[Mimedefang] Validate users before scanning?
Joseph Brennan
brennan at columbia.edu
Tue May 17 09:23:54 EDT 2005
-- Jan Pieter Cornet <johnpc at xs4all.nl> wrote:
> I just checked the sendmail 8.13.3 source to really confirm what I
> know about recipient processing in sendmail. This is what actually
> happens after RCPT To: (see sendmail/srvrsmtp.c, search for
> "case CMDRCPT:" if you want to read along. I'll skip anything not
> related to verifying the recipient).
>
> 1) lexical validation of the address (this actually happens inside
> parseaddr() in the parseaddr.c file).
> 2) call ruleset 3
> 3) call ruleset 0
> 4) resolve to (mailer, host, address) triple.
> 5) in case of the #$error mailer, PROCESS THE ERROR.
> 6) call check_rcpt
> 7) call any Milters (the xxfi_envrcpt callbacks).
> 8) check illegal mailer attempts (eg RCPT To:/etc/passwd)
> (this step and below are from recipient.c:recipient())
> 9) if the select mailer wants any of the following, do so:
> alias processing, userdb lookups, ruleset 5 (in that order, btw)
> 10) lookup the target in the passwd file if the selected mailer wants
> that.
This list is an excellent clarification that should be in the sendmail
documentation somewhere! But there's more to this. Check the smtp
conversation:
mail from:<>
250 2.1.0 <>... Sender ok
rcpt to:<brennan at columbia.edu>
250 2.1.5 <brennan at columbia.edu>... Recipient ok
rcpt to:<notarealaddressatall at columbia.edu>
550 5.1.1 <notarealaddressatall at columbia.edu>... User unknown
Clearly it checks all the way to step 10 per recipient, in order to
see that the first address is good and the second address is unknown.
And it does not have the message body yet. So the milter call in the
list is the one that Mimedefang filters call filter_recipient.
But after the DATA command, it calls the milter again, and we do
most of the Mimedefang work at that time.
What I wish we knew at that point is how many recipients were tried and
not just how many were valid. But I think sendmail only stores the valid
ones, as it has already taken care of the invalid ones with 550 response.
Either in milter or sendmail, it would be useful to count bad addresses
and take some action on that.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
More information about the MIMEDefang
mailing list