TODO   [plain text]


SMTP, LMTP, mail address handling
- correctly RFC2822-quote addresses in From/To/Cc in DSN;
- resolve Net::SMTP deficiencies:
  * it should support pipelining;
  * enqueue SMTP responses and make them available in order or arrival,
    (needed for pipelining);
  * it should not report error if an optional parameter (e.g. SIZE)
    is available but MTA does not support it - should be silently ignored;
  * needs documented API to query a list of services offered by a server
    (EHLO response);
  * missing parameter - passing AUTH 'submitter' in MAIL FROM;
  * missing parameter - passing ORCPT in RCPT TO (needed for DSN - RFC 3461);
  * fix broken error report in IO::Socket when non-blocking mode is used
    (when timeout is nonzero): instead of 'Invalid argument' it should tell
    that the server is not reachable;
  * make use of IO::Socket::INET6 to provide IPv6 support;
  * investigate possibility of enhancing it to support LMTP;
- be able to do multiple-transaction sessions on the
  outgoing side (SMTP client);
- split_localpart(): check 'owner-special' handling, e.g. foo-request-spam@
- separate the application from SMTP protocol handling
  (re-investigate Net-Server-Mail and other Perl module attempts)
- provide LMTP client code (Net-LMTP is unsuitable);
- fallback relays, MX backups?
- one_response_for_all: report (propagate) all MTA SMTP responses if different

MAIL MODIFICATIONS, EXPAND, NOTIFICATIONS:
- make possible to use proper MIME content structure in notifications;
- optionally attach (chopped?) mail body to DSN?
- more versatile mail defanging: be able to rebuild mail from desired
  parts while throwing away or modifying undesired mail parts;
- use modified headers (and body?) as provided by SA ?
- macro expander: do not replace formal arguments %<n> which are within
  quoted replacement text (in the regexp macro as well);
- use macro expander instead of simple string replacements
  in Subject template edits;
- per-virus notifications, e.g. include URL or instructions in DSN
  (could make use of associative arrays in EXPAND if available);
- configurable/dynamic SMTP response message, e.g. include URL or instructions;
- result of banned lookup stored in a macro;
- don't send notifications if notifications text turns out to be empty,
  making it possible for a macro expansion during customization
  to turn off DSN (Florian Effenberger);
- choose the admin sender address and From header in DSN
  based on recipient address/domain (how to handle multiple recipient mail?);

VIRUS AND OTHER MALWARE SCANNING:
- merge run_av and ask_av into one subroutine;
- split calls to virus scanner into multiple calls for long lists of files
  to be scanned, in oder not to exceed the command line / arguments size limit;
- configurable SAVI-Perl;
- clamscan (and others) need option '--mbox' when given full mail file,
  but not on already decoded parts (Michael Boelen);
- some scanners need proper file name extension to be able to recognize
  and decode a file correctly;
- viruses_that_recips_dont_care_about;
- optimize-away banned checks when bypassing banned checks is requested
  and $banned_namepath_re is used;
- prevent positive feedback loop when SA is used to train dspam
  (dspam score should not influence a decision to train dspam);
- keep consulting blacklist even if spam checking is bypassed;

MAIL DECODING/DE-ARCHIVING:
- unwrap pgp/gpg armoring, especially on signed-only messages;
- file(1) is unable to differentiate or recognize various types
  of pgp/gpg mail (signed/encrypted/armored/signature/key);
- per-recipient bypass_decoding;
- support 7-Zip archives;
- yEnc encoding www.yenc.org (NNTP); Appledouble encoding, Macintosh StuffIt;
- store_mgr: stop_expensive_decoding_at=n ?
- seek some solution to prevent decoder from attempting to create files
  outside of its designated directory;
- provide separate failure modes of expected (I/O, system) and unexpected
  errors when decoding;

INTERNALS, CODING, ...
- save am_id to conn object or to msginfo?
- amavis-milter.c: be able to approve locally originating DSN without
  calling amavisd to avoid deadlock (or the need to force '-odd');
- use timers in a manner to provide some resiliency to clock jumps;
- use multi-timers Perl module? make timer independent of its use by SA;
- syslog-ng problem (SA bug report 3625, syslog-ng may fork during posting);
- can we avoid keeping two copies of header (MIME::Entity and orig_headers)?

QUARANTINE
- provide per-recipient headers such as X-Spam* scores in the quarantined msg;
- do the quarantining later in the flow (after forwarding) to be able:
  * to add X-Envelope-To to the quarantined message only for recipients
    that didn't receive the mail;
  * to do the correct intersect between per-recipient quarantine_to
    and per-recipient kill level and other blockings;
- disable quarantine (and virus admin notifications) based on virus name;
- (optionally) disable quarantine for spam lovers implicitly;
- strip original X-Spam-* headers when releasing a quarantined message;
- update msgrcpt.rs field after a quarantine release
- support quarantining by MTA (milter, HOLD)

GENERAL, NEW FEATURES
- provide a LDAP and SQL proxy (or make use of the Postfix proxy_read_maps)
  to reduce the number of sessions to LDAP and SQL server;
- provide a true SNMP agent, based on already available database
  of statistics counters, and giving some thoughts on designing
  a true MIB (see TODO-SNMP-AGENT);
- "reverse AM.PDP" - lookups on external information sources or provide
  information to external plugins;
- should bypass* implicitly turn on *lovers?
- some kind of a "whitelist" for bad header checks;
- do not notify recipient when they will receive mail anyway (D_PASS,*_lovers)
- automatically turn off quarantinining when mail is to be delivered?
- notify when placing on HOLD at MTA ?
- configurable action on HOLD ?
- timeout -> HOLD ?
- notify at double bounce? (treat/describe as DISCARD)
- make dspam-supplied header fields available for cached messages as well
- store information about detected virus names to SQL when logging to SQL
- call Mail::DKIM directly from amavisd for signing and verification?

DOCUMENTATION
- documentation, documentation, documentation;
- malformed mail project and the like: tests, write FAQ;
- cleaner web page;

SOME OF THE MORE SELF-CONTAINED PROJECTS
- more versatile mail defanging (see above);
- provide a true SNMP agent (see TODO-SNMP-AGENT);
- more sophisticated tools for plotting and analyzing collected
  statistics (such as SNMP counters and timing breakdown), and for
  providing early warnings in case of problems (including SNMP alerts);
- providing missing features and/or taking over the maintainership
  of Perl modules Net::SMTP (e.g. proper pipelining);
- Net::Server IPv6 support;
- write a Perl module for interfacing with libarchive
  (http://people.freebsd.org/~kientzle/libarchive/), which is an
  ambitious (currently primarily FreeBSD) programming library that can
  create and read several streaming archive formats, including most
  popular tar variants and the POSIX cpio format.
- a volunteer activist to act as a contact/development person towards
  SpamAssassin project, with a goal to split the SpamAssassin API into
  two independent phases: analyzing the message (once per message),
  and providing appropriately evaluated scores and mail header modifications
  based on recipient preferences (once per recipient);