[Mimedefang] Filtering Local Submission
David F. Skoll
dfs at roaringpenguin.com
Thu Feb 20 09:56:01 EST 2003
On Thu, 20 Feb 2003, Stefano McGhee wrote:
> if ($helo =~ /mydomain\.com/i) {
> if ($hostip eq "127.0.0.1" or $hostip =~ /^XXX\.XXX\.XXX\./)
> {
> return ('ACCEPT_AND_NO_MORE_FILTERING', "OK");
> }else{
> md_log('impersonation', 'Impersonation, host $hostip said HELO
> $helo'$
> return ('REJECT', "Go away. You're not me. I'm me.");
> }
> }
> return ('CONTINUE', "OK");
> I see a problem having MD not
> filtering mail that I want to bounce (forward to recipient), but continue
> to filter mail that is streamed. Since the streamed mail is resubmitted
> locally, it seems to fall into the same basket as the mail I bounce
> (forward to end recipient). Can I get around this?
Yes, indeed. Read the "PRESERVING RELAY INFORMATION" section of the
mimedefang-filter man page. If you create an IP validation header,
then the stream_by_recipient() function will preserve the original IP
address for filter_begin/filter/filter_end.
If you use this feature, a beautiful thing happens: Streamed-and-resent
mail has $RelayAddr set to the actual original relay's IP address,
while locally-originated or manually-bounced mail has $RelayAddr
set to 127.0.0.1. Cool, eh? :-)
However, you should not use ACCEPT_AND_NO_MORE_FILTERING in your
filter_relay function. Instead, do it in filter_begin/filter/filter_end.
Check if $RelayAddr is local, and return action_accept() if so. That's
because filter_relay only sees 127.0.0.1 for resend mail, whereas the
other filter functions extract the "real" relay address from the IP
validation header.
I hope this explains it; please read the man page and mimedefang.pl for
gory details.
--
David.
More information about the MIMEDefang
mailing list