[Mimedefang] restricting senders who can post to a specific recipient

[David F. Skoll]

On Sun, 25 Aug 2002, Tony Nugent wrote:

> After my testing (also upgraded to 2.19), it appears that
> filter_recipient() (and family) are called before any filtering
> actually begins... filter_begin() has not been called at this point.

Correct.  The filter_xxx functions are tied intimately into the Milter
API.

filter_relay() and filter_sender() are both called from the Milter
"xxfi_envfrom" callback.  filter_recipient() is called from
"xxfi_rcptto".  When these three functions are called, there is *no*
message yet, and you cannot make any function calls which manipulate
headers or the message content.  Furthermore, don't set any global
variables from these functions -- they may or may not be visible
to subsequent functions.

The filter_begin()/filter()/filter_sender() triplet are all called
from "xxfi_eom".  At this point, you have the entire message and can
manipulate headers and body.  Because the functions are called in a
single Perl process in this sequence:

	filter_begin()
	filter(body_part_1)
	filter(body_part_2)
	...
	filter(body_part_N)
	filter_end()

You can set variables in earlier calls and use them in later calls.

> What about calling other functions called from filter_recipients()?
> For example, is it safe or even useful to rewite headers, add/delete
> recipients, quarantine_entire_message() and so on at this point?

It is impossible.

> Also, the smtp conversation appears to indicate that the decision to
> accept or reject the message is taken after the entire message has
> been received.

No; if you reject a host in filter_relay or a sender in filter_sender,
it gets rejected after MAIL FROM:.  Rejecting a recipient in
filter_recipient happens after RCPT TO:  Anything in filter_begin,
filter, or filter_end happens after the end of DATA.

I will write up a document detailing this flow, because it seems
to be a common question.

Regards,

David.