[Mimedefang] Check @Recipients before stream_by_recipient?

John Nemeth jnemeth at victoria.tc.ca
Fri Jul 22 15:59:27 EDT 2005

On Dec 12, 10:14am, Mark Tranchant wrote:
} The man page for mimedefang_filter says of stream_by_recipient():
} *********
} This  function  should  only  be called at the very
} beginning of filter_begin(), like this:
} sub filter_begin {
}     if (stream_by_recipient()) {
}        return;
}     }
}     # Rest of filter_begin
} }
} *********
} What's to stop me doing things before this stage? For example, if I have 

     Nothing.  In my filter, stream_by_recipient is one of the last
things done.

} a spamtrap address on a web page, and the Recipient array contains that 
} address, I would want to reject the message for all recipients:
} sub filter_begin {
}     if (spamtrap(@Recipients)) {
} 	action_bounce(...);
}     }
}     elsif (stream_by_recipient()) {
}        return;
}     }
}     # rest of filter_begin - anything that gets this far is
}     # one recipient at a time
} }
} Can I do that?


     My filter basically does:

- determine if message is incoming or outgoing
- if message wasn't resent:
  - if message is incoming, log number of recipients
  - if message has $SuspiciousCharsInHeaders, bounce
  - loop over recipients checking maxmsgsize
    - if message is larger then largest maxmsgsize, bounce
    - if message is larger then smallest maxmsgsize, set $splitout flag
  - check for virus and if found, bounce
  - if message is outgoing, md_graphdefang_log('mail_out')
- if message is incoming or $splitout is set, stream_by_recipient()
- delete_ip_validation_header()
- if message is larger then user_maxmsgsize(..., $Recipients[0]), bounce
- if message is incoming, md_graphdefang_log('mail_in')

Your filter_begin() might not be as elaborate as mine.  The maxmsgsize
stuff is because different users have different message sizes that they
are allowed to send or receive due to policy reasons.  The checks for
$SuspiciousCharsInHeaders and viruses is because if I'm going to
unconditionally bounce a message, I think it is better to do so prior
to streaming it.  I think this is very important in the case of viruses
for a couple of reasons.  First is that there is no point in wasting
resources (disk space and CPU) processing viruses multiple times.
Second is that after streaming, you can't generate an SMTP rejection,
you actually have to create and send a bounce notification.  Finally,
we don't spamcheck outgoing messages (we have very rarely had problems
here), so there is no point in streaming them since the only reason I
stream is to apply personal anti-spam preferences.

}-- End of excerpt from Mark Tranchant

More information about the MIMEDefang mailing list