42 pm

You're not going to be able to do it that way.

You'll have to develop an MTA pickup event. At that point, the entire mail file has been created but not delivered yet. It's simply in queue. You can open the file, scan it for whatever and then return a 0 if it fails. I'm not sure at that point if the file should be deleted, as well, or if returning a 0 stops any further processing.

lusu
Posts: 6
Joined: Wed Nov 20, 2013 10:03 am

Re: SMTP Plugin Implementation

Postby lusu » Wed Mar 28, 2018 10:15 am

That's what I currently do, use an MTA pickup handler (a program that is called SNIMTA), but it works on already received emails, after the connection is closed and before delivering to inbox. What I want to do is inspect the message after beein sent with DATA at protocol level and if it is a SPAM message return a 5xx error and basically reject the email at that point.
There are several reasons to do it at protocol level, one main one is that the sender will be notified that the delivery failed. If the email is in the queue, it was received "OK" and then it is deleted and no one knows that this happend. Also, rejecting the SPAM at protocol level will yeld better rezults with dropping the incomming SPAM count, since the addresses will (or may) be flagged on the spammer list as broken.
Therefore the basic question is if this callback is called before or after the DATA command... if it is "after" then it can do what I need, if it is "before" it is too early and a new event is required...

schmidtc63
Posts: 7
Joined: Thu Feb 08, 2018 10:38 pm

Re: SMTP Plugin Implementation

Postby schmidtc63 » Thu Mar 29, 2018 2:46 pm

I don't think there is anything in MailEnable that allows you to intercept the stream. Even MailEnable does not operate on the stream, I think. For instance, take the URI blacklisting function. If you send a message from the outside world to your ME server with a blacklisted url, MailEnable does not send back a 500 response:

telnet <mymailserver> 25
helo
250 Requested mail action okay, completed
mail from:<somebogusaccount>
250 Requested mail action okay, completed
rcpt to:<myrealaccount>
data
354 Start mail input; end with <CRLF>.<CRLF>
subject: test of URI blacklist
try this link! http://127.0.0.2
.
250 Requested mail action okay, completed
quit
221 Service closing transmission channel

MailEnable simply accepted the message and then deleted it because it contained a blacklisted URI (2.0.0.127.sbl.spamhaus.org). No 500 response was generated and I don't send anything back to sender because of backscatter issues. I don't want my response bouncing back to me if the sender address is bogus and it's not fair to an actual user if someone is spoofing their account.

I'm not sure if MailEnable even works on the data stream or if it immediately creates a file. But, I do know that there is no facility they have provided for a plugin to work on the stream. MailEnable would have to accept the stream and then call your plugin, passing the stream as a parameter and the envelope information, perhaps. You would then pass back a response and any changes you made to the stream (adding a header, for example).

So, you're left with working on a file in queue but before delivery. Yes, a file has been created, but you haven't accepted the email message yet, as far as that goes. It hasn't been delivered, it's simply waiting in queue for analysis. But you can't generate a 500 error on it.

This is fairly typical, though, of most anti-spam software. It first operates on the envelope and then on the content. But the content is usually saved as a file before that work begins. Imagine if you got 500 40mb messages all the same time. All of them would have to be saved in memory waiting for content filtering. It's easier on the server to immediately write a file and clear its memory than to be operating on 10 or 100 or 500 messages all in memory. Yes, everything has to get loaded into memory again, perhaps, but this way seems more manageable and server-friendly.

schmidtc63
Posts: 7
Joined: Thu Feb 08, 2018 10:38 pm

Re: SMTP Plugin Implementation

Postby schmidtc63 » Thu Mar 29, 2018 3:29 pm

And now that I think about this...

My previous anti-spam solution from VAMSoft (http://vamsoft.com) did exactly what you (and I) want. They have the concept of Before Arrival and On Arrival. Before Arrival simply checks the envelope info -- sender, recipient, sender IP, HELO/EHLO response -- and generates a 500 error if any of those fail for some reason, usually a blacklist check on the sender ip.

On Arrival checks the message for spam but it waits to send a final response depending on the admin's preferences. It can immediately reject the email, sending an SMTP response that is configurable, usually a 5xx error. Or it can accept it the message, sending a 250 response, but flag it -- subject, header etc. https://vamsoft.com/support/docs/orf-help/5.4.1/adm-oa-actions-settings.

I used that product for about 16 years and just recently gave it up for MailEnable. It's not a complete solution. It is simply an anti-spam/anti-virus solution that works with IIS smtp. It allows you to write your own plugins like you want and reject like you want. It actually would be a nice addition to ME. You would simply create an IIS SMTP on a different IP than ME and that new IP becomes your MX record. ORF would process what you need and then pass any accepted messages onto ME, which could do more processing if you wish.

One of the nice things about it is it's speed. It's blazing fast. The server I was running it on was a Windows 2000 server with 4 gigs and 4 cores (AMD). I upgraded the hardware on it about 8 years into using ORF. Even given its age and the amount of mail we get, it could handle 10 or 20 thousand of email messages an hour. Granted, most of them would get blocked at the envelope stage, but still.

Might be an option.

schmidtc63
Posts: 7
Joined: Thu Feb 08, 2018 10:38 pm

Re: SMTP Plugin Implementation

Postby schmidtc63 » Sat Mar 31, 2018 2:44 pm

I had a couple free hours on Thursday, so I installed the latest version of ORF from VAMSoft to verify what I wrote in my previous post. It does exactly what I mentioned. You can configure keyword filters and URI blacklists to send a protocol error, rather than an NDR. It also ties in nicely with MailEnable if you're using the enterprise version of ME.

For instance, I have ORF checking recipients through the ME AUTH table. It rejects recipients who don't have a valid email address immediately, rather than forwarding the message to ME. It will reject those recipients on a line-by-line basis, such that the entire email is not rejected.

The really nice thing about ORF is that you can configure it so that whitelists are honored first. For example, if you normally get mail from dave@bobo.com, but the outgoing IP for bobo.com is blacklisted (somebody else at bobo.com got a virus on their computer, for instance, and SpamHaus blacklisted the ip), you will still be able to receive messages from dave@bobo.com if he's on your whitelist. Lots of ways to configure it.

If the ability to block at the protocol level is important, I would check it out.

Who is online

Users browsing this forum: No registered users and 2 guests