[milters] Archive

Lists Index Date Thread Search

Article: 201
From: Sebastian Wiesinger
Date: 2004-10-20 18:30:32 -0400
Subject: Re: milter-sender: Whitelist MX?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

* Anthony Howe <achowe@snert.com> [2004-10-21 00:07]:
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
> 
> Sebastian Wiesinger wrote:
> > I want to whitelist some MX servers from CallBack but I think
> > milter-sender only checks for Blacklisting (only checks "REJECT" in
> > access.db).
> 
> milter-sender does respect OK/RELAY entries in access.db
> 
> > Is it possible to have a new prefix "milter-sender-mx:" to
> > white-/blacklist MX for callback?
> 
> Not needed. If you read the documentation:
> 
> 	lynx index.shtml
> 
> you will see that there are many ways to white or black list a 
> connection or message in milter-sender (and others).
> [..]
> This says to sendmail its ok to relay, but that milter-spamc should 
> still filter. The other milter have similar tags. Normally the connect:, 
> from:,or to: tags are enough and sufficient except in unusual cases 
> where a virus gets into your local network an d you need to some how 
> block it or some other a-hole from abusing your machines.

Sorry, but I still don't see a way to whitelist a sender MX to prevent
callback to that MX.

If I read the source correctly, there is *no* line in "mxCallBack"
which would check a "whitelisting" of the sender MX in any way.  The
only thing is a blacklist check "mxIsRejected", which is called from
"mxCallBack".  There is no way to do a whitelisting in the way
"mxIsRejected" does blacklisting.

What I want is:

Assume example.com has MX example.com set and the connecting
Mailserver is NOT example.com.

So I put in my access.db:

milter-sender-mx:example.com    OK

Everytime milter-sender would make a callback to MX example.com, it
would be skipped because the MX is whitelisted. This would give me a
way to whitelist one MX which handles many domains for example.


Regards,

Sebastian


> 
> Anthony Howe
> (music in Monaco is cool even when tired)
> 

-- 
GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
Wehret den Anfaengen: http://odem.org/informationsfreiheit/
'But...I died,' said the shade of Unity.
YES, said Death. THIS IS THE NEXT PART... - Terry Pratchett, Thief Of Time

Lists Index Date Thread Search