[Mimedefang] Order of processing for sendmail/MD

Kris Deugau kdeugau at webhart.net
Mon Sep 29 18:51:02 EDT 2003 

I think I asked this in the sendmail newsgroup at one point, and nobody
replied with much of anything useful.

I'm looking for a detailed "order-of-processing" list that indicates how
the access db, milter relay/sender/recipient checks, virtusertable, and
mailertable interact to determine whether sendmail will accept a message
(and some of what further processing to do once accepted):
a) into the system for local recipients
b) into the system for further processing and potential relay to an
outside system (as a backup MX, for instance)
c) into the system for delivery via something other than the "local"
delivery agent
d) through the system as an outbound relay for dialup/DSL customers

I'm working on a replacement system for the current domain hosting box
which has a number of problems- prime among them the fact that it
doesn't determine valid local recipients until the SMTP session is
finished and sendmail invokes the delivery agent.  :(

For a variety of reasons, this system must:

1) Accept inbound mail for hosted domains, and recognize invalid
recipients at SMTP conversation time.  The recognition I have worked out
via MIMEDefang (along with tools to maintain that information).

2) Accept inbound mail for web-shoted domains whose owners host their
own mail  (backup MX services).  Unfortunately I have no way of
determining valid recipients on this mail.  :/

3) Accept outbound mail from dialup/DSL, and scan it for viruses, but
NOT run the SA spamscan *UNLESS* that mail is destined for a "local"
hosted domain.

4) Accept inbound mail for the local system, and "real" local accounts
(ie, those few administrative accounts which have legitimate reason to
potentially receive email from outside).

5) Accept outbound mail from the webmail system on localhost, which for
legacy reasons has inbound mail and POP3 hosted on another machine.

I've got *almost* all of the pieces together, but every time I think
I've got it, something I've set up interferes at a time I don't expect
it to.

-> Is there any way to force some or all entries in access.db to be
absolutely authoritative?  ie, if access.db says REJECT, do so *WITHOUT*
passing the message on to any milters.

-> Is there any way to make sure that MD as a milter *DOES* full
processing on mail destined for "local" hosted domains, while still
bypassing everything other than the AV scans on
outbound-to-other-servers dialup/DSL mail?

Processing power isn't (yet) an issue on this box;  the current system
has been handling >~100M (~2500 messages) per week.  However,
message-passing systems that rely on disk IO are not preferred- this
*may* become a template/example for a much larger system.

-kgd
-- 
<erno> hm. I've lost a machine.. literally _lost_. it responds to
ping, it works completely, I just can't figure out where in my
apartment it is.

More information about the MIMEDefang mailing list