[Mimedefang] Validate users before scanning?

[Jan Pieter Cornet]

On Wed, May 04, 2005 at 08:53:41AM -0500, Tina Marie wrote:
> Thanks to an auto-updating clamAV and mimeDefang, I didn't even
> notice the new Sober.P worm until I noticed my load up a bit
> (from all the scanning).
> 
> It looks to me like most of the ones I'm getting are addressed
> to addresses that sendmail is going to reject in the virtuser
> table.  It seems like a waste to scan these if I was going to
> reject them as NoSuchUser anyway.

This is a sendmail issue really. You likely aren't "rejecting
in the virtusertable", because virtusertable lookups are happening
before any Milter calls (and thus before any MIMEDefang calls).

Are you sure that your virtusertable contains a:
@example.com		error:5.1.1:550 No such user
catch-all entry for example.com and all of the other domains you
accept email for?

If you don't, then the virtusertable isn't rejecting anything, it's
just remapping addresses, and sendmail will try several other mechanisms
before rejecting (aliases, userdb lookups, passwd lookups).

If you do not have this entry, and plan on adding it: make VERY
sure you also add all local aliases and all local users, mapping to
themselves, to the virtusertable, otherwise these will get rejected too.

alias and passwd lookups are happening after Milter calls, and therefore
after MIMEDefang, so MIMEDefang doesn't know about any failures there.

(currently - if David is prepared to make MD jump three flaming hoops
while doing limbo dancing, then that might change - see my other post on
this subject.)

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet