Frequently Asked Questions


General questions and answers.

MIMEDefang is a framework for filtering e-mail. It uses Sendmail's "Milter" API, some C glue code, and some Perl code to let you write high-performance mail filters in Perl.

People use MIMEDefang to:

  • Block viruses
  • Block or tag spam
  • Remove HTML mail parts
  • Add boilerplate disclaimers to outgoing mail
  • Remove or alter attachments
  • Replace attachments with URL's
  • Implement sophisticated access controls.

You're limited only by your imagination. If you can think of it and code it in Perl, you can do it with MIMEDefang.

The following software is required for MIMEDefang:

  • A UNIX or UNIX-like operating system. MIMEDefang is known to run on Linux, FreeBSD, OpenBSD, NetBSD, Solaris, HP-UX, Tru64 UNIX, and AIX.
  • Sendmail 8.12 or newer with Milter support.
  • Perl 5.8.9 or newer.
  • The following Perl modules:
    • MIME::tools 5.420 or higher
    • IO::Stringy 1.212 or higher
    • MIME::Base64 2.11 or higher
    • MailTools 1.1401 or higher
    • Digest::SHA1 2.00 or higher
  • (Optional) Other Perl modules like Mail::SpamAssassin
  • A C compiler and C development environment

First, download MIMEDefang from the download page.

Next, unpack the MIMEDefang tar file and follow the instructions in the README file. Depending on how your Sendmail binary was compiled, you may need to recompile it to add Milter support. Note that modern systems Milter support included in their versions of Sendmail.

Please note that you need a UNIX or UNIX-like system with Perl and a C development environment to install MIMEDefang from source.

The MIMEDefang system consists of three main programs:

  • mimedefang is a C "Milter" program. It talks directly to Sendmail using the multi-threaded Milter library.
  • mimedefang-multiplexor is a C program that accepts requests from mimedefang and forwards them to one of a pool of slave Perl processes.
  • is a Perl program that does the actual mail filtering. The multiplexor manages a pool of these processes, forwarding idle processes work and reading the results.

A complete description of the architecture may be found in the PDF presentation slides.


Common problems and how to fix them.

Symptom: When you build MIMEDefang, it detects SpamAssassin just fine. But when you run it, it doesn't seem to find the SpamAssassin Perl modules.

Probable Cause: This is often caused by a permissions problem. Make sure all of the SpamAssassin Perl modules and data files are world-readable.

Underlying Cause: What made the file permissions wrong in the first place? Some installation scripts will explicitly change the permissions on all files they install. Others will just create the files, meaning they get created with whatever are the default permissions for the user. Since most installs are done by root, you need to look at root's umask setting to see what the default permissions are.

Symptom: Network-related SpamAssassin tests don't seem to have any effect.

Probable Cause: These tests must be specially enabled when SpamAssassin is used in conjunction with MIMEDefang. To enable them, you must do two things:

  1. Enable them in the file /etc/mail/spamassassin/ MIMEDefang uses this file for its global SpamAssassin configuration.
  2. In your filter, add the line: $SALocalTestsOnly = 0;

You may also need to add these lines to /etc/mail/spamassassin/

use_dcc 1
dcc_timeout 10
dcc_path /usr/local/bin/dccproc

(Substitute appropriate paths for your system.)

Symptom: I used action_add_header to add a new "To:" (or "Cc:" or "Bcc:") field to a message, or used action_change_header to change the "To:" field, but the message didn't go where I thought it should.

Cause: Changing headers does not change the destination of the email message. That is controlled by the envelope recipient(s) in the SMTP dialog. You will have to use add_recipient and/or delete_recipient to change the destination for a message.

Symptom: I configured SpamAssassin to add the spam score to the subject, but it won't do it.

Cause: When you run SpamAssassin under MIMEDefang, SpamAssassin cannot change the message in any way. If you want to add any spam-related headers, you will have to do this in your rules file (mimedefang-filter). Most people seem to do this in filter_end (after all parts have been checked for viruses). The sample filter has code to call SA and add an X-Spam-Score: header to messages SA tags as spam.

If you want to change the subject, use something like this in filter_end:

action_change_header('Subject', "***SPAM*** $Subject");

Symptom: I am running MIMEDefang, but now I am getting a lot of messages in my syslog that look like this:

Milter change: header MIME-Version: from 1.0 to 1.0

Cause: It is actually the Milter engine of sendmail that is logging all those. To reduce the amount of logging, try putting this line:

define(`confMILTER_LOG_LEVEL', `8')dnl

in your file and then re-generate your

MIMEDefang runs as the configured defang user, hence, SpamAssassin's integration into MIMEDefang runs as this user, too.

In order to test the configuration use this command (as root):

su defang -s /bin/bash -c 'spamassassin -x -p /etc/mail/ -D --lint'

  • use the correct name for defang you have configured to run MIMEDefang under,
  • use the correct path for the MIMEDefang-SpamAssassin configuration file /etc/mail/
  • -s /bin/bash ensures that su uses a valid shell, because normally the defang user does not need one
  • instead of --lint you can pipe or redirect any message to check into this call, e.g.:
    su defang -s /bin/bash -c 'spamassassin -x -p /etc/mail/ -D' < message

Also see: Why don't SpamAssassin DCC/Razor/RBL checks work?


How to do various common things.

/bin/mount -t tmpfs -o size=500m,mode=0700,uid=${md_user},gid=${md_group} /dev/shm $md_spooldir

/dev/shm is provided in most newer Linux systems, maybe none works for you, too.

Adjust the size, of course.

Replace ${md_user} and ${md_group} with the appropriate UID and GID, in order to give MIMEDefang write permission to the directories.

Replace ${md_spooldir} with the directory specified with the --with-spooldir= option during the ./configure of MIMEDefang.

The idea is to have all temporary files of MIMEDefang been spooled on a very fast RAM disk. None of these files are required after SMTP phase is over. Hence, make sure that --with-quarantinedir= points somewhere else!