Mercury Suggestions
Expanded Transaction-Level Filtering

[quote user="Thomas R. Stephenson"]Not really sure how much good they will do for most people.[/quote]You could say the same thing about any proposed feature; that doesn't mean the feature lacks value.  In any event, I think it would be VERY useful to at least be able to apply transaction-level filtering to ANY header, even if we must (for now) forego examination of the actual message body.

[quote]The transaction filters generally work on the SMTP mail headers[/quote]But, as it stands now, only a small predefined subset of them.  That's the problem.

[quote]Working on the body of the RFC 2822 message looking for headers means are are in the process of downloading the mail already and normally you would not issue the 500 series error message in this stage of the message delivery.[/quote]I think that in place of "normally", the term "traditionally" is the better fit -- but the traditional approach does not really serve us very well in the here and now.

[quote]I know it's legal to do it this way but it's messy.[/quote]So what's your alternative?  The point here is, issuing a "250 Data received OK" and then realizing you've got a spam/virus/whatever on your hands is even messier.  As explained in my original post, that leaves you on the horns of a no-win dilemma.  No matter what you do at that point, it's going to be wrong in some way -- perhaps seriously wrong in the case of "backscattered" spam (or worse, viruses).  The only truly clean solution is to not "accept" that mail in the first place -- which brings us right back to doing ALL the tests before issuing the "250 ...".

[quote]FWIW, I've got Mercury/32 running on Linux (Ubuntu v7.10 with Wine v0.9.50) without any problems at all.  I am running Clamwall, Spamwall and Graywall as well.[/quote]Cool!  That definitely give me some encouragement; but it doesn't really address the primary issue I posted about.

 

<p>[quote user="Thomas R. Stephenson"]Not really sure how much good they will do for most people.[/quote]You could say the same thing about any proposed feature; that doesn't mean the feature lacks value.  In any event, I think it would be VERY useful to [b]at least[/b] be able to apply transaction-level filtering to ANY header, even if we must (for now) forego examination of the actual message body. </p><p>[quote]The transaction filters generally work on the SMTP mail headers[/quote]But, as it stands now, only a small predefined subset of them.  That's the problem. </p><p>[quote]Working on the body of the RFC 2822 message looking for headers means are are in the process of downloading the mail already and normally you would not issue the 500 series error message in this stage of the message delivery.[/quote]I think that in place of "normally", the term "traditionally" is the better fit -- but the traditional approach does not really serve us very well in the here and now.</p><p>[quote]I know it's legal to do it this way but it's messy.[/quote]So what's your alternative?  The point here is, issuing a "250 Data received OK" and [b]then[/b] realizing you've got a spam/virus/whatever on your hands is even messier.  As explained in my original post, that leaves you on the horns of a no-win dilemma.  No matter what you do at that point, it's going to be wrong in some way -- perhaps seriously wrong in the case of "backscattered" spam (or worse, viruses).  The only truly clean solution is to not "accept" that mail in the first place -- which brings us right back to doing ALL the tests before issuing the "250 ...". </p><p>[quote]FWIW, I've got Mercury/32 running on Linux (Ubuntu v7.10 with Wine v0.9.50) without any problems at all.  I am running Clamwall, Spamwall and Graywall as well.[/quote]Cool!  That definitely give me some encouragement; but it doesn't really address the primary issue I posted about. </p><p> </p>

Hi --

I'm still running Mercury/32 v4.01b/c because, after eagerly downloading 4.5x, I found to my great disappointment that the ONE thing I was most anxiously waiting for was NOT among the various features added, despite the fact that it was requested/discussed long ago on <comp.mail.pegasus-mail.misc>. Add to this the change in licensing terms (which seems to have "caught me in the middle", so to speak -- but I digress), and the net result was a giant "Whoa, Nellie!"

