[Mimedefang] Validate users before scanning?

Thu May 19 07:20:30 EDT 2005

On Tue, May 17, 2005 at 09:23:54AM -0400, Joseph Brennan wrote:
> >1) lexical validation of the address (this actually happens inside
> >   parseaddr() in the parseaddr.c file).
> >2) call ruleset 3
> >3) call ruleset 0
> >4) resolve to (mailer, host, address) triple.
> >5) in case of the #$error mailer, PROCESS THE ERROR.
> >6) call check_rcpt
> >7) call any Milters (the xxfi_envrcpt callbacks).
> >8) check illegal mailer attempts (eg RCPT To:/etc/passwd)
> >   (this step and below are from recipient.c:recipient())
> >9) if the select mailer wants any of the following, do so:
> >    alias processing, userdb lookups, ruleset 5 (in that order, btw)
> >10) lookup the target in the passwd file if the selected mailer wants
> >that.
> 
> This list is an excellent clarification that should be in the sendmail
> documentation somewhere! 

Yes, I agree. It's in google now, though, isn't that the defacto
*-documentation nowadays? :)

> But there's more to this.  Check the smtp
> conversation:
> 
> mail from:<>
> 250 2.1.0 <>... Sender ok
> rcpt to:<brennan at columbia.edu>
> 250 2.1.5 <brennan at columbia.edu>... Recipient ok
> rcpt to:<notarealaddressatall at columbia.edu>
> 550 5.1.1 <notarealaddressatall at columbia.edu>... User unknown
> 
> Clearly it checks all the way to step 10 per recipient, in order to
> see that the first address is good and the second address is unknown.
> And it does not have the message body yet.  So the milter call in the
> list is the one that Mimedefang filters call filter_recipient.

Yup, that's the same call. It's called xxfi_envrcpt in the milter
documentation, mimedefang internally (in the C part) binds that to the
rcptto() call, which uses the MXRecipientOK() call to convert it to
a "recipok" mimedefang protocol message to mimedefang-multiplexor,
which mimedefang.pl translates to filter_recipient(), eventually.
In case your wanted the full story :)

> But after the DATA command, it calls the milter again, and we do
> most of the Mimedefang work at that time.
> 
> What I wish we knew at that point is how many recipients were tried and
> not just how many were valid.  But I think sendmail only stores the valid
> ones, as it has already taken care of the invalid ones with 550 response.
> Either in milter or sendmail, it would be useful to count bad addresses
> and take some action on that.

Hm, you can from within milter, but not in mimedefang, unfortunately.
Sendmail has two macros available: ${nbadrcpts} and ${nrcpts}, that
contain the values you are looking for. However, mimedefang currently
has no way to extract these macro's before calling filter_begin.

It'd be relatively trivial to add, though, provided you know some C.
David? I suppose a solution would be to add two command line switches to
mimedefang, which work like the current "-a" switch that adds macro's at
filter_sender time. These new switches would add macro's at
filter_recipient and at filter_begin time, respectively... Hm, just
to be complete a switch to add macro's at filter_relay time might
also be appropriate.

-- 
#!perl -wpl # mmfppfmpmmpp mmpffm <pmmppfmfpppppfmmmf at fpffmm4mmmpmfpmf.ppppmf>
$p=3-2*/[^\W\dmpf_]/i;s.[a-z]{$p}.vec($f=join('',$p-1?chr(sub{$_[0]*9+$_[1]*3+
$_[2]}->(map{/p|f/i+/f/i}split//,$&)+97):qw(m p f)[map{((ord$&)%32-1)/$_%3}(9,
3,1)]),5,1)='`'lt$&;$f.eig;                                # Jan-Pieter Cornet