OK, I'm having a weird issue and I just can't seem to figure it out for the
life of me.
In filter_begin, I read the HEADERS file:
# In the HEADERS file, any multiline headers have been rewritten to
# be one line. Received: is a typical example. So here we do not
# need to worry about continuation lines.
#
# Where there are multiple headers with the same name, what we do
# here will overwrite and end up with the data for the last one.
# If we want to collect them all we make a list like @Received.
my $username, $domain;
%Headers = ();
if (open(IN,"<./HEADERS")) {
while(<IN>) {
chomp;
if (/.* for <(.*)@(.*)>/g) {
$username = $1;
$domain = $2;
}
if (/^(\S+): (.*)/) {
my $label = $1;
my $data = $2;
$label = lc($label);
$Header{$label} = $data;
if ($label eq 'received') {
push(@Received,$data);
}
}
}
}
close(IN);
$Header is global hash.
In filter_end, I do this:
if ($Header{'x-purity-verdict'} =~ /spam/) {
md_syslog('warning', 'Redirecting to quarantine - Engine verdict: ' .
$Header{'x-purity-verdict'});
foreach my $rec (@Recipients) {
delete_recipient($rec);
}
add_recipient("[email protected]");
}
That code is checking to see if another milter, our antivirus engine, has added
a header called X-Purity-Verdict to the message and if its value is "spam". It
then removes the recipients and redirects the message to our quarantine address.
That all works fine when the header is there and says "spam" ... sometimes,
though, when a message DOESN'T have the header, the code deletes all the
recipients and redirects to quarantine anyway, without ever puttin in the
syslog entry:
Jun 23 04:27:10 death purity[662]:
MDLOG,o5N9R9GR005379,mail_in,,,<[email protected]>,<[email protected]>,Merchant
Email Receipt
Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter delete: rcpt
<[email protected]>
Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter add: rcpt:
[email protected]
Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter accept: message
I'm just confused how it could even get to that code without putting in the log
line and what I need to do to fix this. Our engine is properly diagnosing when
something is spam, but our mimedefang filter is sending it to quarantine anyway
even when it's not. :) Any thoughts?
George
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