The feature in question seemed (and seems) so obvious and fundamental, that it really surprised me that it wasn't included.  What I'm referring to here is a fix for the extremely limited ways in which Transaction-Level Filtering can be applied.  As it stands, I can't even test all the message headers, let alone the body, before being forced to either accept or reject the message. And since I cannot (yet) run some of the tests which might tell me that the message ought to be rejected, I have no choice but to accept it.  At that point, I can run further tests, particularly as defined by the Global Filtering Rules; but even if/when one of these tests produces a positive result, I face a no-win dilemma:  I have to either silently drop it on the floor (which is not a good idea in the case of messages from legitimate senders which happen to get trapped in a filter for some "inadvertent" reason -- such as containing a banned attachment type, for example), or generate and issue a bounce message (which is also a bad idea, particularly if the sender is off-site, since it can lead to propagating "backscattered" spam or worse -- and that is becoming less and less acceptable by the world at large with each passing day).

At the very least, the ability to create Transaction-Level Filtering rules based on ANY message header (such as, for example "X-Mailer:", which can be a very reliable spamsign) is desperately needed.  But beyond this, it seems to me that ALL of the functions currently provided by the Global Filtering Rules should be applicable before MercS issues the final SMTP code (be that a "250 Data received OK", or a 5xy code of some sort, as called for by the instant situation).

I know this is (or at least "should be") do-able, as other MTAs do manage it.  I was hoping to avoid (at least for awhile longer) having to make such a migration, due mostly to the learning curve it would inevitably bring with it (tho' that said, I would also dearly love to be able to ditch yet another WinBox -- I was greatly encouraged by the mention awhile back of a possible Linux version of Mercury, which I think would be a VERY good idea; but I've not seen any further progress on that front). 

So...  When can we look forward to usefully expanded Transaction-Level Filtering capabilities?

 

&lt;p&gt;Hi -- &lt;/p&gt;&lt;p&gt;I&#039;m still running Mercury/32 v4.01b/c because, after eagerly downloading 4.5x, I found to my great disappointment that the ONE thing I was most anxiously waiting for was NOT among the various features added, despite the fact that it was requested/discussed long ago on &amp;lt;&lt;a href=&quot;http://groups.google.com/group/comp.mail.pegasus-mail.misc?lnk=sg&quot;&gt;comp.mail.pegasus-mail.misc&lt;/a&gt;&amp;gt;. Add to this the change in licensing terms (which seems to have &quot;caught me in the middle&quot;, so to speak -- but I digress), and the net result was a giant &quot;Whoa, Nellie!&quot; &lt;/p&gt;&lt;p&gt;The feature in question seemed (and seems) so obvious and fundamental, that it really surprised me that it wasn&#039;t included.&amp;nbsp; What I&#039;m referring to here is a fix for the extremely limited ways in which Transaction-Level Filtering can be applied.&amp;nbsp; As it stands, I can&#039;t even test all the message headers, let alone the body, before being forced to either accept or reject the message. And since I cannot (yet) run some of the tests which might tell me that the message ought to be rejected, I have no choice but to accept it.&amp;nbsp; At that point, I can run further tests, particularly as defined by the Global Filtering Rules; but even if/when one of these tests produces a positive result, I face a no-win dilemma:&amp;nbsp; I have to either silently drop it on the floor (which is not a good idea in the case of messages from legitimate senders which happen to get trapped in a filter for some &quot;inadvertent&quot; reason -- such as containing a banned attachment type, for example), or generate and issue a bounce message (which is also a bad idea, particularly if the sender is off-site, since it can lead to propagating &quot;backscattered&quot; spam or worse -- and that is becoming less and less acceptable by the world at large with each passing day).&lt;/p&gt;&lt;p&gt;At the very least, the ability to create Transaction-Level Filtering rules based on ANY message header (such as, for example &quot;X-Mailer:&quot;, which can be a very reliable spamsign) is desperately needed.&amp;nbsp; But beyond this, it seems to me that ALL of the functions currently provided by the Global Filtering Rules &lt;b&gt;should&lt;/b&gt; be applicable &lt;b&gt;before&lt;/b&gt; MercS issues the final SMTP code (be that a &quot;250 Data received OK&quot;, or a 5xy code of some sort, as called for by the instant situation). &lt;/p&gt;&lt;p&gt;I know this is (or at least &quot;should be&quot;) do-able, as other MTAs &lt;b&gt;do&lt;/b&gt; manage it.&amp;nbsp; I was hoping to avoid (at least for awhile longer) having to make such a migration, due mostly to the learning curve it would inevitably bring with it (tho&#039; that said, I would also dearly love to be able to ditch yet another WinBox -- I was greatly encouraged by the &lt;a href=&quot;http://www.pmail.com/sundry/pmlinux.htm&quot; title=&quot;mention&quot; mce_href=&quot;http://www.pmail.com/sundry/pmlinux.htm&quot;&gt;mention&lt;/a&gt; awhile back of a possible Linux version of Mercury, which I think would be a VERY good idea; but I&#039;ve not seen any further progress on that front).&amp;nbsp; &lt;/p&gt;&lt;p&gt;So...&amp;nbsp; When can we look forward to usefully expanded Transaction-Level Filtering capabilities?&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;

