[rt-users] RE: [Mimedefang] Skip MD for some users
Rich West
Rich.West at wesmo.com
Wed Apr 28 11:54:00 EDT 2004
Like a couple of others have said, you really cannot skip the entire
MILTER process based upon individual users.
However, you can have the MILTER itself (MimeDefang) do the recipient
check then exit accordingly.
The problem is that you lose a fair amount of efficiency in mail
processing when you start analyzing the individual recipients. For low
volume mail servers, such as personal mail servers and small in-house
corporate mail servers, this expense is completely unnoticable. :)
For higher volume systems, you really have to balance the benefits vs.
the costs, where the costs will be that you will need to beef up your
system(s) signifigantly.
Back to your original question.. for one, you really have to consider
what you are trying to accomplish. If you want certain users to avoid
the ENTIRE concept of passing through MimeDefang (which, by the way,
MimeDefang does a heck of a lot more than just Mime parsing now-a-days)
or if you want certain users to avoid PARTS of the MimeDefang process
(the hand-off to the virus software, the hand-off to Anomy::HTML, or the
hand-off to the anti-spam software, etc).
In the typical situation, you really do want the user's email to go
through SOME of the MILTER. You don't want viruses getting through or
other malicious code, but you want the HTML filtering of Anomy::HTML and
the anti-spam filtering of Spamassassin to be capable of being bypassed.
In my case, we run a relatively low-volume mail server, so we feel that
we can afford any negative impact that per-user recipient scanning will
cause us. Also, we have a fixed set of users that we keep in a flat
text file, and those users are allowed to bypass the SpamAssassin rules.
sub filter_end ($) {
my($entity) = @_;
...
return if message_rejected();
foreach $recipient (@Recipients)
{
if (&allow_recipient($recipient))
{
md_graphdefang_log('mail_in', , $RelayAddr);
return;
}
}
# Spam checks if SpamAssassin is installed
if ($Features{"SpamAssassin"}) {
...
}
And the "allow_recipient" subroutine looks like:
sub allow_recipient
{
my($recipient) = shift;
open(USERS, "cat /my/path/to/users/flatfile | ") or die "Could not
open /my/path/to/users/flatfile.\n";
@users = <USERS>;
foreach $user (@users)
{
chop ($user);
return 1 if ($user = /$recipient/i);
}
}
Of course, because it is PERL, so you can do a variety of things (Call
another executable, do mySQL lookups, etc), but keep in mind that you
want to keep things efficient and FAST.
Now, we put this in filter_end, but I am sure something similar could be
put in "filter" around the Anomy::HTML stuff providing that @Recipients
is defined in the "filter" subroutine.
Also, that leads to the question as to why the Anomy::HTML stuff is in
"filter" rather than in "filter_end" since it is an add-on, similar to
Spamassassin (but, obviously, with a different purpose..).
I hope this helps!
-Rich
>Hello everyone,
>
>I have MD 2.39 setup with Sendmail 8.12.8 on a RedHat 9 machine.
>Everything works fine for me, but now a few users want to be excluded
>from the Spam scanning that I am doing. I have tried the solution
>described at:
>http://lists.roaringpenguin.com/pipermail/mimedefang/2002-August/010883.
>html, but the mail for the user that I listed is still being scanned by
>MD. I don't know if this matters or not, but my MD machine is not the
>actual delivery machine. It is forwarding mail onto our internal
>Exchange server.
>
>Has anyone had a similar problem? Is there something that I can do to
>offer more info to the list?
>
>TIA,
>
>Nathan Martinez
>
More information about the rt-users
mailing list