[Mimedefang] md_check_against_smtp_server and md_graphdefang_log

James Curtis jameswcurtis at hotmail.com
Sun Mar 24 10:28:16 EDT 2013 

Am 23.03.2013 01:43, schrieb James Curtis:
>> # yea, I know that the DNSBL is more effecient in sendmail, but I want to know how many blocked for what user by blacklist.
>> if ($result = (relay_is_blacklisted($RelayAddr, "zen.spamhaus.org"))) {
>> md_graphdefang_log('spamhaus', $hits, $RelayAddr);
>> return action_bounce("reject: mail from ($RelayHostname || $RelayAddr) rejected due to http://www.spamhaus.org/zen");
>> # the reject works, but graphdefang log shows the Subject instead of Relay address

>That's strange. Please show an example log entry.
Sample log entry
<email from address listed on spamcop to an invalid user>
Mar 24 09:39:05 monitor mimedefang.pl[15805]: MDLOG,r2ODcuhx026963,spamcop,,217.29.152.157,<b281eb9a10bb86dd9 at bouncehere.com>,<luvme_mwah13 at mydomain.com>,Huge 79%25 discount for luvme_mwah13
<email from address listed on spamhaus to an invalid user>
Mar 24 09:44:06 monitor mimedefang.pl[15805]: MDLOG,r2ODhv3a027039,spamhaus,,31.16.181.217,<c20195935f81d7e31c6f at reass.co.uk>,<sandseatravel at mydomain.com>,Huge 83%25 discount for sandseatravel
<Invalid user with low spam score>
Mar 22 18:46:23 monitor mimedefang.pl[29141]: MDLOG,r2MMkKhj002512,mail_in,2.344,88.43.32.209,<thedixter at pathwaysunlimited.com>,<aliceyao at mydomain.com>,hope
<valid user with low spam score>
Mar 22 20:11:52 monitor mimedefang.pl[29141]: MDLOG,r2N0Bolt004255,mail_in,0.939,23.19.31.184,<langly.thompson at gointohere.com>,<user1 at mydomain.com>,Relieve Your Tax Debt Today
<Invalid user with low spam score>
Mar 22 18:46:23 monitor mimedefang.pl[29141]: MDLOG,r2MMkKhj002512,mail_in,2.344,88.43.32.209,<thedixter at pathwaysunlimited.com>,<aliceyao at mydomain.com>,hope
<invalid user with high spam score>
Mar 24 02:01:01 monitor mimedefang.pl[15805]: MDLOG,r2O610nv008049,spam,17.521,118.179.250.162,<ops_invoice at adp.com>,<ack_serpents at mydomain.com>,Huge 70%25 discount for ack_serpents

>> sub filter_recipient
>> {
>> my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;
>> md_check_against_smtp_server($sender, $recip, "<filter serverexternal DNS name>", "<internal private address>");
>> md_graphdefang_log('notuser', $recip, $sender);
>> # graphdefang log doesn't log entry as 'notuser', eventually logs it as spam, or mail_in depending on score because of code that >follows.
>> return action_discard();
>> }
>This cannot work. You call md_check_against_smtp_server but never
>check the result. md_graphdefang_log and action_discard are called
>unconditionally. If this code was what your MIMEdefang actually
>runs, all messages would be logged with 'notuser' and discarded.
>So there must be something else wrong.
>Perhaps your MIMEdefang is not using the filter script you think
>it does. Perhaps filter_recipient is redefined later. Perhaps it's
>a simple copy/paste error or your sanitizing.
I guess I need a mimedefang-filter and Perl for dummies book. Is there a place I can find such a document?
It seems to be working, but not when I would like.  I have gotten by with code snips from other configs, but adding functionality for features that aren't as documented as other features.  How do I know what outputs a command will produce when called so I can base an if rule against it?

I just now realized that the unknown user reports are because I had to enable the recipient filter on the internal server, so that explains why the bounces are going out.  But I really want it to check before sending so it doesn't accept, instead of bounce.

Bill

More information about the MIMEDefang mailing list