[Feature] Do not add spam headers or rewrite subject in outgoing emails

[ThiefMaster]

Summary

For outgoing emails from authenticated users anything that appears spammy enough to flag the email (header rewrite or subject), should be rejected.

Motivation

Are outgoing spam mail sent?
It is no different from incoming mail. An email will be sent with spam header if it has triggered add header action. A email will be rejected if has triggered reject action.

Originally posted by @moisseev in #3773 (comment)

This feels like a really bad idea. If a user writes an email that's bad enough to be classified as spam, they should be informed about this (by rejecting their email) - adding a header or even subject rewrite but still sending the email to the intended recipient is a bad idea. After all, it will look incredibly bad if you send an email and it arrives with a "Spam" subject.

If the email is sent by some scripts, webapp, etc, then it might be compromised or abused for spam - another case where you really do NOT want to send the actual email, but rather reject it during the SMTP session (which will most likely be logged as an error in the client application, and thus allow follow-up).

Describe alternatives you've considered

Adding this to local.d/settings.conf

authenticated {
  priority = high;
  authenticated = yes;
  apply {
      subject = "%s";
      actions {
        reject = 6.0;
        "add header" = nan;
        "rewrite subject" = nan;
      }
  }
}

While this kind of works, it's a bad idea because just like the documentation mentions, actions can be forced regardless of score thresholds (easy to test with the gtube-like strings).

[vstakhov]

Well, setting threshold to nan should do exactly what it does: reset an action's threshold completely. However, setting action's theshold to null should, indeed, disallow this action to be applied. The vast majority of passtrough actions are least actions however. So in fact, this change is not even required, as reject action will win, for example, add header action. But I like the idea to set it explicitly.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.