[quote user="Sailor21"]

Hi --

I'm still running Mercury/32 v4.01b/c because, after eagerly downloading 4.5x, I found to my great disappointment that the ONE thing I was most anxiously waiting for was NOT among the various features added, despite the fact that it was requested/discussed long ago on <comp.mail.pegasus-mail.misc>. Add to this the change in licensing terms (which seems to have "caught me in the middle", so to speak -- but I digress), and the net result was a giant "Whoa, Nellie!"

The feature in question seemed (and seems) so obvious and fundamental, that it really surprised me that it wasn't included.  What I'm referring to here is a fix for the extremely limited ways in which Transaction-Level Filtering can be applied.  As it stands, I can't even test all the message headers, let alone the body, before being forced to either accept or reject the message. And since I cannot (yet) run some of the tests which might tell me that the message ought to be rejected, I have no choice but to accept it.  At that point, I can run further tests, particularly as defined by the Global Filtering Rules; but even if/when one of these tests produces a positive result, I face a no-win dilemma:  I have to either silently drop it on the floor (which is not a good idea in the case of messages from legitimate senders which happen to get trapped in a filter for some "inadvertent" reason -- such as containing a banned attachment type, for example), or generate and issue a bounce message (which is also a bad idea, particularly if the sender is off-site, since it can lead to propagating "backscattered" spam or worse -- and that is becoming less and less acceptable by the world at large with each passing day).

At the very least, the ability to create Transaction-Level Filtering rules based on ANY message header (such as, for example "X-Mailer:", which can be a very reliable spamsign) is desperately needed.  But beyond this, it seems to me that ALL of the functions currently provided by the Global Filtering Rules should be applicable before MercS issues the final SMTP code (be that a "250 Data received OK", or a 5xy code of some sort, as called for by the instant situation).

I know this is (or at least "should be") do-able, as other MTAs do manage it.  I was hoping to avoid (at least for awhile longer) having to make such a migration, due mostly to the learning curve it would inevitably bring with it (tho' that said, I would also dearly love to be able to ditch yet another WinBox -- I was greatly encouraged by the mention awhile back of a possible Linux version of Mercury, which I think would be a VERY good idea; but I've not seen any further progress on that front). 

So...  When can we look forward to usefully expanded Transaction-Level Filtering capabilities?

[/quote]

 

Not really sure how much good they will do for most people.  The transaction filters generally work on the SMTP mail headers and all those thing that happen prior the the DATA command to receive the actual body of the message and the actual message headers.  Working on the body of the RFC 2822 message looking for headers means are are in the process of downloading the mail already and normally you would not issue the 500 series error message in this stage of the message delivery.  I know it's legal to do it this way but it's messy.

FWIW, I've got Mercury/32 running on Linux (Ubuntu v7.10 with Wine v0.9.50) without any problems at all.  I am running Clamwall, Spamwall and Graywall as well.

