This Space for Rent

Obnoxious software feature of the day.

For the past week or so, I've been working on implementing a milter library for the next major(ish) postoffice release, and today I've glued together enough of the protocol to be able to run a milter session with the two sample milters I've got set up here (clamav-milter and spamass-milter.) Spamass-milter is pretty much useless, because even though it lists sendmail as a prerequisite, it doesn't list spamd as one, which is somewhat annoying because even though it can run without sendmail (it's doing it here!), it can't productively run without spamd. Clamav-milter, on the other hand, works, but it works in an intensely annoying way; it does not report viruses back to the MTA that's talking to it, for that wouldn't be sporting. What it does do is tell the MTA that the mail message is okay (um, hello?), then hand-generates a bounce message that it then helpfully mails back to the forged address that was given in the MAIL FROM: command.

This is, of course, completely stupid. Virus bots out there don't considerately tell you how to get in touch with the virus writer; crackers may be arrogant children, but they aren't usually stupid enough to put up big flashing "ATTENTION: FBI/CIA/INTERPOL! ARREST ME TODAY!" signs by their houses. No, the contents of the MAIL FROM: line are at best bogus, at worse someone else's, email addresses, and the spam complaint that clamav-milter generates is just some more spam to help clutter up the airwaves.

It doesn't help that the milter protocol is written in such a way that you have to be creative to generate a bounce message (the only way to do it is to have your milter client reply with a 'y' [return status code and message] and hope that the MTA will parse the 5xx part of your 504 YOU'VE GOT A GERM! and understand that the sky has fallen in), but it's still much much worse than useless to have a antivirus filter that allows the virus through and sends a bounce message to the forged MAIL FROM: address that the zombie PC provided.

Hopefully the spamassassin milter will work better (after I install the missing prerequisites, that is...)

update: I was misreading some of the end of message protocol particulars and only picking up the first response. After reading in all the responses until an a/c/d/r/t/y, it properly picked up the "ohmygawdyou'vegotagerm!" message.