[Mimedefang] Question about filtering relays and recipients

Jan Pieter Cornet johnpc at xs4all.nl
Fri Jun 17 16:28:21 EDT 2005 

On Fri, Jun 17, 2005 at 03:15:26PM -0400, Dirk the Daring wrote:
>    I've been reading more in the mimedefang-filter man page, and I'm
> unclear regarding some aspects of the section titled RBL LOOKUP
> FUNCTIONS. I'm just not very good at Perl, I'm afraid - I'm an old C
> hack, so program flow is not an issue, but the syntactical differences
> keep tripping me up.
> 
>    Anyway, the man page is unclear on WHERE (in mimedefang-filter) the
> relay_is_blacklisted_* functions should be placed. I would think that
> filter_relay would be the place, but I'm not sure. Could someone clarify
> that?

You can use it anywhere, but the most logical places would be:

. in filter_begin, if you do not want to enable MX_RELAY_CHECK or
  MX_RECIPIENT_CHECK, and you don't mind only blocking after DATA.
. in filter_relay, if you always unconditionally want to block
  blacklisted connections
. in filter_recipient, if you want to block only certain recipients
  (for example to exclude abuse@ and/or postmaster@). (The latter is
  what we do, we actually look up the recipient and a list of RBLs
  to query in a database).

>    I'm also looking for some example code using
> relay_is_blacklisted_multi_count, including how to construct the array
> of RBLs to pass to that function and how to properly evaluate the return
> value (for example, to REJECT with X or more "hits" but not trip over
> SERVFAIL or NXDOMAIN).

Sorry, no experience with this function (it was added after we rolled
our own based on Net::RBLClient).
 
>    Additionally, I'd love to use the md_check_against_smtp_server
> function, but I'm not sure I can. In my environment, where I host a
> number of Domains, the MIMEDefang server could relay to any one of 4
> other servers. That is, "bob at domain1.tld" might have his mailbox of
> "server1.domain1.tld" while "jane at domain1.tld" has her mailbox of
> "server2.domain1.tld" and "john at domain2.tld" has a mailbox on
> "server1.domain1.tld". Sendmail deals with this thru the use of
> mailertable and virtusertable.
> 
>    Do I need to employ stream_by_recipient ? Or should I use the
> SOCKETMAP functionality (I do have sendmail v8.13.4) to have MIMEDefang
> query virtusertable and mailertable? For that matter, as MIMEDefang

You don't need SOCKETMAP (that's for communicating with mimedefang
from custom sendmail rulesets). You can just read the virtusertable
and mailertable by "tie"ing them from within perl... but you probably
do not need that, in this case.

And I would recommend against stream_by_recipient, because it can so
easily turn your action_bounce()s into real bounces again. Besides,
you'd most often put md_check_against_smtp_server into filter_recipient
anyway, which is handed one recipient at a time.

> looks at these E-Mail addresses, is it seeing them *before* or *after*
> sendmail has run thru aliases, virtusertable, and mailertable? Does

Both :) You get both the unaltered string that was given after
"RCPT TO:", including (optional) enclosing <>, CaPiTaLisATIoN
weirdness, user+localpart hacks, silly subdomains in case you
are unfortunate enough to use *-MX records, etc. But, you also
get the (user, host, mailer) triple that sendmail's rule 0 (parse)
resolved the address to. So in your case, with virtusertable
and mailertable, that's likely to be something like:
("user at domain1.tld","server1.domain1.tld","esmtp")

>    Also, does the SMTP server against which the "check" will be done
> need to support VRFY? If not, are there any of the usual anti-SPAM
> settings in sendmail (e.g. needhelo) that should be avoided so that
> MIMEDefang can place its query?

MIMEDefang is quite social, it will say HELO, MAIL From and RCPT To
just like it was a real incoming email, and then bluntly close the
connection. That last bit isn't too social, but to my knowledge there
are no MTAs out there that react badly to that.

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet

More information about the MIMEDefang mailing list