Provided by: courier-mta_1.0.16-3build3_amd64 bug

NAME

       courierfilter - Courier mail filters

SYNOPSIS

       courierfilter [[start] | [stop] | [restart]]

       filterctl [[start] | [stop]] [filter]

DESCRIPTION

       The filterctl commands install or uninstall global mail filters. Global mail filters are
       used to selectively block unwanted mail. More than one mail filter can be enabled at the
       same time. Three filters - dupfilter(8)[1], verifyfilter(8)[2] and courierperlfilter(8)[3]
       - are provided as examples for writing mail filters.

       courierfilter start runs all mail filters that have been installed by filterctl.
       courierfilter stop shuts down all running mail filters. After courierfilter start, any
       filterctl commands take effect immediately. After courierfilter stop any filterctl
       commands will take effect at the next courierfilter start.

       courierfilter restart signals the running courierfilter to reread its configuration files.
       This is normally done automatically, by filterctl.

       If any mail filter is installed, the mail filter must be running in order for any mail to
       be processed. Mail filters are assumed to be empowered to enforce system-wide mail
       policies, so if an installed mail filter is not running then mail will not be accepted by
       the system. Note that mail will not be rejected, if possible. Every attempt will be made
       to send a temporary error code to an external mail system, asking it to try again later.

       For this reason, you should modify your system boot script to run courierfilter start as
       soon as possible, and run courierfilter stop during the final portion of your system
       shutdown script. It is not necessary to run courierfilter if you do not install a mail
       filter with filterctl.

MAIL FILTER IMPLEMENTATION

       This section explains how mail filters are implemented, and how to write a new global mail
       filter.

       Available mail filter binaries are located in the directory /usr/lib/courier/filters. The
       filterctl script looks in this directory to see which mail filters are available to be
       installed. Installing a mail filter consists of simply creating a soft link from the
       directory /etc/courier/filters/active to its corresponding binary in
       /usr/lib/courier/filters. The courierfilter start command simply reads
       /etc/courier/filters/active and runs every program in this directory.

       The filterctl script sends a HUP signal to courierfilter after installing or uninstalling
       a filter.  courierfilter will reread the contents of /etc/courier/filters/active then
       start or stop individual mail filters.

       After starting, an individual mail filter must create a filesystem domain socket in one of
       two directories: /var/lib/courier/filters or /var/lib/courier/allfilters. The name of the
       socket should be the same as a name of the filter, and the mail filter must make sure to
       remove any socket by the same name in the other directory. For various silly reasons, the
       recommended implementation is to create /var/lib/courier/filters/.NAME or
       /var/lib/courier/allfilters/.NAME (after making sure that it doesn't exist) then rename
       .NAME to NAME.

       After initializing the socket, the mail filter must then close its file descriptor #3.
       File descriptor 3 is inherited by every mail filter that's executed by the courierfilter
       start command. The mail filter's file descriptor 3 is connected to the write end of a
       pipe, which may be relevant to certain ways of implementing the closing of the file
       descriptor, for instance in Perl where you may be forced to pseudo-open the descriptor (in
       write mode) before closing it. The courierfilter start command will not exit until every
       started mail filter closes its file descriptor 3. This allows for all mail filters to
       orderly initialize themselves before courierfilter start command returns.

       All mail filters also inherit a pipe on standard input, and must terminate when the pipe
       is closed. Mail filters must simultaneously listen for new connections on the mail filter
       socket, and for their standard input to close.

       The mail filter receives a new connection on its socket for every message that needs to be
       filtered. After establishing a connection, the mail filter will immediately read the
       following information from the new socket:

       A pathname to a file containing the contents of the message.

       One or more pathnames to control files for this message.

       Each pathname is terminated by a single newline character. The last pathname is followed
       by a second newline character. The pathnames may either be relative pathnames to /usr or
       absolute pathnames, depending on the system configuration.

