> Problem? AIUI, filter_initialize is called only once in the > life of a slave, and DB_File doesn't check the timestamp of the > on-disk DB when you use the contents of the hash. If a slave takes > half an hour to process its allotted number of messages, then > $popauthdb will be a half-hour out of date by the time the last > message is processed, unless you are calling opendb_read before every > check (in which case, why bother calling it in filter_init?) This > means that someone potentially has to wait some non-trivial amount of > time after checking mail to be sure of sending it without some risk of > incurring the SA penalties you are trying to avoid. Maybe not a big > deal, but probably not what you wanted.
I am convinced you are correct. I re-read the man page and I think your interpretation is correct. My filter_initialize is wrong and I need to read the database before each check. Luckily, it's a pretty lightweight database for 99.9% of the installs. An updated solution is documented here http://www.peregrinehw.com/downloads/MIMEDefang/contrib/POP_before_SMTP_modification > So you're setting $popauth in filter_end() and using it in > filter() ? Or is "your filter" above intended to refer loosely to the > entire thing, with the understanding that you're calling SA from > filter_end() also? Because mimedefang-filter(5) says: Your filter is a reference to the entire subfilter. I use the variable just in filter_end(). > # the DB used for popauth relay authentication > # MUST BE READABLE BY THE DEFANG USER (try > # "chgrp defang /etc/mail/access.db") > $popauthdbfile = "/etc/mail/access.db"; I think this part should be moved into filter_initialize for fear of oddities that the embedded perl filter puts in place. Not 100% certain though but it is what I did. > sub popauthget ($) { > # read sendmail's access.db and look for ip RELAY > my ($ip) [EMAIL PROTECTED]; > my $popauthdb = &opendb_read($popauthdbfile); > if ($popauthdb->{$ip} =~ /RELAY/) { > &closedb($popauthdb); > return "popauth"; > } > return 0; > } Thanks for the code example. I just open an close on my simple loop in filter_end but it was a good idea to tie this into the forged/invalid HELO check and make it a function. Regards, KAM _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
