[Mimedefang] Validate users before scanning?

John Nemeth jnemeth at victoria.tc.ca
Wed May 4 23:22:40 EDT 2005


On Sep 24,  7:35am, "David F. Skoll" wrote:
} Kelson wrote:
} 
} > Shouldn't this be happening anyway?  You do your virus scanning in
} > filter_begin or filter_end, right?  Those get triggered in the DATA
} > phase.  The virtusertable lookups should be done for each RCPT TO.  If
} > there are no valid recipients, will sendmail even accept anything for DATA?
} 
} > Or am I just completely confused here as to the process?
} 
} Here's the problem:  Consider this SMTP session:
} 
} C: MAIL FROM:<foosender at domain.com>
} S: 250 Sender ok
} C: RCPT TO:<validuser at domain.net>
} S: 250 Recipient ok
} C: RCPT TO:<nosuchuser at domain.net>
} S: 550 User unknown
} C: DATA
} S: 354 Enter mail...
} C: <sends mail>
} S: 200 Mail accepted
} 
} Although nosuchuser at domain.net doesn't exist, the milter is still passed
} it, and it is NOT told by Sendmail that delivery will fail.  Normally,
} this isn't a big deal, but if you're streaming by recipient, it is
} a big deal.
} 
} The only workaround is to (also) validate recipients in filter_recipient,
} because if *that* function rejects a recipient, then MIMEDefang is smart
} enough not to add it to @Recipients by the time filter_begin is invoked.
} 
} I believe there were patches to Sendmail floating around that skipped
} the milter callback if the RCPT command would fail for other reasons,
} but those patches were never accepted by the Sendmail developers.
} (The rationale is that your milter might indeed want to know about
} all RCPT TO commands, even ones that fail.)

     I created a patch.  I realise that this thread is pretty much dead
now, but here it is anyways:

*** srvrsmtp.c.orig	Thu Nov 18 13:46:01 2004
--- srvrsmtp.c	Mon Jan  3 20:13:58 2005
***************
*** 2603,2608 ****
--- 2603,2613 ----
  			if (bitset(EF_DISCARD, e->e_flags))
  				a->q_state = QS_VERIFIED;
  
+ 			/* save in recipient list after ESMTP mods */
+ 			a = recipient(a, &e->e_sendqueue, 0, e);
+ 			if (Errors > 0)
+ 				goto rcpt_done;
+ 
  #if MILTER
  			if (smtp.sm_milterlist && smtp.sm_milterize &&
  			    !bitset(EF_DISCARD, e->e_flags))
***************
*** 2625,2635 ****
  				macid("{dsn_notify}"), NULL);
  			if (Errors > 0)
  				goto rcpt_done;
- 
- 			/* save in recipient list after ESMTP mods */
- 			a = recipient(a, &e->e_sendqueue, 0, e);
- 			if (Errors > 0)
- 				goto rcpt_done;
  
  			/* no errors during parsing, but might be a duplicate */
  			e->e_to = a->q_paddr;
--- 2630,2635 ----

This patch is against sendmail-8.13.4/sendmail/srvrsmtp.c.  It should
apply to other versions with minor fuzz.  All it does is move the
checks for "other things" above the milter call.  The usual disclaimers
apply, if it breaks your server, you get to keep both parts, etc.
Having said that, I use it on my production mail server that handles
about 15,000 messages per day.  Changing it to just flag the recipient
with the error mailer is on the list of things to do someday.

}-- End of excerpt from "David F. Skoll"



More information about the MIMEDefang mailing list