[Mimedefang] stream_by_... and invalid users

[David F. Skoll]

On Tue, 14 Oct 2003, John Nemeth wrote:

>     PERL isn't one of my strong suits, but C is...  "Sendmail, you're
> going to have a chat with Mr. Vi, and then you're going to have a chat
> with Mr. GCC," said I...  I will report back after it is fully tested
> and/or I get some input from the sendmail people.

There's a thread in comp.mail.sendmail:

http://groups.google.com/groups?hl=en&lr=lang_en&ie=UTF-8&safe=off&threadm=3F8ACE4D.3080205%40ensmp.fr&rnum=1&prev=/groups%3Fq%3Dmilter%2Blocal%2B-unverified%2Bgroup:comp.mail.sendmail%26hl%3Den%26lr%3Dlang_en%26ie%3DUTF-8%26safe%3Doff%26scoring%3Dd%26selm%3D3F8ACE4D.3080205%2540ensmp.fr%26rnum%3D1

I posted a suggestion there.

A hackish workaround is as follows:

1) Make sure your aliases database and all your maps are world-readable.
(Yes, I know sendmail.org recommends against that.  But I assume you don't
allow shell accounts on your mail server.)

2) In filter_recipient, verify delivery using "sendmail -bv" and
grepping for "deliverable".  If you don't find it, return a REJECT
from filter_recipient.  MIMEDefang is smart enough *not* to add a recipient
to @Recipients if filter_recipient rejects it.

Yes, this is ugly.  Yes, it duplicates Sendmail processing.  But the big
advantage is that you don't need to modify any source code.

Something like this should work (though it's untested!):

sub filter_recipient {
	my($recipient, $rest_of_the_junk) = @_;
	# WARNING: Really should use open(CHILD, "-|") and exec for safety!!!
	open(SMCHECK, "sendmail -bv '$recipient'"); # Do error-checking!!!
	my $deliverable = 0;
	while(<SMCHECK>) {
		if (/deliverable:/) {
			$deliverable = 1;
			last;
		}
	}
	close(SMCHECK);
	return('REJECT', "User unknown", "550", "5.1.1") unless $deliverable;
	return('CONTINUE', "OK");
}

--
David.