[Mimedefang] Creating temp directory before other side says HELO/EHLO?

[Kelly Jones]

On 11/22/08, David F. Skoll <dfs at roaringpenguin.com> wrote:
> Kelly Jones wrote:
>
>> Mimedefang doesn't create a temporary directory until the other side
>> has said HELO/EHLO.
>
> That's true, because Sendmail doesn't allocate a queue identifier
> until then.
>
>> Is there a flag that changes that behavior?
>
> No, there is not.  Since MIMEDefang names its directory based
> on the Sendmail queue identifier, changing this would be hard.
>
>> I'd find it really useful to handle all incoming email uniformly
>> (especially for logging purposes), instead of making a special case
>> for those clients that connect and never say HELO/EHLO.
>
> Well... if a client connects and never says HELO, what do you propose
> to store in the temporary directory?

My thought is to keep a "running temp logfile" in the temp directory. EG:

 - Client connected from IP address [w.x.y.z]
 - Client said "HELO servername.com"
 - Client said "MAIL FROM: <foo at bar.com>"
 - ... etc ...

Then, once the client disconnects, log all information to a real
logfile (maybe even in a single line, contrary to sendmail's current
style).

Of course, if the client aborts early, we log what info we can. Example:

 - Client connected from IP address [w.x.y.z]
 - Cron job shows no other activity for this message, killing process

It may seem silly to log clients who don't even say HELO, but, between
our weird firewall rules, pf, and sendmail configuration options, it's
quite possible that a legitimate client gets cutoff by our systems
before saying HELO.

Of course, the majority of these connections will be bad (as in inept)
spammers, failed DDOS attacks, etc.

-- 
We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.