TODO   [plain text]

SMTP, LMTP, mail address handling
- correctly RFC2822-quote addresses in From/To/Cc in DSN;
- resolve Net::SMTP deficiencies:
  * it should support pipelining;
  * enqueue SMTP responses and make them available in order or arrival,
    (needed for pipelining);
  * it should not report error if an optional parameter (e.g. SIZE)
    is available but MTA does not support it - should be silently ignored;
  * needs documented API to query a list of services offered by a server
    (EHLO response);
  * missing parameter - passing AUTH 'submitter' in MAIL FROM;
  * missing parameter - passing ORCPT in RCPT TO (needed for DSN - RFC 3461);
  * fix broken error report in IO::Socket when non-blocking mode is used
    (when timeout is nonzero): instead of 'Invalid argument' it should tell
    that the server is not reachable;
  * make use of IO::Socket::INET6 to provide IPv6 support;
  * investigate possibility of enhancing it to support LMTP;
- be able to do multiple-transaction sessions on the
  outgoing side (SMTP client);
- split_localpart(): check 'owner-special' handling, e.g. foo-request-spam@
- separate the application from SMTP protocol handling
  (re-investigate Net-Server-Mail and other Perl module attempts)
- provide LMTP client code (Net-LMTP is unsuitable);
- fallback relays, MX backups?
- one_response_for_all: report (propagate) all MTA SMTP responses if different

- make possible to use proper MIME content structure in notifications;
- optionally attach (chopped?) mail body to DSN?
- more versatile mail defanging: be able to rebuild mail from desired
  parts while throwing away or modifying undesired mail parts;
- use modified headers (and body?) as provided by SA ?
- macro expander: do not replace formal arguments %<n> which are within
  quoted replacement text (in the regexp macro as well);
- use macro expander instead of simple string replacements
  in Subject template edits;
- per-virus notifications, e.g. include URL or instructions in DSN
  (could make use of associative arrays in EXPAND if available);
- configurable/dynamic SMTP response message, e.g. include URL or instructions;
- result of banned lookup stored in a macro;
- don't send notifications if notifications text turns out to be empty,
  making it possible for a macro expansion during customization
  to turn off DSN (Florian Effenberger);
- choose the admin sender address and From header in DSN
  based on recipient address/domain (how to handle multiple recipient mail?);

- merge run_av and ask_av into one subroutine;
- split calls to virus scanner into multiple calls for long lists of files
  to be scanned, in oder not to exceed the command line / arguments size limit;
- configurable SAVI-Perl;
- clamscan (and others) need option '--mbox' when given full mail file,
  but not on already decoded parts (Michael Boelen);
- some scanners need proper file name extension to be able to recognize
  and decode a file correctly;
- viruses_that_recips_dont_care_about;
- optimize-away banned checks when bypassing banned checks is requested
  and $banned_namepath_re is used;
- prevent positive feedback loop when SA is used to train dspam
  (dspam score should not influence a decision to train dspam);
- keep consulting blacklist even if spam checking is bypassed;

- unwrap pgp/gpg armoring, especially on signed-only messages;
- file(1) is unable to differentiate or recognize various types
  of pgp/gpg mail (signed/encrypted/armored/signature/key);
- per-recipient bypass_decoding;
- support 7-Zip archives;
- yEnc encoding (NNTP); Appledouble encoding, Macintosh StuffIt;
- store_mgr: stop_expensive_decoding_at=n ?
- seek some solution to prevent decoder from attempting to create files
  outside of its designated directory;
- provide separate failure modes of expected (I/O, system) and unexpected
  errors when decoding;

- save am_id to conn object or to msginfo?
- amavis-milter.c: be able to approve locally originating DSN without
  calling amavisd to avoid deadlock (or the need to force '-odd');
- use timers in a manner to provide some resiliency to clock jumps;
- use multi-timers Perl module? make timer independent of its use by SA;
- syslog-ng problem (SA bug report 3625, syslog-ng may fork during posting);
- can we avoid keeping two copies of header (MIME::Entity and orig_headers)?

- provide per-recipient headers such as X-Spam* scores in the quarantined msg;
- do the quarantining later in the flow (after forwarding) to be able:
  * to add X-Envelope-To to the quarantined message only for recipients
    that didn't receive the mail;
  * to do the correct intersect between per-recipient quarantine_to
    and per-recipient kill level and other blockings;
- disable quarantine (and virus admin notifications) based on virus name;
- (optionally) disable quarantine for spam lovers implicitly;
- strip original X-Spam-* headers when releasing a quarantined message;
- update field after a quarantine release
- support quarantining by MTA (milter, HOLD)

- provide a LDAP and SQL proxy (or make use of the Postfix proxy_read_maps)
  to reduce the number of sessions to LDAP and SQL server;
- provide a true SNMP agent, based on already available database
  of statistics counters, and giving some thoughts on designing
  a true MIB (see TODO-SNMP-AGENT);
- "reverse AM.PDP" - lookups on external information sources or provide
  information to external plugins;
- should bypass* implicitly turn on *lovers?
- some kind of a "whitelist" for bad header checks;
- do not notify recipient when they will receive mail anyway (D_PASS,*_lovers)
- automatically turn off quarantinining when mail is to be delivered?
- notify when placing on HOLD at MTA ?
- configurable action on HOLD ?
- timeout -> HOLD ?
- notify at double bounce? (treat/describe as DISCARD)
- make dspam-supplied header fields available for cached messages as well
- store information about detected virus names to SQL when logging to SQL
- call Mail::DKIM directly from amavisd for signing and verification?

- documentation, documentation, documentation;
- malformed mail project and the like: tests, write FAQ;
- cleaner web page;

- more versatile mail defanging (see above);
- provide a true SNMP agent (see TODO-SNMP-AGENT);
- more sophisticated tools for plotting and analyzing collected
  statistics (such as SNMP counters and timing breakdown), and for
  providing early warnings in case of problems (including SNMP alerts);
- providing missing features and/or taking over the maintainership
  of Perl modules Net::SMTP (e.g. proper pipelining);
- Net::Server IPv6 support;
- write a Perl module for interfacing with libarchive
  (, which is an
  ambitious (currently primarily FreeBSD) programming library that can
  create and read several streaming archive formats, including most
  popular tar variants and the POSIX cpio format.
- a volunteer activist to act as a contact/development person towards
  SpamAssassin project, with a goal to split the SpamAssassin API into
  two independent phases: analyzing the message (once per message),
  and providing appropriately evaluated scores and mail header modifications
  based on recipient preferences (once per recipient);