[Mimedefang] filter_recipient

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Thu Jul 6 08:25:40 EDT 2006 

On Wed, 5 Jul 2006, Harry Otten wrote:

> I have a mail server which runs some primary domains and some secondary
> domains.

Well, it's the old question: What do you need the Backup MX for?

> When mail comes in for which he is the secondary mail server he should
> tempfail if and only if the primary server is still running.

"mail" might have recipients from both the primary and secondary domain.

> Nagios checks the primary server and puts the state in a database.
> I currently made the script using the filter_end with @recipients and
> accessing that database. Works nice, but I want to reject the messages
> before the data block to safe bandwidth.

You can tempfail each recipients for the secondary domain, BUT:
Search the list, dfs often advices against this technique because of wrong 
MTA implementations that try DATA even after all recipients has been 
failed, sendmail returns a permfail then.

When you use any stream_by_* function, you'll accept the whole mail, 
hence, cannot save no bandwidth.

> To do so I must use the filter_recipient routine.
> The filter_recipient is called after every RCPT TO.
>
> So I need to keep track of my state. Did I see a valid e-mail address? Than
> the mail may pass, whatever other recipients there may be. If no valid
> e-mail address appeared the e-mail should be rejected. But how do I know if
> I'm called for the last recipient?

You don't, MIMEDefang doesn't, Milter doesn't, sendmail doesn't, the 
sendmail does, but doesn't tell anybody.
Hence, you are stuck with the fact that:
a) you tempfail the recipients and live the few bad MTAs, or
b) accept all the mail and precess @Recipients in filter_begin.

> When all the recipients are done the sending mail server issues the DATA
> instruction. At this point I want to do filtering.

Huh, you seid to NOT want to filter, but tempfail ;-)

> Instead of end your email with a dot we might temp fail.

You cannot, once the DATA phase started, it MUST be finished with dot; it 
will be failed afterwards.

===

If you ask me, try variant a) above or drop the Backup MX function. MTAs 
will retry themselves.

BTW#2: From your description stream_by_domain() seems to fit better than 
*_recipient(). But won't matter at all, if you use one of the both 
variants above.

Bye,

-- 
Steffen Kaiser

More information about the MIMEDefang mailing list