[milters] Archive

Lists Index Date Thread Search

Article: 913
From: Anthony Howe
Date: 2006-05-04 02:56:29 -0400
Subject: Re: Milter-Report v0.8 Strange Behavior...

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Taylor, Grant wrote:
>> Note that what milter-report catches varies depending on it execution 
>> order. milter-report should probably be the last milter in the chain in 
>> order to catch rejections from xxfi_eom (end-of-message) handler. But if 
>> its last in the chain then it will not catch (accurately) certain 
>> rejections that occur from the xxfi_connect or xxfi_envfrom handlers, in 
>> which case you want to have milter-report first in the milter chain.
> 
> Sounds confusing.  Or like it might be advantageous to have
> milter-report interface in a couple of different ways, both at the
> beginning and at the end of the milter chain.
It would be advantageous (the Apache 2 API allows for independent 
placing of each handler), but the milter API doesn't support it.

>> I would suggest trying in your situation placing milter-report last in 
>> the milter chain. I would expect it to record rejections based on 
>> content filtering then. However, certain pre-DATA filters and rulesets 
>> may not be recorded properly.
> 

> I *think* I do have milter-report at the end of the chain.  At least
> from what I know how to interpret.  Below is a copy of the pertinent
> section of my MC file with milter-report at the end.

> dnl Milter-Sender is doing something that needs the following M4 directive.
> dnl I don't know what it is but it will not work with out it.
> define(`confMILTER_MACROS_CONNECT', confMILTER_MACROS_CONNECT`, {client_addr},
{client_name}, {client_port}, {client_resolve}')
> INPUT_MAIL_FILTER(`milter-7bit', `S=unix:/var/lib/milter-7bit/socket,
T=C:1m;S:30s;R:2m;E:1m')
> INPUT_MAIL_FILTER(`milter-date', `S=unix:/var/lib/milter-date/socket,
T=C:1m;S:30s;R:90s;E:1m')
> INPUT_MAIL_FILTER(`milter-spiff', `S=unix:/var/lib/milter-spiff/socket,
T=C:10s;S:10s;R:4m;E:10s')
> INPUT_MAIL_FILTER(`milter-sender', `S=unix:/var/lib/milter-sender/socket,
T=C:30s;S:10s;R:10s;E:1m')
> INPUT_MAIL_FILTER(`milter-spamc', `S=unix:/var/lib/milter-spamc/socket,
T=C:1m;S:30s;R:6m;E:1m')
> INPUT_MAIL_FILTER(`milter-clamc', `S=unix:/var/lib/milter-clamc/socket,
T=C:10s;E:5m')
> INPUT_MAIL_FILTER(`milter-report', `S=unix:/var/lib/milter-report/socket,
T=C:10s;S:10s;R:60s;E:10s')
> define(`confINPUT_MAIL_FILTERS',
`milter-7bit,milter-date,milter-spiff,milter-sender,milter-spamc,milter-clamc,milter-report')
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

You don't really need this. You order the milters simply by ordering the 
INPUT_MAIL_FILTER() macros; but yes milter-report is executing last.

> Below is a copy of the pertinent headers from the message that I'm
> replying to.  Based on the time stamps and position (newest first(?))
> I believe that milter-report is the last milter to run by correlating
> confIMPUT_MAIL_FILTERS (above) order.

milter-report doesn't add a X-Scanned-By header.

> Below is a copy of the mail log entries for the message that I'm
> replying to. Interestingly enough I do not see milter-report listed in
> the log for this email.

That is because milter-report has NO xxfi_eom handler and does not add 
headers.

I've had to refresh my memory as to behaviour of the xxfi_abort handler 
(since I don't normally use it much in my milters):

	http://www.milter.org/milter_api/xxfi_abort.html

In particular...

* Calls to xxfi_abort and xxfi_eom are mutually exclusive.

* xxfi_abort is only called if the message is aborted outside the 
filter's control and the filter has not completed its message-oriented 
processing. For example, if a filter has already returned SMFIS_ACCEPT, 
SMFIS_REJECT, or SMFIS_DISCARD from a message-oriented routine, 
xxfi_abort will not be called even if the message is later aborted 
outside its control.


Now the fact that milter-report has no handler for xxfi_eom, I suspect 
that there is NO call to milter-report's xxfi_abort handler when 
milter-spamc or -clamc reject the message.

So I've created this simple patch to try out that adds a stub xxfi_eom 
handler. If my understanding is correct, then this should cause 
sendmail/libmilter to invoke the xxfi_abort handler when some other 
milter rejects the message ahead of milter-report's xxfi_eom handler.

Let me know how it goes.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561
     http://www.snertsoft.com/


-- Attached file included as plaintext by Ecartis --
-- File: patch

--- milter-report.c.orig	Thu May  4 08:43:50 2006
+++ milter-report.c	Thu May  4 08:45:32 2006
@@ -586,6 +586,19 @@
 }
 #endif
 
+static sfsistat
+filterEndMessage(SMFICTX *ctx)
+{
+	workspace data;
+
+	if ((data = (workspace) smfi_getpriv(ctx)) == NULL)
+		return smfNullWorkspaceError("filterEndMessage");
+
+	smfLog(SMF_LOG_TRACE, TAG_FORMAT "filterEndMessage(%lx)", TAG_ARGS, (long)
ctx);
+
+	return SMFIS_CONTINUE;
+}
+
 /*
  * Close and release per-message resources if the message is aborted outside
  * the filter's control and the filter has not completed its message-oriented
@@ -699,16 +712,15 @@
 filterClose(SMFICTX *ctx)
 {
 	workspace data;
-	unsigned short cid;
+	unsigned short cid = 0;
 
-	if ((data = (workspace) smfi_getpriv(ctx)) == NULL)
-		return smfNullWorkspaceError("filterClose");
+	if ((data = (workspace) smfi_getpriv(ctx)) != NULL) {
+		cid = smfCloseEpilog(&data->work);
+		VectorDestroy(data->rcpts);
+		cacheSync(data);
+		free(data);
+	}
 
-	cid = smfCloseEpilog(&data->work);
-	VectorDestroy(data->rcpts);
-	cacheSync(data);
-	free(data);
-
 	smfLog(SMF_LOG_TRACE, TAG_FORMAT "filterClose(%lx)", cid, smfNoQueue, (long)
ctx);
 
 	return SMFIS_CONTINUE;
@@ -746,7 +758,7 @@
 		filterHeader,		/* header filter */
 		NULL,			/* end of header */
 		NULL,			/* body block filter */
-		NULL,			/* end of message */
+		filterEndMessage,	/* end of message */
 		filterAbort,		/* message aborted */
 		filterClose		/* connection cleanup */
 #if SMFI_VERSION > 2


Lists Index Date Thread Search