[Mimedefang] interaction between sendmail 'access' check andMdF's milter checks

[Matthew.van.Eerde at hbinc.com]

Kelson wrote:
> Gary Funck wrote:
>> On our system we've enabled FEATURE(`delay_checks', `friend').
>> 
>> So, what I don't get, is why the IP address isn't getting bounced
>> with the access.db check.  Do milter checks override the access.db
>> mechanism? 
> 
> Delay_checks delays the relay check until after the sender/recipient
> check.  If you've got something in filter_recipient or filter_sender
> that accepts the mail, it won't make it as far as the relay check in
> access.db.  I'm not sure whether Sendmail will do its own relay checks
> first or the milter relay checks, so you might need to check
> filter_relay too.

I thought the sequence of events was:

1) Sendmail checks
2) milter 1 checks
3) milter 2 checks
...

If Sendmail results in a 4xx or 5xx, that is returned and the milters aren't used at all.
If milter 1 results in a 4xx or 5xx, that is returned and milter 2 isn't used at all.

I could be wrong.

I wonder if there might be a good argument for:
If sendmail results in a 5xx, return that
If sendmail results in a 4xx:
	try the first milter.  If that results in a 5xx, return that
	try the second milter.  If that results in a 5xx, return that
	otherwise, return the original sendmail 4xx
and similarly if sendmail returns a 2xx but milter 1 returns a 4xx.

-- 
Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"