[Mimedefang] Validate users before scanning?
David F. Skoll
dfs at roaringpenguin.com
Wed May 4 13:00:02 EDT 2005
Kelson wrote:
> Shouldn't this be happening anyway? You do your virus scanning in
> filter_begin or filter_end, right? Those get triggered in the DATA
> phase. The virtusertable lookups should be done for each RCPT TO. If
> there are no valid recipients, will sendmail even accept anything for DATA?
> Or am I just completely confused here as to the process?
Here's the problem: Consider this SMTP session:
C: MAIL FROM:<foosender at domain.com>
S: 250 Sender ok
C: RCPT TO:<validuser at domain.net>
S: 250 Recipient ok
C: RCPT TO:<nosuchuser at domain.net>
S: 550 User unknown
C: DATA
S: 354 Enter mail...
C: <sends mail>
S: 200 Mail accepted
Although nosuchuser at domain.net doesn't exist, the milter is still passed
it, and it is NOT told by Sendmail that delivery will fail. Normally,
this isn't a big deal, but if you're streaming by recipient, it is
a big deal.
The only workaround is to (also) validate recipients in filter_recipient,
because if *that* function rejects a recipient, then MIMEDefang is smart
enough not to add it to @Recipients by the time filter_begin is invoked.
I believe there were patches to Sendmail floating around that skipped
the milter callback if the RCPT command would fail for other reasons,
but those patches were never accepted by the Sendmail developers.
(The rationale is that your milter might indeed want to know about
all RCPT TO commands, even ones that fail.)
Regards,
Davd.
More information about the MIMEDefang
mailing list