Closed mundschenk-at closed 7 years ago
Thank you. Tell we if I'm wrong but viruses won't be detected with rmilter, right?
Rmilter can be used to interface with ClamAV by itself, then the single log line from Rmilter can be used to differentiate between spam and virus mails. Nowadays, the preferred configuration is to have Rspamd interface with the virus scanner, so Rmilter only gets an action (no action
, add header
, soft reject
, reject
) that's attributed to the spam check.
Using another log line with the actual symbols detected, you could parse the virus status. Unfortunately, this line does not contain the to
part, so we don't know the domain. It does contain a unique hash that can be used to determine that several Rmilter log lines refer to the same message. Parsing this would mean additional keeping state (but should not be that hard).
I am somewhat reluctant because Rmilter is now only a thin wrapper for milter protocol support and all functional stuff happens in Rspamd. From recent commits, it seems likely that Rspamd will support the milter protocol natively soon, then all Rmilter parsing will be obsolete. Rspamd's output to maillog
will probably be similar, though.
Using this hash to group lines together looks fine to me. Since I'm not a rspamd user, I can't really help you on this subjet... sorry.
Yeah sure, I'm just going to postpone this a bit. Maybe Rmilter will be obsolete by the time the domain alias support and parser restructuring have landed ;)
Superseded by #23.
As looks only on a single line, this can't detect virus mails when Rmilter support is enabled (and Rmilter is used with Rspamd, as is recommended). It is likely that Rmilter will become obsolete in the near future as support for the milter protocol will be added to Rspamd.