[Mimedefang] E-mail REJECT problem

Myth Guy mythhtpc at gmail.com
Wed Jul 23 04:37:40 EDT 2008 

Since yesterday we are bombarded with a e-mails containing a virus
from postcards at hallmark.com .  The e-mails are rejected by our server
through filter_recipient.  The problem however is that even though the
e-mails are rejected it still manages to pass through the relay server
to our main e-mail server.

Logs on the server running mimedefang:

Jul 23 09:38:19 relay mimedefang.pl[3858]: filter_recipient rejected
recipient <pabramse at xxx.com>
Jul 23 09:38:19 relay sendmail[7747]: m6N7cA8O007747: Milter:
to=<pabramse at xxx.com>, reject=554 5.7.1 Connection Refused: Relay
Server (193.219.229.11) blacklisted
Jul 23 09:38:21 relay sendmail[7747]: m6N7cA8O007747: lost input
channel from 11.microlink.zm [193.219.229.11] (may be forged) to MTA
after rcpt
Jul 23 09:38:21 relay sendmail[7747]: m6N7cA8O007747:
from=<postcards at hallmark.com>, size=0, class=0, nrcpts=1, proto=ESMTP,
daemon=MTA, relay=11.microlink.zm [193.219.229.11] (may be forged)

Logs on the main server:

Jul 23 09:38:46 bfnmail1 sendmail[5753]: m6N7ckc9005753:
pabramse at xxx.com... User unknown
Jul 23 09:38:46 bfnmail1 sendmail[5753]: m6N7ckc9005753:
from=postcards at hallmark.com, size=0, class=0, nrcpts=0, proto=ESMTP,
daemon=MTA, relay=localhost.localdomain [127.0.0.1]

(In this example the recipient is not valid, but the rejected e-mail
reached the main server)

The e-mails are rejected by code simular to:
sub filter_recipient
{
  my($recipient, $sender, $ip, $hostname, $first, $helo, $rcpt_mailer,
$rcpt_host, $rcpt_addr) = @_;
.
.
.
  if ($sender =~ /hallmark\.com$/) {
                 return ('REJECT', "Connection Refused: Relay Server
($ip) blacklisted");
            }
            return ('CONTINUE', "ok");
       }
.
.
.

This e-mail seems to ignore the REJECT command and continues to send
the e-mail.  Is there a way to terminate the connection? Other e-mails
are successfully rejected by this method.   I don't want to DISCARD
the message.

P.S. I know I could reject during filter_relay but I like to reject
during filter_recipient for logging purposes.

More information about the MIMEDefang mailing list