[Mimedefang] replace_entire_message function
John Rudd
john at rudd.cc
Fri Sep 23 20:13:26 EDT 2005
Does anything need to happen after "replace_entire_message()", in
filter_end, in order to make the message get delivered?
I'm doing this in my filter_end (on my test servers):
# set up $warning variable
$newentity = MIME::Entity->build(From => "postmaster\@ucsc.edu",
To => $Sender,
Subject => "Rejected Virus:
$Subject",
Data => $warning);
add_recipient($Sender); # docs say it does not add to @Recipients
foreach $recipient (@Recipients) { # so, $Sender wont get removed
here
delete_recipient($recipient);
}
replace_entire_message($newentity);
Before you ask why I'm doing this, it's for non-forged sender viruses,
this only happens if $VirusName ne "", if it came from one of my own
internal machines, AND if the message wasn't already rejected (which
happens in filter_begin IF the message was not from my internal
network) or discarded (if it was a forged sender virus from my internal
network). The non-forged viruses I currently recognize are Eicar and
/^[WXO]\d+M/ (word, excel, office macro viruses). In the case of those
non-forged sender viruses, I want the sender to be informed (and
mimedefang wont let me do that in a straight forward manner).
What happens is:
Sep 23 15:31:50 cats-test-po.ucsc.edu sendmail[5797]: [ID 801593
mail.info] j8NMV16q005797: from=jrudd at ucsc.edu, size=743, class=0,
nrcpts=1, msgid=<239d462b08a55ce29784953f729f2a8c at rudd.cc>, proto=SMTP,
daemon=MTA, relay=rhodium.ucsc.edu [128.114.125.19]
Sep 23 15:31:50 cats-test-po.ucsc.edu clamd[529]: [ID 744166 mail.info]
/var/spool/MIMEDefang/mdefang-j8NMV16q005797/Work/msg-5793-2.com:
Eicar-Test-Signature FOUND
Sep 23 15:31:50 cats-test-po.ucsc.edu mimedefang.pl[5793]: [ID 702911
mail.warning] Clamd found Eicar-Test-Signature
Sep 23 15:31:50 cats-test-po.ucsc.edu mimedefang.pl[5793]: [ID 702911
mail.info]
MDLOG,j8NMV16q005797,virus,Eicar-Test-
Signature,128.114.125.19,jrudd at ucsc.edu,jrudd at cats-test-
po.ucsc.edu,Testing eicar
Sep 23 15:31:50 cats-test-po.ucsc.edu mimedefang.pl[5793]: [ID 702911
mail.warning] Replacing message body due to virus Eicar-Test-Signature
Sep 23 15:31:50 cats-test-po.ucsc.edu mimedefang.pl[5793]: [ID 702911
mail.info]
MDLOG,j8NMV16q005797,mail_in,,,jrudd at ucsc.edu,jrudd at cats-test-
po.ucsc.edu,Testing eicar
Sep 23 15:31:50 cats-test-po.ucsc.edu sendmail[5797]: [ID 801593
mail.info] j8NMV16q005797: Milter add: rcpt: jrudd at ucsc.edu
Sep 23 15:31:50 cats-test-po.ucsc.edu sendmail[5797]: [ID 801593
mail.info] j8NMV16q005797: Milter delete: rcpt
jrudd at cats-test-po.ucsc.edu
Sep 23 15:31:50 cats-test-po.ucsc.edu sendmail[5797]: [ID 801593
mail.info] j8NMV16q005797: Milter change: header Content-Type: from
multipart/mixed;\n boundary=Apple-Mail-1--227639363 to
text/plain
Sep 23 15:31:50 cats-test-po.ucsc.edu sendmail[5797]: [ID 801593
mail.info] j8NMV16q005797: Milter change: header MIME-Version: from 1.0
(Apple Message framework v622) to 1.0
Sep 23 15:31:50 cats-test-po.ucsc.edu sendmail[5797]: [ID 801593
mail.info] j8NMV16q005797: Milter message: body replaced
Sep 23 15:31:50 cats-test-po.ucsc.edu sendmail[5797]: [ID 801593
mail.info] j8NMV16q005797: Milter add: header: X-Scanned-By: MIMEDefang
2.52 on 128.114.125.8
And then nothing else regarding that message. It just disappears.
It's not stuck in the queue, it's not being delivered back to the
sender, nothing.
What did I miss?
More information about the MIMEDefang
mailing list