[quote user=&quot;Sailor21&quot;]&lt;p&gt;Hi -- &lt;/p&gt;&lt;p&gt;I&#039;m still running Mercury/32 v4.01b/c because, after eagerly downloading 4.5x, I found to my great disappointment that the ONE thing I was most anxiously waiting for was NOT among the various features added, despite the fact that it was requested/discussed long ago on &amp;lt;&lt;a href=&quot;http://groups.google.com/group/comp.mail.pegasus-mail.misc?lnk=sg&quot;&gt;comp.mail.pegasus-mail.misc&lt;/a&gt;&amp;gt;. Add to this the change in licensing terms (which seems to have &quot;caught me in the middle&quot;, so to speak -- but I digress), and the net result was a giant &quot;Whoa, Nellie!&quot; &lt;/p&gt;&lt;p&gt;The feature in question seemed (and seems) so obvious and fundamental, that it really surprised me that it wasn&#039;t included.&amp;nbsp; What I&#039;m referring to here is a fix for the extremely limited ways in which Transaction-Level Filtering can be applied.&amp;nbsp; As it stands, I can&#039;t even test all the message headers, let alone the body, before being forced to either accept or reject the message. And since I cannot (yet) run some of the tests which might tell me that the message ought to be rejected, I have no choice but to accept it.&amp;nbsp; At that point, I can run further tests, particularly as defined by the Global Filtering Rules; but even if/when one of these tests produces a positive result, I face a no-win dilemma:&amp;nbsp; I have to either silently drop it on the floor (which is not a good idea in the case of messages from legitimate senders which happen to get trapped in a filter for some &quot;inadvertent&quot; reason -- such as containing a banned attachment type, for example), or generate and issue a bounce message (which is also a bad idea, particularly if the sender is off-site, since it can lead to propagating &quot;backscattered&quot; spam or worse -- and that is becoming less and less acceptable by the world at large with each passing day).&lt;/p&gt;&lt;p&gt;At the very least, the ability to create Transaction-Level Filtering rules based on ANY message header (such as, for example &quot;X-Mailer:&quot;, which can be a very reliable spamsign) is desperately needed.&amp;nbsp; But beyond this, it seems to me that ALL of the functions currently provided by the Global Filtering Rules &lt;b&gt;should&lt;/b&gt; be applicable &lt;b&gt;before&lt;/b&gt; MercS issues the final SMTP code (be that a &quot;250 Data received OK&quot;, or a 5xy code of some sort, as called for by the instant situation). &lt;/p&gt;&lt;p&gt;I know this is (or at least &quot;should be&quot;) do-able, as other MTAs &lt;b&gt;do&lt;/b&gt; manage it.&amp;nbsp; I was hoping to avoid (at least for awhile longer) having to make such a migration, due mostly to the learning curve it would inevitably bring with it (tho&#039; that said, I would also dearly love to be able to ditch yet another WinBox -- I was greatly encouraged by the &lt;a href=&quot;http://www.pmail.com/sundry/pmlinux.htm&quot; title=&quot;mention&quot; mce_href=&quot;http://www.pmail.com/sundry/pmlinux.htm&quot;&gt;mention&lt;/a&gt; awhile back of a possible Linux version of Mercury, which I think would be a VERY good idea; but I&#039;ve not seen any further progress on that front).&amp;nbsp; &lt;/p&gt;&lt;p&gt;So...&amp;nbsp; When can we look forward to usefully expanded Transaction-Level Filtering capabilities?&lt;/p&gt;&lt;p&gt;[/quote]&lt;/p&gt;&lt;p&gt;&amp;nbsp;&lt;/p&gt;&lt;p&gt;Not really sure how much good they will do for most people.&amp;nbsp; The transaction filters generally work on the SMTP mail headers and all those thing that happen prior the the DATA command to receive the actual body of the message and the actual message headers.&amp;nbsp; Working on the body of the RFC 2822 message looking for headers means are are in the process of downloading the mail already and normally you would not issue the 500 series error message in this stage of the message delivery.&amp;nbsp; I know it&#039;s legal to do it this way but it&#039;s messy.&lt;/p&gt;&lt;p&gt;FWIW, I&#039;ve got Mercury/32 running on Linux (Ubuntu v7.10 with Wine v0.9.50) without any problems at all.&amp;nbsp; I am running Clamwall, Spamwall and Graywall as well. &lt;/p&gt;
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft