[Mimedefang] My semi-cached version of md_check_against_smtp_server

Fri Dec 8 11:01:25 EST 2006

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yizhar Hurwitz wrote:
> HI.
>
>
> Here is my cached implementation of md_check_against_smtp_server.
>
> I publish it here for other to look at, and for tips on improving it.
>
>

[...snip...]

> sub filter_recipient
> {
> my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host,
> $rcpt_addr) = @_;
> if ($CheckRecipientEnable and ($rcpt_mailer ne 'local')) {
>  if ($vrc_ram{$recip}) {
>   return ('CONTINUE', 'OK');
>  }
>  else {
>   ### Check if $rcpt_host is in mailertable by looking for square
> brackets []:
>   if ($rcpt_host =~ /^\[(.*)\]$/) {
>    my ($stat,$msg,$code) = md_check_against_smtp_server($sender, $recip,
> $HostName, $1);
>    if ($stat eq 'CONTINUE') {
>     $vrc_ram{$recip} = 1;
>     tie (%vrc_disk, 'SDBM_File', $vrc_filename, O_RDWR, 0666) or die
> "Cannot tie $vrc_file for write, $!";
>     $vrc_disk{$recip} = time;
>     untie (%vrc_disk);
>    }
>    return ($stat, $msg, $code);
>   }
>  }
> }
> return ('CONTINUE', 'OK');
> }
>
>
> Comments are welcome.
>
>
> Yizhar Hurwitz.
>

Yizhar,

 I have some comments that hopefully you'll find useful.

This is kind of a cool idea in that if the primary server used to check
against isn't available you can still reject users that are unknown.
There are a couple problems with your current code that I can see.

Firstly, I would probably check_against_smtp_server before checking the
cache, because you don't have any housecleaning code to handle the case
where an account was deleted within the 30 days of the last cache store.
 This could cause your system to potentially accept mail for an unknown
user and thus have to generate an NDS and defeat the entire purpose of
this feature.  What I propose is:

1. check against the smtp server. if you get a tempfail, check your
cache, otherwise use the pass/fail results from
md_check_against_smtp_server()

2. if md_check_against_smtp_server() fails (i.e. the account does not
exist), remove the account from your cache for house cleaning.  that way
if the primary server is unreachable, you won't accept mail for an
ultimately undeliverable user because it was left in your cache.

Secondly, I'm assuming that you just haven't gotten around to writing
the code to check the mailertable for the relay host. however, it
doesn't appear that you have a contingency plan for if the host does not
appear in the mailertable. (i.e. what if all or some of the forwarding
is handled by the virtusertable? what if it's aliases?)

you may want to consider an assignable override variable as well so that
way an administrator could give it a fixed value should they choose and
still keep the code fairly portable.

also, there is no guarantee that even if the hostname is configured in
the mailertable that it will be enclosed in square brackets [] ... as,
the absense of the brackets just tells sendmail to actually do a DNS
lookup on the hostname whereas the brackets tell it NOT to do the lookup.

Alan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFeYxVE2gsBSKjZHQRAsW+AKCgCrUIx5dcxw6PUNWlrlzFTnNYdQCfU5uF
ThZFvguaz5OCswTZ/L4f0ok=
=tix5
-----END PGP SIGNATURE-----