[Mimedefang] Filtering Local Submission

David F. Skoll dfs at roaringpenguin.com
Thu Feb 20 09:56:01 EST 2003

On Thu, 20 Feb 2003, Stefano McGhee wrote:

>     if ($helo =~ /mydomain\.com/i) {
>         if ($hostip eq "" or $hostip =~ /^XXX\.XXX\.XXX\./)
>                 {
>                 return ('ACCEPT_AND_NO_MORE_FILTERING', "OK");
>         }else{
>             md_log('impersonation', 'Impersonation, host $hostip said HELO
> $helo'$
>             return ('REJECT', "Go away. You're not me. I'm me.");
>         }
>     }
>     return ('CONTINUE', "OK");

> I see a problem having MD not
> filtering mail that I want to bounce (forward to recipient), but continue
> to filter mail that is streamed.  Since the streamed mail is resubmitted
> locally, it seems to fall into the same basket as the mail I bounce
> (forward to end recipient).  Can I get around this?

Yes, indeed.  Read the "PRESERVING RELAY INFORMATION" section of the
mimedefang-filter man page.  If you create an IP validation header,
then the stream_by_recipient() function will preserve the original IP
address for filter_begin/filter/filter_end.

If you use this feature, a beautiful thing happens:  Streamed-and-resent
mail has $RelayAddr set to the actual original relay's IP address,
while locally-originated or manually-bounced mail has $RelayAddr
set to  Cool, eh? :-)

However, you should not use ACCEPT_AND_NO_MORE_FILTERING in your
filter_relay function.  Instead, do it in filter_begin/filter/filter_end.
Check if $RelayAddr is local, and return action_accept() if so.  That's
because filter_relay only sees for resend mail, whereas the
other filter functions extract the "real" relay address from the IP
validation header.

I hope this explains it; please read the man page and mimedefang.pl for
gory details.


More information about the MIMEDefang mailing list