[Avcheck] Drop Sender mail when get response as User Unknown from SMTPserver, Can I?

Michael Tokarev mjt@tls.msk.ru
Wed, 19 Dec 2001 23:35:05 +0300 

[I'm sorry for so long delay -- your email was lost in tons of
 garbage (spam) I got recently.]

Krit Viriyatharangkurn wrote:
> 
> Dear All,
> 
> Can I set avcheck to drop sender alert mail when response code is user unknown?
> I always have these message queues left on my server and I want to make it
> disappear.
> 
> = Output from mailq command =
> [snip]
> 
> DA1FD88170   217218 Sun Dec 16 13:27:21  sender@mydomain.co.th
> (temporary failure. Command output: avcheck: unexpected smtp response (need
> 250): 550 <sender@mydomain.co.th>: User unknown /var/spool/avp/infected:
> unable to send sender email )
>                                           target@mydomain.co.th

The question is -- why the mail you have in queue is from unknown user?
This shouldn't happen, yes?  If this happens, you perhaps need to
correct the error in a first place.  Oh, I know some viri modifies
from address...  Well, this is interesting question then.

For now, you can work around this easily -- open your `infected' handler
in the editor and comment out the lines that checks $SENDMAIL's return code
when sending sender notification:

 if [ $? != 0 ] ; then
   echo "$0: unable to send sender email" >&2
   exit $EX_TEMPFAIL
 fi

(you can search for the text message in echo)

This will ignore ANY errors, not just the case in question, but that's
not a problem -- well, almost -- since sender address is single and
if sender can't receive a notification, nothing will hurt.

Alternatively, in postfix, you can remove local_recipient_maps value
for the re-injecting smtpd in master.cf (add an option:
 -o local_recipient_maps=
to the smtpd line you configured for mail reinjection).  This will
solve this your problem: postfix will accept a message happily and
then will discard it as destined for unknown user and sent with
empty return-path.  This is very acceptable solution.

And yet another alternative (it is in fact NOT an alternative for this
every case) I want to implement is to allow avcheck to be less strict
sometimes.  I.e. with new -r option, to mean "relax", it will ignore
some errors like unable to read avdaemon response and even unable to
connect to avdaemon (if more -r was given).  This is to allow a message
to go if one shure it is ok but avdaemon can't process it for some
reason.

Regards,
 Michael.