BitDefender Milter Patch

Some of you might have noticed that we have placed a patch for bdmilterd on update, with the title “enable the rbl-on-ip filter for milter integrations”. If you are curious about the exact details of this update, then this post is just the right thing for you.

Almost a week ago, one of our customers reported that he is unable to filter the spam messages using the product’s RBL filter. Shortly after the report, our testing team determined that there was an issue with the milter integration (which the client used) in that, the scanned mail did not contain any Received headers, which are required by the antispam engines in order to do a RBL analysis. This behavior has been observed using Sendmail, but other MTA-s, that also offer a milter interface, might behave the same.

Our approach to this problem, is fairly simple: try to obtain the sender’s IP from the milter’s xxfi_connect() callback, and pass it directly to the antispam engines (to the rbl-on-ip filter). If any of the configured RBL servers has the IP blacklisted, then the antispam analysis ends (with maximum spam score) and the product takes the proper action. Otherwise, the mail is subjected to a full antispam analysis. However, obtaining the IP is not as simple as it might seem. The callback mentioned above has the following declaration:

extern sfsistat xxfi_connect __P((SMFICTX *ctx,
                                  char *hostname,
                                  _SOCK_ADDR *addr));

The hostname parameter, contains either the sender’s host name, either an IP enclosed in square brackets (eg: “[217.10.139.50]”). The addr parameter, points to the connection data (struct sockaddr, which, depending on the sa_family field can be casted to sockaddr_in * or sockaddr_in6 * – see man 7 ip).

Our first attempt involved the use of addr because it seemed the fastest. However, none of the tested MTA-s provide this information, as such addr is always NULL. The only option we were left with was to backtrack the MTA and obtain the connection IP from hostname (that is, if the IP was not already given to us in square brackets, in which case we simply extract the address from the string). This seemed to work pretty good and we decided to make the fix official and release a bdmilterd patch.

Note that some MTA-s (other than Sendmail) do not provide any of the parameters (hostname and addr are both NULL). Luckily, the ones we tested have their own RBL filters. 🙂

Before we end, we want to remind you how patches are installed:

# bdsafe patch list
# bdsafe patch install <patch-number>

Have a great day!

Comments are closed.