[Avcheck] Scan only mails for some domains?

Karsten Dambekalns k.dambekalns@fishfarm.de
Tue, 6 Nov 2001 19:07:12 +0100 

On Mon, Nov 05, 2001 at 10:08:50PM +0300, Michael Tokarev wrote:
Hi,

I have been hacking away on the example:

> Example using bash:
> 
>  logger ... "infected by $MSG: from=<$FROM> to=$*"

I moved that below below the admin notification - this way the admin
gets notified anyway...

>  nocheck_rcpts=()
>  check_rcpts=()
>  for i do
>    case "$i" in
>      rcpt1@to.check|rcpt2@to.check) check_rcpts=("${check_rcpts[@]}" "$i") ;;
>      *) nocheck_rcpts=("${nocheck_rcpts[@]}" "$i") ;;
>    esac
>  done

Learnt a lot about bash (I have written some scripts, but never used
arrays), heh! Thanks :-) I changed the case to use egrep, to have case
insensitivity.

>  if [ $#nocheck_rcpts[*] != 0 ] then
>    # send infected mail to all rcpts non-interested to have their mails checked
>    $SENDMAIL -f "$FROM" -- "${nocheck_rcpts[@]}" < $MAIL
>    if [ $? != 0 ] ; then
>      echo "Unable to send mail"
>      exit $EX_TEMPFAIL
>    fi
>  fi

This injects the mail again - is it checked again? Obviously not,
since this is the same as for the mail being sent to the admin. But
how does postfix know that it should not check this mail? More
specifically, why is this mail sent to localhost:1025 (or whatever
configured)? Or am I not seeing something terribly obvious here? Is
this in $SENDMAIL? Puzzled...

> 
>  if [ $#check_rcpts[*] = 0 ] ; then
         ^^^^^^^^^^^^^^^ should have curly braces around, no?
>    # no other recipients
>    exit 0
>  fi
> 
>  ... handle other recpients that wants their mail to be checked

OK, we didn't remove the stuff which should not be checked, did we? I
mean, $* still has all the addresses, including the ones sorted out
above. Or am I wrong here? Shouldn't there be a part removing the
recipients that don't want their mail checked...

(wait, I am thinking...)

OK, I see it now. There is no such part, but it isn't needed for the
sender notification, right? If there are recipients left, for which
mail should be checked, the sender notification will go out anyway.

But what about the recipients? Won't they get the mail _and_ the
notification? They are still in $*...

Shed some light on this, please :-)
Karsten

PS: I will post the finished solution here ASAP...
-- 
fishfarm - Karsten Dambekalns
Echternstr. 73 - 38100 Braunschweig

Tel. +49 531 1232902  mailto:k.dambekalns@fishfarm.de
Fax. +49 531 1232906  http://www.fishfarm.de/
-----------------------------------------------------