TODO   [plain text]

SMTP, LMTP, mail address handling
- correctly RFC2822-quote addresses in From/To/Cc in DSN;
- handle 450 reply to RCPT TO and pass it individually back to LMTP,
  instead of sending 450 for all recipients (needs the sending part
  to be aware of the receiving end's capabilities);
- SMTP (RFC2821 section 4.1.2): strip away source routing or pass it on
  "<" [Adl ":"] mailbox ">" "@" domain { "," "@" domain }
- avoid un-quoting and re-quoting addresses: keep them in the original form
  besides the decoded form;
- resolve Net::SMTP deficiencies:
  * it should support pipelining;
  * enqueue SMTP responses and make them available in order or arrival,
    (needed for pipelining);
  * it should not not report error if an optional info (e.g. SIZE)
    is available but MTA does not support it - should be silently ignored;
  * passing AUTH 'submitter' in MAIL FROM;
  * fix broken error report in IO::Socket when non-blocking mode is used
    (when timeout is nonzero): instead of 'Invalid argument' it should tell
    that the server is not reachable;
- be able to do multiple-transactions on the outgoing side (SMTP client);
- split_localpart(): check 'owner-special' handling, e.g. foo-request-spam@
- separate application from SMTP protocol handling
  (investigate Net-Server-Mail and other Perl module attempts;
  last time I checked they were still unsuitable);
- provide LMTP client code (Net-LMTP is unsuitable);
- fallback relays, MX backups?

- more unique Message-ID for DSN !!!
- make possible to use proper MIME content structure in notifications;
- RFC3461, RFC3798, DSN NOTIFY=...
- more versatile defanging - be able to rebuild mail from parts;
- more versatile EXPAND: longer macro names, expressions, mappings/lookups,...
- passed infected mail should be able to modify Subject (a patch
  by Scott Bronson, 2003-08-09);
- similarly: banned subject tag;
- use modified headers (and body?) as provided by SA ?
- provide more flexible Subject edits, e.g. to include additional information
  such as score points; perhaps use expand template for the purpose?
- per-virus notifications, e.g. include URL or instructions in DSN
  (could make use of associative arrays in EXPAND if available);
- result of banned lookup stored in a macro;
- don't send notifications if notifications text turns out to be empty,
  making it possible for a macro expansion during customization
  to turn off DSN (Florian Effenberger);
- choose the admin sender address in DSN based on recipient address/domain;
- multiple administrator addresses?
- virus-admin and spam-admin SQL fields;
- provide separate admin addresses $banned_admin and $badh_admin;

- merge run_av and ask_av into one subroutine;
- split calls to virus scanner into multiple calls on long lists of files
  to be scanned in oder not to exceed the command line / arguments size limit;
- configurable SAVI-Perl; auto-reload on IDE changes;
- clamscan (and others) need option '--mbox' when given full mail file,
  but not on already decoded parts (Michael Boelen);
- some scanners need proper file name extension to be able to recognize
  and decode the file correctly;
- viruses_that_recips_dont_care_about;

- unwrap pgp/gpg armoring, especially on signed-only messages;
- file(1) is unable to differentiate or recognize various types
  of pgp/gpg mail (signed/encrypted/armored/signature/key);
- MIME::Parser - how to obtain only headers without having to decode body?
- TNEF: lose 'copy', test copy status and status of the 'print';
- yEnc encoding (NNTP);
- Appledouble encoding;
- store_mgr: stop_expensive_decoding_at=n ?

- save am_id to conn object or to msginfo?
- remove the need for /dev/null in chroot
- more unique am_id;
- amavis-milter.c: be able to approve locally originating DSN without
  calling amavisd to avoid deadlock (or the need to force '-odd');
- use timers in a manner to provide some resiliency to clock jumps;
- use multi-timers Perl module?
- don't preserve evidence for common cases (mostly done now);
- provide an alternative distribution package without EICAR and zip bombs
  to facilitate download for some clients;
- syslog-ng problem (SA bug report 3625, syslog-ng may fork during posting);

- do the quarantining later in the flow (after forwarding) to be able:
  * to add X-Envelope-To to the quarantined message only for recipients
    that didn't receive the mail;
  * to do the correct intersect between per-recipient quarantine_to
    and per-recipient kill level and other blockings;
- provide proper quarantine-releasing utility (needs to extract addresses
  from the quarantined file, remove certain header fields, hide recipients
  from each other to respect privacy, and do it reliably as a SMTP client);
- more compact and unique quarantine ID;

- per-recipient banned rules;
- per-recipient BOUNCE/DISCARD selection;
- some kind of a "whitelist" for bad header checks;
- SNMP agent!
- AM.PDP milter helper program!
- do not notify recipient when they will receive mail anyway (D_PASS,*_lovers)
- notify when placing on HOLD at MTA ?
- configurable action on HOLD ?
- timeout -> HOLD ?
- reports "Blocked CLEAN" in case of TEMPFAIL !?
- notify at double bounce? (treat/describe as DISCARD)
- spam_tag2_destiny???

- documentation, documentation, documentation
- malformed mail project and the like: tests, write FAQ;
- cleaner web page;