[Mimedefang] Adding headers during filter_sender() and 2.68 Beta 1 issue.

- kd6lvw at yahoo.com
Sun May 24 18:45:27 EDT 2009 

1) Please permit filter_sender() to add a header - for SPF check results.  Why?

Because filter_sender() is the appropriate place to generate an "Authentication-Results" header (or the now depreciated "Received-SPF" header) to place the results of the check into the message.  There is no way to carry this information from filter_sender() into filter_begin() (or later) as there's no guarentee that the message will even be assigned to the same worker thread for its subsequent processing (and even if there were, there's no guarentee that the worker didn't process filter_sender() for some other message in the meantime).  Allowing the "RESULTS" file to be created earlier is the only choice.

Of course, the header only gets added if the message is accepted as messages rejected by filter_sender() never transfer a body and therefore, there's nothing to add to.  For SPF, this means that "pass", "neutral", and "none" will be recorded, while other results that cause a message rejection won't ever show up (e.g. if SPF "fail" causes a rejection at "MAIL FROM").

I hacked "insert_header", but perhaps "add_header" should have the same changes.  I enabled the ability to add a header for "filter_sender()" only, but "filter_recipient()" might be appropriate too.  Note that all openings of file "RESULTS" are "write-append" in nature only.  If you choose, it may be appropriate to test "in_message_context()" OR in a filter that allows headers.  "filter_relay()" and "filter_helo()" should NOT allow this - as there's no message until "MAIL FROM:" is executed (and therefore no temporary directory with which to put the results).  I am quite aware that header creation is deferred at the milter level to the xxfi_eom() stage.  I can live with that.

Only action_add_header() and action_insert_header() should be allowed.  For documentation purposes, it should be noted that the actual addition of the headers is deferred and thus they won't appear in the message to be scanned.  I saw no merit in allowing at this stage any of the other routines that add to a message.

Note that for my hack, I skipped error checking.  For deployment, you might not want to.  The diff below indicates where the changes need to be done.  It was "quick and dirty" - not meant for production.

Testing for a valid (non-empty) $Sender string may be sufficient:

  return if (!$Sender && !in_message_context("action_insert_header"));  ???

Otherwise, set a variable while checking the sender and recipients.

Apparently, several posts to the mailing list over the past five years have complained or referenced the hinderance now in effect, yet none have proposed an actual change to eliminate it, until now:

!diff -u /usr/src/mimedefang-2.67/mimedefang.pl /usr/bin/mimedefang.pl
--- /usr/src/mimedefang-2.67/mimedefang.pl      2009-04-30 02:02:19.000000000 +0000
+++ /usr/bin/mimedefang.pl      2009-05-23 01:59:39.000000000 +0000
@@ -906,7 +906,7 @@
 sub action_insert_header ($$;$) {
     my($header, $value, $pos) = @_;
     $pos = 0 unless defined($pos);
-    return if (!in_message_context("action_insert_header"));
+#   return if (!in_message_context("action_insert_header"));
     write_result_line3("N", $header, $pos, $value);
 }
 
@@ -5597,8 +5597,10 @@
            @ESMTPArgs = map { percent_decode($_) } split(' ', $_);
 
            chdir($CWD);
+           open(RESULTS, ">>RESULTS");
            sender_ok($sender, $ip, $name, $helo);
            chdir($Features{'Path:SPOOLDIR'});
+           close(RESULTS);
            next;
        }
        if ($_ =~ /^recipok (\S*)\s+(\S*)\s+(\S*)\s+(\S*)\s+(\S*)\s+(\S*)\s+(\S*)\s+(\S*)\s+(\S+)\s+(\S+)\s+(\S+)/) {
@@ -5799,7 +5801,7 @@
     }
 
     # Prepare the RESULTS file descriptor
-    if (!open(RESULTS, ">RESULTS")) {
+    if (!open(RESULTS, ">>RESULTS")) {
        fatal("$MsgID: Could not open RESULTS file: $!");
        return -1;
     }

----------------------------------------------
2) Also noted this items when making MD 2.68 Beta 1:

In file included from embperl.c:16:
/usr/local/lib/perl5/5.10.0/i686-linux/CORE/perl.h:3969: warning: function declaration isn't a prototype
embperl.c:21: warning: function declaration isn't a prototype
embperl.c: In function `make_embedded_interpreter':
embperl.c:81: warning: passing arg 2 of `Perl_sys_init3' from incompatible pointer type

More information about the MIMEDefang mailing list