Author: Pat Lashley Date: To: Andrew Nelson, Exim Users Mailing List CC: exim-users Subject: Re: [Exim] How to break down CC's and process one at a time ?
--On Friday, December 19, 2003 18:01:54 +1100 Andrew Nelson <andrew__nelson@???> wrote:
> Thanks for your response. This Exim Gateway is set up to accept mail for
> which it islisted as a MX host (using @mx_any). It then scans the mail
> for
> SPAM using external propriatary software (SPAMSCANNER) which is
> implemented using a system_filter (see below) and passes it onto another
> machine (where the local mailboxes are).
>
> The problem is that the scanning software has a bug and sometimes sends
> through the original (possibly SPAMMED) message where some of the recipients
> are invalid on the remote machine (which happens a lot!).
>
> Here's how the Scanning software works (as provided by the software
> people who are unwilling to fix their bug):
>
> - a message comes into Exim
> - SPAMSCANNER scans it and detects it as spam
> - SPAMSCANNER modifies the message (adds headers, subject lines, etc)
> - SPAMSCANNER reinjects the modified message using the command:
> cat $MODIFIED_MAIL | sendmail -i -t -f $SENDER $RECEIVERS (which I
> dont think can be changed)
Ok, the SENDER and RECEIVERS here should be from the original
envelope, passed down from exim.
> - if the command above returns an error, then SPAMSCANNER lets the
> original mail to be delivered by Exim
> - if the command does not return an error, then SPAMSCANNER sends
> a DISCARD command to Exim for that message, so the original message
> is silently discarded.
> - there is a particular case for this situation: When the email has several
> receivers,
> but at least one of them is invalid, then the email IS delivered to the
> valid receivers
> and, still, the sendmail reinjection returns an error that determines
> SPAMSCANNER to let the MTA deliver the original mail message, which
> causes for one of the valid recipients to receive the message twice:
> one message tagged as spam (due to reinjection) and one not tagged as
> spam (due to error returned by the sendmail wrapper).
Ok, the right fix is probably for SPAMSCANNER to re-inject the mail
one recipient at a time, and treat each separately. But unless there's
a config option for that, you'll run up against their refusal to fix
it. (This is one of the nice things about Open Source. If the primary
maintainers refuse to fix something, you can do it yourself, or hire
someone else to do it.)
If, as I suspect, there is no SPAMSCANNER config option to fix that,
there are three possibilities.
The first is to configure Exim to only accept one recipient at a time.
You should be able to do this by setting 'recipients_max = 1'. This
will cause a temporary failure response to every RCPT TO: command after
the first one for each message. The sending MTA should then try again,
possibly after a delay, with only the failed recipients. This will
repeat until they've all been tried.
The second, and probably better solution is to set up a RCPT ACL
that has a 'verify = recipient/callout'. You'll probably need to
set up another router/transport to handle the callout. You can
use the 'verify_only' router flag. (See the section on Generic
Options for Routers for more info.) This should make the same test
for a valid address that is done during re-injection.
The third, and probably best solution is to use a transport filter
instead of a system filter. (I'm assuming here that the only
thing you're doing in the system filter is invoking SPAMSCANNER.)
This requires the ability to set the SPAMSCANNER to avoid invoking
sendmail and simply write the modified message to STDOUT. (If it
insists on running some command sequence with a filename inserted,
'cat $MODIFIED_MAIL' should be acceptable.)
