detach command

Ok so I added event CLIENT_ACCEPTED disable one I found a pice of data. But each time I find the data and the if statement is triggered it does a TCP::release and event CLIENT_ACCEPTED disable. But then I see the client_accepted is again run. Any help would be great. Thanks

when CLIENT_ACCEPTED {
   set tcpdata ""
   TCP::respond "220\r\n"
   TCP::collect
   log "CLIENT_ACCEPTED"
}
when CLIENT_DATA {
   append tcpdata [TCP::payload]
   log "$tcpdata"
   switch -glob $tcpdata {
   "*DATA*"  {
         if {$tcpdata contains "Sensitivity: Company-Confidential\r\n" } {
            event CLIENT_ACCEPTED disable
            TCP::release
            TCP::close
            pool mailhost1v
            log "encript"
         }
         else {
            TCP::respond "354 Start mail input; end with .\r\n"
              log "ready for DATA"
         }
      }
   default {
         TCP::respond "250 OK\r\n"
      }
   }
} 

Ok, I'm confused. CLIENT_ACCEPTED is only triggered once per connection. The event disable command is only effective for the current connection. So, disabling CLIENT_ACCEPTED is somewhat pointless as it should not get triggered again for the same connection. If you are seeing it getting triggered again, it is most likely a new connection. Try changing your log statement to:

log local0. "CLIENT_ACCEPTED: [IP::remote_addr]:[TCP::remote_port] -> [IP::local_addr]:[TCP::local_port]"

This should reveal that you are getting multiple connections.

Perhaps you were wanting to disable the CLIENT_DATA event?

Something you'll want to remember with this problem is that you've already proxied on behalf of the server. So, the client will obviously be much farther along than the server. I'm assuming you left out parts of your rule that takes care of this?