[Mimedefang] invoking mimedefang milter multiple times?

[James Ralston]

(I apologize if this topic has already been discussed, but my search
for previous conversations came up empty.)

We are in a situation where it would actually be very convenient to
have sendmail invoke the mimedefang milter multiple times.

Specifically, we are contemplating something like this in sendmail.mc:

INPUT_MAIL_FILTER(`mimedefang-pre', `S=unix:/var/spool/mdspool/mimedefang.sock, F=T, T=R:5m')dnl
INPUT_MAIL_FILTER(`dkim-filter', `S=local:/var/run/dkim-milter/dkim-milter.sock, F=T, T=S:1m;R:1m')
...
INPUT_MAIL_FILTER(`mimedefang-post', `S=unix:/var/spool/mdspool/mimedefang.sock, F=T, T=R:5m')dnl

The "mimedefang-pre" instance of mimedefang is essentially the
anti-spam step.  It will eliminate the vast majority of incoming
messages in the "RCPT TO" or "DATA" stages.  It will also remove
any forged headers that we care about.

The "dkim-filter" milter instance (and potentially other milters we
might wish to use) then fire on the messages that aren't rejected at
the mimedefang-pre phase.

Finally, after all other milters have been invoked, we invoke the
"mimedefang-post" milter, which makes rejection/routing decisions
based on the headers that the other milters add (or remove).

Unfortunately, mimedefang does not currently support this.  The
immediate problem is that mimedefang creates a temporary working
directory based solely on the message ID, and since sendmail
interleaves milter hooks up until the DATA phase, the mimedefang-post
milter attempts to create the same temporary working directory that
mimedefang-pre already created, it bombs.

The way we're handling this right now is to create a "postdefang"
package that just symlinks to the mimedefang package (e.g.,
/usr/bin/postdefang is a symlink to /usr/bin/mimedefang), with
separate /etc/sysconfig/postdefang and /etc/rc.d/init.d/postdefang
files that set all the necessary variables.

But using the symlink approach requires us to run two mimedefang
multiplexors, with each multiplexor having its own pool of slaves.
That seems needlessly resource-intensive.

>From looking at the mimedefang code, I *think* it should be possible
to modify mimedefang to make it be able to be invoked as a sendmail
milter multiple times.  Furthermore, mimedefang should be able to
indicate to the mimedefang-filter(5) functions *which* milter instance
of mimedefang is invoking the functions.  (E.g., a new global variable
called $MDMilterInstance, which would be set to 0 when the
mimedefang-pre milter runs, and set to 1 when mimedefang-post
functions run.)

Does this make sense to others?

Is there an easier way to configure a "multipass" mimedefang setup?