[Avcheck] Drop Sender mail when get response as User Unknown from
SMTPserver, Can I?
Michael Tokarev
mjt@tls.msk.ru
Wed, 19 Dec 2001 23:35:05 +0300
[I'm sorry for so long delay -- your email was lost in tons of
garbage (spam) I got recently.]
Krit Viriyatharangkurn wrote:
>
> Dear All,
>
> Can I set avcheck to drop sender alert mail when response code is user unknown?
> I always have these message queues left on my server and I want to make it
> disappear.
>
> = Output from mailq command =
> [snip]
>
> DA1FD88170 217218 Sun Dec 16 13:27:21 sender@mydomain.co.th
> (temporary failure. Command output: avcheck: unexpected smtp response (need
> 250): 550 <sender@mydomain.co.th>: User unknown /var/spool/avp/infected:
> unable to send sender email )
> target@mydomain.co.th
The question is -- why the mail you have in queue is from unknown user?
This shouldn't happen, yes? If this happens, you perhaps need to
correct the error in a first place. Oh, I know some viri modifies
from address... Well, this is interesting question then.
For now, you can work around this easily -- open your `infected' handler
in the editor and comment out the lines that checks $SENDMAIL's return code
when sending sender notification:
if [ $? != 0 ] ; then
echo "$0: unable to send sender email" >&2
exit $EX_TEMPFAIL
fi
(you can search for the text message in echo)
This will ignore ANY errors, not just the case in question, but that's
not a problem -- well, almost -- since sender address is single and
if sender can't receive a notification, nothing will hurt.
Alternatively, in postfix, you can remove local_recipient_maps value
for the re-injecting smtpd in master.cf (add an option:
-o local_recipient_maps=
to the smtpd line you configured for mail reinjection). This will
solve this your problem: postfix will accept a message happily and
then will discard it as destined for unknown user and sent with
empty return-path. This is very acceptable solution.
And yet another alternative (it is in fact NOT an alternative for this
every case) I want to implement is to allow avcheck to be less strict
sometimes. I.e. with new -r option, to mean "relax", it will ignore
some errors like unable to read avdaemon response and even unable to
connect to avdaemon (if more -r was given). This is to allow a message
to go if one shure it is ok but avdaemon can't process it for some
reason.
Regards,
Michael.