Qmail-skim is a queue enhancement for the venerable qmail MTA. Inserted as a replacement for qmail-queue, it allows for subjecting messages to an array of user-configurable tests including simple envelope, header, and body pattern checks, with potential rejection of offending messages at SMTP/queue time. Additionally, qmail-skim can determine the fate of a message based on prior envelope sender or auth-user behavior, allowing for various rate-limiting options, as well as specialized phish-handling options by integration with third-party script.

This solution has been in use at a small-to-medium-sized MTA installation for years. Its primary emphasis has been on inspecting outgoing mail, with its battery of “phish” tests developed in response to mail-sending patterns typical of spamming/compromised accounts. Production response to such signatures has included scrambling of user account passwords and automatic firewall blocks.

I have finally (mostly) polished this up enough for some kind of release. Full documentation at http://www.fritzhardy.com/projects/qmail-skim/ and code pushed to https://github.com/fritzhardy/qmail-skim.