[Mimedefang] My semi-cached version of md_check_against_smtp_server

Yizhar Hurwitz yizhar at mail.com
Fri Dec 8 14:05:37 EST 2006 

From: alan premselaar <alien at 12inch.com>
>  I have some comments that hopefully you'll find useful.
>   
Thank you for your time and attention.

> Firstly, I would probably check_against_smtp_server before checking the
> cache, because you don't have any housecleaning code to handle the case
> where an account was deleted within the 30 days of the last cache store.
>   
No, the whole point of this is to avoid the overhead of establishing an 
SMTP session for each recipient.

I don't need the housecleaning code, because I expire the cache after X 
days.
Maybe 30 days is a big high, so I might lower the timeout.

>  This could cause your system to potentially accept mail for an unknown
> user and thus have to generate an NDS and defeat the entire purpose of
> this feature.  
This is OK for me and "by design".
Because I will need to send NDR only to a very small bunch of messages 
that are:

sent to recipients that was valid not long ago, but is disabled now.
passed virus and spam checks.
So this leaves me with only few messages that are mostly legitimic and 
from real sender.

> Secondly, I'm assuming that you just haven't gotten around to writing
> the code to check the mailertable for the relay host. however, it
> doesn't appear that you have a contingency plan for if the host does not
> appear in the mailertable.
In all of my "mail relay" installations the destination host is 
configurred in mailertable.
I have some installation were the MD machine is also the mailbox server,
but for such sites I don't need to use md_check_against_smtp_server at all,
and therefor the main switch $CheckRecipientEnable will be set to zero 0.

>  (i.e. what if all or some of the forwarding
> is handled by the virtusertable? what if it's aliases?)
>
>   
In that case I catch it with this line:
if ($CheckRecipientEnable and ($rcpt_mailer ne 'local')) ...
and therefor skip the check (it will be checked against the local users 
of sendmail).

> you may want to consider an assignable override variable as well so that
> way an administrator could give it a fixed value should they choose and
> still keep the code fairly portable.
>   
What exactly do you mean?
I have this variable:
my $CheckRecipientEnable = 1;
It is actualy not in /etc/mail/mimedefang-filter, but in a separate 
config file that I use,
which is called /etc/mail/mdf-config.
This is where I store the site-specific configuration, such as spamdrop 
address,
high score spam handling, admin name and address, etc...

> also, there is no guarantee that even if the hostname is configured in
> the mailertable that it will be enclosed in square brackets [] ... as,
> the absense of the brackets just tells sendmail to actually do a DNS
> lookup on the hostname whereas the brackets tell it NOT to do the lookup.
>   
You are correct, and there is also no guarantee that the destination 
server is configurred to reject un-known recipients,
as by default MS Exchange servers will accept mail to bad recipient 
unless it is manually configured.
This is up to me when I install and configure a mail relay system,
to make sure that I configure both the destination server and the MD 
machine to do what I expect it to.
By default, the check is disabled
$CheckRecipientEnable = 0;
and also in /etc/sysconfig/mimedefang I enable the recipient 
filter_recipient only for sites that will actually use it.

Again, thank you for your comments.
Yizhar Hurwitz

More information about the MIMEDefang mailing list