[Avcheck] kavkeeper + "User unknown"
George Chelidze
wrath@geo.net.ge
Tue, 22 Apr 2003 19:10:21 +0500
Hello,
I am using KAV as AV software + kavkeeper. The MTA is sendmail-8.12.9.
Lately I have noticed (didn't pay attantion to this before) the
following problem:
say geo.net.ge is local domain.
without main injection mechanism activated, issuing
RCPT TO: userdoesnotexsist@geo.net.ge
I get:
550 5.1.1 userdoesnotexsist@geo.net.ge... User unknown
after enabling injection mechanism I get:
250 2.1.5 userdoesnotexsist@geo.net.ge... Recipient ok
At this level message is collected. Only the LDA (procmail in my case)
rejects it with "User unknown". As the result many useless messages are
wasting my bandwidth.
I have looked at my sendmail.cf file to find out why this happens. The
things added to configuration regarding kavkeeper follows:
...
C{KAG}${KAV}
...
SLOCAL_RULE_0
R$* @ $+ . ${KAV} $1 < @ $2 . ${KAV} >
R$* < @ $+ . $~{KAG} . > $#kavkeeper $@ $2 . $3 . ${KAV} $: $1 @ $2 . $3
. ${KAV}
R$* < @ $* . ${KAV} > $1 < @ $2 . >
### KAVKEEPER Mailer specification ###
A=kavkeeper -s $f -r $u -x $h -m sendmail -p ${KAV} -c
/var/spool/avp/kavkeeper/keeper.ini
the first rule involves kavkeeper mailer if the address doesn't ends
with ${KAG} string which checks the message for infection and then
reinjects it back to sendmail. the next rule strips the suffix.
as Ruleset 0 contains
Sparse=0
R$* $: $>Parse0 $1 initial parsing
R<@> $#local $: <@> special case error msgs
R$* $: $>ParseLocal $1 handle local hacks
R$* $: $>Parse1 $1 final parsing
we can see that LOCAL_RULE_0 ruleset executes before final parsing. The
only thing I can't understand is why I get the above result? As second
rule of LOCAL_RULE_0 stripped ${KAV} suffix, the address should be the
same as it was before adding this suffix (obviously I am wrong as the
above mention problem presents). All this long story has nothing common
with this list. There are 2 reasons why I have posted this message here:
1. many list members are experienced people spending a lot of time
maintaning e-mail systems. I hope someone can explain this problem.
2. (The main one) I have a dought that the problem is caused by
kavkeeper not injection mechanism, so if someone using sendmail with
avcheck instead of kavkeeper can tell me if he/she is experiencing the
same problems with avcheck or not, I will be able to nerrow the set of
possible reasons and hope to solve the problem.
Thank you in advance for any suggestions/answers
Best Regards,
--
George Chelidze