[Mimedefang] Weird issue

George Roberts groberts at purity.net
Wed Jun 23 09:55:27 EDT 2010 

OK, I'm having a weird issue and I just can't seem to figure it out for the life of me.

In filter_begin, I read the HEADERS file:

# In the HEADERS file, any multiline headers have been rewritten to
# be one line.  Received: is a typical example.  So here we do not          
# need to worry about continuation lines.
#
# Where there are multiple headers with the same name, what we do
# here will overwrite and end up with the data for the last one.
# If we want to collect them all we make a list like @Received.       

my $username, $domain;

%Headers = ();

if (open(IN,"<./HEADERS")) {
        while(<IN>) {
            chomp;
            if (/.* for <(.*)@(.*)>/g) {
                $username = $1;
                $domain = $2;               
            }
            if (/^(\S+): (.*)/) {
                my $label = $1;
                my $data  = $2;
                $label = lc($label);
                $Header{$label} = $data;
                if ($label eq 'received') {
                    push(@Received,$data);
                }
            }                         
        }
}
close(IN);

$Header is global hash.

In filter_end, I do this:

if ($Header{'x-purity-verdict'} =~ /spam/) {
        md_syslog('warning', 'Redirecting to quarantine - Engine verdict: ' . $Header{'x-purity-verdict'});

        foreach my $rec (@Recipients) {
                delete_recipient($rec);
        }
        add_recipient("quarantine\@cleveland.ijnet.net");
}

That code is checking to see if another milter, our antivirus engine, has added a header called X-Purity-Verdict to the message and if its value is "spam".  It then removes the recipients and redirects the message to our quarantine address.

That all works fine when the header is there and says "spam" ... sometimes, though, when a message DOESN'T have the header, the code deletes all the recipients and redirects to quarantine anyway, without ever puttin in the syslog entry:

Jun 23 04:27:10 death purity[662]: MDLOG,o5N9R9GR005379,mail_in,,,<emailreceipts at authorize.net>,<groberts at interjuncture.com>,Merchant Email Receipt 
Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter delete: rcpt <groberts at interjuncture.com>
Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter add: rcpt: quarantine at cleveland.ijnet.net
Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter accept: message

I'm just confused how it could even get to that code without putting in the log line and what I need to do to fix this.  Our engine is properly diagnosing when something is spam, but our mimedefang filter is sending it to quarantine anyway even when it's not. :)   Any thoughts?

George

More information about the MIMEDefang mailing list