       The mail filter is free to judge the message's worthiness by reading its contents and/or
       control file(s) as soon as a second consecutive newline character is received. The final
       verdict is rendered by writing back a result code on the same socket. The result code
       follows the same format as regular SMTP replies (even though the message may not have been
       received via SMTP), and can be used to communicate acceptance, temporary failure, or a
       permanent failure. If it's a failure, then the text portion of the result code will be
       used, if possible. The result code may be a multiline response, just like a regular SMTP
       reply. The mail filter must immediately close the connection after writing the result
       code. After closing the socket the mail filter must then proceed to wait for another
       connection request on the original listening socket.

       The mail filter can be multithreaded or multitasked, and can accept multiple connections
       simultaneously. When its standard input is closed the mail filter should stop accepting
       new connections and wait for any existing connections to be closed, prior to exiting.

       Global mail filters must be EXTREMELY resilient to runtime failures. Since mail will not
       be processed if an installed mail filter is not running, if a mail filter crashes it will
       effectively shut down the mail server. Currently courierfilter does not attempt to restart
       mail filters which crash.

MAIL FILTER INVOCATION

       The system administrator defines what mail gets filtered by editing the contents of the
       enablefiltering configuration file in /etc/courier. This configuration file contains a
       list of mail sources that should be filtered, like esmtp or local. See courier(8)[4] for
       more information. A default /etc/courier/enablefiltering file is installed that specifies
       only the esmtp mail source as subject to filtering.

       A message is not subject to filtering if its source is not listed in
       /etc/courier/enablefiltering. Otherwise the following rules apply.

       Certain mail destinations have the ability to selectively whitelist arbitrary messages.
       For example, local mail recipients have the ability to selectively whitelist individual
       messages, provided that a local mail filter (independent of any global mail filter) is
       installed that implements the maildrop filtering API[5].

       New messages are filtered by connecting to every socket in /var/lib/courier/filters and/or
       /var/lib/courier/allfilters, one at a time. All mail filters must accept the message, for
       it to be accepted by Courier. If a socket exists but a connection cannot be established
       then the message is not accepted, and a temporary failure indication is returned. That's
       why no mail will be accepted unless all installed mail filters are running.

       Mail recipients that did not whitelist the sender, via the maildrop API, will have their
       mail filtered against everything in /var/lib/courier/filters and
       /var/lib/courier/allfilters. Mail to recipients that whitelisted the sender, or mail to
       destinations that do not use a maildrop API-compatible filter, will be filtered only
       against the contents of /var/lib/courier/allfilters.

       This gives system administrators a choice whether to install selective, or mandatory mail
       filters, or a combination of both.

BUGS

       Many filesystem domain socket implementation are buggy.

       Handling of crashed mail filters could be improved.

FILES

       /usr/lib/courier/filters
           Available mail filters.

       /etc/courier/filters
           Miscellaneous configuration files.

       /etc/courier/filters/active
           Installed mail filters.

       /etc/courier/enablefiltering
           Which mail sources to filter.

       /var/lib/courier/allfilters
           Mandatory filters.

       /var/lib/courier/filters
           Optional filters.

SEE ALSO

       localmailfilter(7)[5], courier(8)[4], dupfilter(8)[1], ratefilter(8)[6],
       verifyfilter(8)[2], courierperlfilter(8)[3].

AUTHOR

       Sam Varshavchik
           Author

NOTES

        1. dupfilter(8)
           http://www.courier-mta.org/dupfilter.html

        2. verifyfilter(8)
           http://www.courier-mta.org/verifyfilter.html

        3. courierperlfilter(8)
           http://www.courier-mta.org/courierperlfilter.html

        4. courier(8)
           http://www.courier-mta.org/courier.html

        5. maildrop filtering API
           http://www.courier-mta.org/localmailfilter.html

        6. ratefilter(8)
           http://www.courier-mta.org/ratefilter.html