[Mimedefang] md_check_against_smtp_server and md_graphdefang_log

James Curtis jameswcurtis at hotmail.com
Tue Mar 26 00:25:59 EDT 2013


----------------------------------------
> Date: Mon, 25 Mar 2013 20:35:53 -0700
> From: kd6lvw at yahoo.com
> I was responding directly to what was posted to the list, which has the defect.
>
The original post was a cut/paste from my /usr/bin/mimedefang.pl file (version 2.70-1)
>
> > 2) md_check_against_smtp_server is intended to be used against servers
> > you control. If you want to blacklist your own MIMEDefang relay...
>
> That may have been your intent for adding the function, but it can easily be abused to perform callbacks to random servers, especially when used to test the sender's address for validity as a return address. If it were to be limited to servers under one's control and enforced as such, the routine would have to obtain the recipient's MX-RRset internally and test all higher priority MTAs; thus it would not need the remote host address parameter. It would determine which host in the MX-RRset it is running on based on the macro variables passed in via the milter interface.
> _______________________________________________
>From what I have read of the documentation (man mimedefang-filter, Rejecting Unknown Users Early section), the md_check_against_smtp_server is meant to verify that the email address someone is sending to actually exists on the server they are trying to send to (through the filter server that is running mimedefang).  To the best of my knowledge it doesn't check the sender to make sure that the sender exists on the domain that the sending email address.  
>
FILTERING BY RECIPIENT
       You can define a function called filter_recipient in your filter.  This lets you reject messages to certain recipients, rather than waiting until the whole message
       has been sent.  Note that for this check to take place, you must use the -t flag with mimedefang.
>
Can someone verify that modifying the /etc/rc.d/init.d/mimedefang script 
    daemon $PROGDIR/$prog-multiplexor -p /var/spool/MIMEDefang/$prog-multiplexor.pid -t \
OR
    daemon $PROGDIR/$prog-multiplexor -t -p /var/spool/MIMEDefang/$prog-multiplexor.pid \
OR 
    am I misunderstanding what it means to run it with the -t option.

I think this may be why my md_check_against_smtp_server doesn't appear to be working.

-Bill Curtis 		 	   		  


More information about the MIMEDefang mailing list