On Wed, 23 Jun 2010, George Roberts wrote:
>OK, I'm having a weird issue and I just can't seem to figure it out for the
>life of me.
>
>In filter_begin, I read the HEADERS file:
>
># In the HEADERS file, any multiline headers have been rewritten to
># be one line. Received: is a typical example. So here we do not
># need to worry about continuation lines.
>#
># Where there are multiple headers with the same name, what we do
># here will overwrite and end up with the data for the last one.
># If we want to collect them all we make a list like @Received.
>
>my $username, $domain;
>
>%Headers = ();
As others stated already: You need to clear global variables.
Here you clear the global variable %Headers (mark the "s" in the name).
Everywhere else in the code you supplied you're using a hash named
%Header (without the "s").
>
>if (open(IN,"<./HEADERS")) {
> while(<IN>) {
> chomp;
> if (/.* for <(.*)@(.*)>/g) {
> $username = $1;
> $domain = $2;
> }
> if (/^(\S+): (.*)/) {
> my $label = $1;
> my $data = $2;
> $label = lc($label);
> $Header{$label} = $data;
Such as here, in line above.
> if ($label eq 'received') {
> push(@Received,$data);
> }
> }
> }
>}
>close(IN);
>
>$Header is global hash.
>
>In filter_end, I do this:
>
In the next line you're testing an "x-purity-verdict" left over from some
previous message if the current message didn't contain such a header.
>if ($Header{'x-purity-verdict'} =~ /spam/) {
> md_syslog('warning', 'Redirecting to quarantine - Engine verdict: ' .
> $Header{'x-purity-verdict'});
>
> foreach my $rec (@Recipients) {
> delete_recipient($rec);
> }
> add_recipient("[email protected]");
>}
>
>That code is checking to see if another milter, our antivirus engine, has
>added a header called X-Purity-Verdict to the message and if its value is
>"spam". It then removes the recipients and redirects the message to our
>quarantine address.
>
>That all works fine when the header is there and says "spam" ... sometimes,
>though, when a message DOESN'T have the header, the code deletes all the
>recipients and redirects to quarantine anyway, without ever puttin in the
>syslog entry:
>
>Jun 23 04:27:10 death purity[662]:
>MDLOG,o5N9R9GR005379,mail_in,,,<[email protected]>,<[email protected]>,Merchant
> Email Receipt
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter delete: rcpt
><[email protected]>
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter add: rcpt:
>[email protected]
>Jun 23 04:27:10 death sendmail[5379]: o5N9R9GR005379: Milter accept: message
>
>I'm just confused how it could even get to that code without putting in
>the log line and what I need to do to fix this. Our engine is properly
>diagnosing when something is spam, but our mimedefang filter is sending
>it to quarantine anyway even when it's not. :) Any thoughts?
Are you really sure about the missing log line? It could be located
somewhere else in the log file. Depending on the value of the
left over $Header{'x-purity-verdict'} from some previous message
it could be possible that you just don't recognize the log line as
belonging to this message.
Did you grep for _all_ lines containing the queue-id "o5N9R9GR005379"?
You only showed some of them.
Best regards,
Kees.
--
Kees Theunissen
F.O.M.-Institute for Plasma Physics Rijnhuizen, Nieuwegein, Netherlands
E-mail: [email protected], Tel: (+31|0)306096724, Fax: (+31|0)306031204
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
