(I apologize if this topic has already been discussed, but my search for previous conversations came up empty.)
We are in a situation where it would actually be very convenient to have sendmail invoke the mimedefang milter multiple times. Specifically, we are contemplating something like this in sendmail.mc: INPUT_MAIL_FILTER(`mimedefang-pre', `S=unix:/var/spool/mdspool/mimedefang.sock, F=T, T=R:5m')dnl INPUT_MAIL_FILTER(`dkim-filter', `S=local:/var/run/dkim-milter/dkim-milter.sock, F=T, T=S:1m;R:1m') ... INPUT_MAIL_FILTER(`mimedefang-post', `S=unix:/var/spool/mdspool/mimedefang.sock, F=T, T=R:5m')dnl The "mimedefang-pre" instance of mimedefang is essentially the anti-spam step. It will eliminate the vast majority of incoming messages in the "RCPT TO" or "DATA" stages. It will also remove any forged headers that we care about. The "dkim-filter" milter instance (and potentially other milters we might wish to use) then fire on the messages that aren't rejected at the mimedefang-pre phase. Finally, after all other milters have been invoked, we invoke the "mimedefang-post" milter, which makes rejection/routing decisions based on the headers that the other milters add (or remove). Unfortunately, mimedefang does not currently support this. The immediate problem is that mimedefang creates a temporary working directory based solely on the message ID, and since sendmail interleaves milter hooks up until the DATA phase, the mimedefang-post milter attempts to create the same temporary working directory that mimedefang-pre already created, it bombs. The way we're handling this right now is to create a "postdefang" package that just symlinks to the mimedefang package (e.g., /usr/bin/postdefang is a symlink to /usr/bin/mimedefang), with separate /etc/sysconfig/postdefang and /etc/rc.d/init.d/postdefang files that set all the necessary variables. But using the symlink approach requires us to run two mimedefang multiplexors, with each multiplexor having its own pool of slaves. That seems needlessly resource-intensive. >From looking at the mimedefang code, I *think* it should be possible to modify mimedefang to make it be able to be invoked as a sendmail milter multiple times. Furthermore, mimedefang should be able to indicate to the mimedefang-filter(5) functions *which* milter instance of mimedefang is invoking the functions. (E.g., a new global variable called $MDMilterInstance, which would be set to 0 when the mimedefang-pre milter runs, and set to 1 when mimedefang-post functions run.) Does this make sense to others? Is there an easier way to configure a "multipass" mimedefang setup? _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
