|Stable release||2.75 / May 21, 2014|
|Written in||C, Perl|
|License||GNU General Public License|
MIMEDefang can be used to:
- Block viruses (e.g. using Clamav)
- Block or tag spam (e.g. using SpamAssassin)
- Remove HTML mail parts
- Add boilerplate disclaimers to outgoing mail
- Remove or alter attachments
- Replace attachments with URLs
- Implement sophisticated access controls.
MIMEDefang was originally developed by David F. Skoll, who was contracted by the Royal College of Physicians and Surgeons of Canada in 2000 to help stop the flood of email viruses to the college's network. The software was written to filter attachments and was originally called MIMESweeper, then MIMEDefanger, and currently MIMEDefang. Skoll announced his software to the public on August 28, 2000. On December 21, 2001, a version incorporating support for SpamAssassin was released, making MIMEDefang a filter for both spam and viruses. Skoll's company, Roaring Penguin Software, currently markets a commercial anti-spam product known as CanIt, which is based on the open-source version of MIMEDefang.
The Milter library included with Sendmail uses POSIX threads to allow multiple concurrent filters. MIMEDefang's Perl filter uses a pre-forked process model, similar to the traditional Apache Web server multi-processing model. MIMEDefang therefore consists of three components:
- A multithreaded C program that communicates with Sendmail and the filtering processes
- A multiplexor (written in C) that manages a pool of Perl scanning processes (called "slaves")
- A Perl program called mimedefang.pl that provides the basic filtering infrastructure.
MIMEDefang users code their filtering policies in Perl, using the infrastructure provided by mimedefang.pl. They don't need to worry about thread synchronizations because each Perl filter is a separate single-threaded process.
The infrastructure provided by mimedefang.pl follows the Milter API reasonably closely, but not exactly. It includes convenience routines for parsing and rebuilding MIME messages so that filter authors can concentrate on high-level policy rather than worry about low-level API details. This convenience comes with a small loss of flexibility and some loss of performance.