[milters] Archive

Lists Index Date Thread Search

Article: 120
From: Anthony Howe
Date: 2004-10-03 03:21:15 -0400
Subject: Re: White & Blacklisting milter-spamc

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Anke Breeuwsma wrote:
> I use milter-spamc.0.25, and I want to do white & blacklisting in access.db 
> 
> I want to:
> * whitelist all e-mail send from inside my domain going out
> but 
> * blacklist (filter) it when the recipient is inside my domain
> 
> I've tried to put this in the access.db to get it working:
> Connect:my.domain.nl		OK	

OK. White list connections from your network (going out). If you are not 
using SMTP+AUTH, then you might want RELAY instead for sendmail.

> To:my.domain.nl		OK

OK. White lists mail to your domain from outside.

> Milter-Spamc-Connect:my.domain.nl	OK	

This has no change on the Connect:my.domain.nl OK above and so is redundant.

> Milter-Spamc-To:my.domain.nl		REJECT

Overrides the white-listed mail to your domain from outside and filters.

The problem is when mail from someone@my.domain.nl sends to 
me@my.domain.nl, then the Connect:my.domain.nl OK will have priority 
over Milter-Spamc-To:my.domain.nl REJECT and never get filtered.

If you want to filter mail within your domain could try changing to:

	Milter-Spamc-Connect:my.domain.nl	SKIP
or
	Milter-Spamc-Connect:my.domain.nl	REJECT

This will tell milter-spamc to ignore the Connect:my.domain.nl OK 
setting. So mail from your network and/or to your domain will be filtered.

Hmm. There may be a slight logic issue in smfAccessMail() and 
smfAccessRcpt(). A OK/RELAY will set a whitelist/by-pass, but a negative 
setting, REJECT/ERROR, does not explicitly clear the skipMessage flag. 
Instead it behaves currently like SKIP leaving the flag with its current 
setting. Normally this is fine, but since the *Connect tags are checked 
first they and cal set skipMessage true, there is no way to override 
this from other tags.

I must think about this, if smfAccessMail() and smfAccessRcpt() should 
explicitly set skipMessage false if it sees REJECT/ERROR. These routines 
are used by the majority of my milters and so I have to make sure this 
doesn't break anything.

> Debugging looks like this:
> 
> [mail.debug] checking "/etc/mail/access.db" for
"milter-spamc-to:me@my.domain.nl"
> [mail.debug] checking "/etc/mail/access.db" for
"milter-spamc-to:my.domain.nl"
> [mail.debug] access DB key="milter-spamc-to:my.domain.nl"
value="REJECT"
> 
> But it doesn't seem to work, those e-mails are still whitelisted.
> 
> So, does anybody know how to deal with this, or am I trying to do something
impossible?
> 
> TIA,
> Anke Breeuwsma
> 
> 


-- 
Anthony C Howe                                 +33 6 11 89 73 78
http://www.snert.com/       ICQ:
7116561         AIM: Sir Wumpus

            "Once...we were here."  - Last of The Mohicans


Lists Index Date Thread Search