[Mimedefang] Re: Validate users before scanning?

Tina Marie tina at tripacerdriver.com
Wed May 4 18:01:49 EDT 2005


<Matthew.van.Eerde at hbinc.com> wrote:
> First, it's somewhat silly to run md_check_against_smtp_server(...) against localhost.
> The way md_check_against_smtp_server works is it opens an SMTP conversation to that 
> server, followed by a RCPT TO command.  This is itself calling filter_recipient, 
> and you get an infinite loop.

Well, that explains it. :)

> So you're tempfailing due to some kind of recursive depth checker saving you.

How thoughtful of it.  I (and my users) would have been far less 
happy if I had been an idiot and crashed sendmail.

Obvious, I've turned it off for now.

> Second, what are you trying to do again? I must confess I don't entirely understand.

What I'm trying to do is avoid calling ClamAV/SA on emails that
will be rejected later, most notably this week's virus.  

Oddly, I'm not doing stream_by_recipient, so I'm not sure why
this is happening.  But I'm definitely getting called for
users who will later be rejected by the virtuser table.

My whole filter is still up, at:
http://www.tripacerdriver.com/mimedefang-filter

My logfiles have this (where the real domain is replaced with
mydomain.org):

May  2 16:05:32 tripacerdriver mimedefang.pl[5146]: MDLOG,j42L5V6p008516,
virus,Worm.Sober.P,209.198.171.148,<postmaster at kirbycorp.com>,
<3dsandy at mydomain.org>,Your email was blocked
May  2 16:05:32 tripacerdriver mimedefang.pl[5146]: MDLOG,j42L5V6p008516,
virus,Worm.Sober.P,209.198.171.148,<postmaster at kirbycorp.com>,
<sandy at mydomain.org>,Your email was blocked

So filter_begin is definately called twice, once for each recipient,
one valid and one invalid.  This pattern is repeated, with varying
numbers of recipients, all through my logs.  I believe there is 
always at least one valid recipient, but I don't really have tools
to say that for certain.

Tina Marie
-- 
http://www.tripacerdriver.com               "...One of the main causes 
of the fall of the Roman Empire was that, lacking zero, they had no way
to indicate successful termination of their C programs." (Robert Firth)  




More information about the MIMEDefang mailing list