Spamfilter early verdicts

Most spam/virus filter plugins base their decisions on message content. (SpamAssassin in particular acts solely based upon the message content it receives---though it attempts to make some assumptions about the  message envelope based on material in the message itself.) However, as  of Messaging Server 7.0 the MTA supports allowing spam/virus filters packages to  return a so-called "early verdict", based upon the source IP  address alone (as for instance in cases where the incoming connection  is from a source IP that the spam/virus filter package considers to be  a known spam source). Currently only the Brightmail and  milter plugins  are capable of returning such an early verdict. Early verdicts must be explicitly enabled in Brightmail; in milter, an early verdict  corresponds to a message reject action taken at the SMFIC_CONNECT phase.

If the spam filter plugin is activated based on the source channel or the envelope from address, any early verdict checks are done at the  start (MAIL FROM) of the SMTP transaction. However, if the spam filter plugin is activated based on destination channel or the recipient  address, the check won&#x27;t happen until that recipient address is  communicated (RCPT TO). But in either case the rejection only occurs after the SMTP connection has been accepted by the Dispatcher and  passed to the SMTP server.

In some cases it is preferable to have such checks done from the Dispatcher  so that the connection itself can be refused. A mapping callout routine,  , is therefore provided so  this can be done from the    mapping. The callout accepts two arguments separated by a vertical bar: (1) the slot number of the spam  filter plugin to use, and (2) the IP address to check. The callout succeeds if an early verdict is returned.

An example of directly using Brightmail&#x27;s "early verdict string" (without any additional MTA text, as would normally be  added) is: PORT_ACCESS &#x2a;&#x7c;&#x2a;&#x7c;&#x2a;&#x7c;&#x2a;     $:A$&#x5b;IMTA_LIB:libimta.so,mm_check_reputation,1&#x7c;$1&#x5d;$N The  is used in this example to make sure this check is  only done from the Dispatcher, and not the SMTP server. (In contrast,   would be used to ensure that the check would be done  only from the SMTP server and not from the Dispatcher.)

See also:
 * Spamfilter MTA options
 * Milter implementation
 * Milter spamfilterN_config_file
 * Brightmail spamfilterN_config_file
 * Mapping entry templates
 * PORT_ACCESS mapping table
 * Dispatcher
 * Spam and virus filtering