[Mimedefang] md_check_against_smtp_server and md_graphdefang_log

Tilman Schmidt t.schmidt at phoenixsoftware.de
Mon Mar 25 08:05:16 EDT 2013 

Am 24.03.2013 15:28, schrieb James Curtis:

>>> md_graphdefang_log('spamhaus', $hits, $RelayAddr);
[...]
>>> # the reject works, but graphdefang log shows the Subject instead of Relay address
[...]
> Mar 24 09:44:06 monitor mimedefang.pl[15805]: MDLOG,r2ODhv3a027039,spamhaus,,31.16.181.217,<c20195935f81d7e31c6f at reass.co.uk>,<sandseatravel at mydomain.com>,Huge 83%25 discount for sandseatravel

You are reading this wrong. Quoting the manpage for mimedefang-filter:

  md_graphdefang_log($event, $v1, $v2)
    Logs an event with up to two optional additional parameters.
    The log message has a specific format useful for graphing
    tools; the message looks like this:
    MDLOG,msgid,event,v1,v2,sender,recipient,subj

So your log entry contains:

- the fixed string MDLOG,
  -- just as promised by the manpage

- msgid = r2ODhv3a027039,
  -- a plausible message ID

- event = spamhaus,
  -- as you specified

- v1 = empty,
  -- unsurprisingly, as you passed $hits which is never set in your filter

- v2 = 31.16.181.217,
  -- a plausible relay IP address

- sender = <c20195935f81d7e31c6f at reass.co.uk>,
- recipient = <sandseatravel at mydomain.com>,
- subj = Huge 83%25 discount for sandseatravel
  -- all quite plausible

To me that looks like everything's working fine.

> I guess I need a mimedefang-filter and Perl for dummies book.
> Is there a place I can find such a document?

I seem to remember a book "Perl for Dummies" actually exists.
The best approximation to "mimedefang-filter for Dummies" is
probably this mailinglist. :-)

> How do I know what outputs a command will produce when called so I can base an if rule against it?

The mimedefang-filter manpage would be the canonical source for that.

> I just now realized that the unknown user reports are because I had to enable the recipient filter on the internal server, so that explains why the bounces are going out.

Yes, that makes more sense.

> But I really want it to check before sending so it doesn't accept, instead of bounce.

Sure, that's the way it can and should be done. Bounces are to
be avoided whenever possible.

I'm doing something similar on a mail server serving several
domains, some local and some relayed. My filter_recipient just
contains, for each relayed domain:

    if ($recipient =~ /[@.]relayeddoma\.in>?$/i) {
        return md_check_against_smtp_server($sender, $recipient, $helo,
                                                'mail.relayeddoma.in');
    }

ie. it just passes on the result of md_check_against_smtp_server
without even looking at it. This works for me because (a)
md_check_against_smtp_server's return value is designed to be a
valid return value for filter_recipient, and (b) I don't need to
do any further checks or actions on relayed mails in
filter_recipient after md_check_against_smtp_server.

If do you need to do more in filter_recipient after
md_check_against_smtp_server has returned "OK" you'll have
to assign its result to a variable and check it with
appropriate if statements. But I'd recommend against that.
SpamAssassin and virus checking belong in filter_end, and
additional logging doesn't add anything useful IMHO.
So if you relay *all* mails to <internal private address>,
your filter_recipient could in fact be as simple as:

sub filter_recipient
{
  my($recip, $sender, $ip, $host, $first, $helo, $rcpt_mailer,
     $rcpt_host, $rcpt_addr) = @_;
  return md_check_against_smtp_server($sender, $recip,
     "<filter serverexternal DNS name>", "<internal private address>");
}

HTH
T.

-- 
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20130325/2522bdc9/attachment.sig>

More information about the MIMEDefang mailing list