[milters] Archive

Lists Index Date Thread Search

Article: 813
From: Panagiotis Christias
Date: 2006-02-08 21:51:34 -0500
Subject: Trying to make milter-ahead fit into our sendmail setup

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Hello,

in our university we have three sendmail servers that operate as mail
gateways for all incoming and outgoing email. That is, any incoming or
outgoing SMTP connections are not allowed except for those three
servers (it is a policy defined by access lists in our border router).

Each internal mail server have to use those servers as smarthosts for
outgoing mail and set them as MX servers (of equal priority) in order
to receive any incoming mail. The internal mail server itself does not
have any MX record pointing to itself. The mail gateways will
"forward" any incoming mail based on the A record of the host/domain
part of the email address.

We are trying the setup milter-ahead in the three mail gateways. As
far as we understand the "-m" option would not help us since none of
the MX recodrs point to the destination mail servers. On the other
hand, without any option like "-N /etc/mail/milter-ahead-table.db" and
the appropriate entries we get "... rcpt_host='sub.domain.ntua.gr. is
not a defined route, skipping" warnings since the {rcpt_host} is not
in the "[fqdn]" format as milter-ahead expects (see PARSE_MAILER_HOST
in milter-ahead.c).

For the moment we use the "-N /etc/mail/milter-ahead-table.db" option
and several entries that cover a few major internal mail servers but
this solution cannot scale and cover any mail server in our campus.

Another thing, milter-ahead seems to look up the sendmail access db
("-f" option) for while/blacklisting only when the "-m" option is
defined. This behaviour is not well defined in the milter's manual and
caused us a bit of trouble until we consulted the sources.

Ideally, in our setup we would like the milter to:
a. use the {rcpt_host} regardless the square brackets being there or not.
b. look up the access db in order to whiltelist the incoming mail and
blacklist the outgoing.

Any suggestions are welcome.

Regards,
Panagiotis Christias,
p.christias [at] noc.ntua.gr, NTUA NOC


Lists Index Date Thread Search