[milters] Archive

Lists Index Date Thread Search

Article: 818
From: Panagiotis Christias
Date: 2006-02-13 19:09:49 -0500
Subject: Re: Trying to make milter-ahead fit into our sendmail setup

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support


On 2/11/06, Anthony Howe <achowe@snert.com> wrote:
> Panagiotis Christias wrote:
> > We are trying the setup milter-ahead in the three mail gateways. As
> > far as we understand the "-m" option would not help us since none of
> > the MX recodrs point to the destination mail servers. On the other
> > hand, without any option like "-N /etc/mail/milter-ahead-table.db" and
> > the appropriate entries we get "... rcpt_host='sub.domain.ntua.gr. is
> > not a defined route, skipping" warnings since the {rcpt_host} is not
> > in the "[fqdn]" format as milter-ahead expects (see PARSE_MAILER_HOST
> > in milter-ahead.c).
> If you use -m with mailertable or -N option and you specify a FQDN
> without the [ ] around it:
>         example.com     esmtp:host.example.com
> then the MX lookup should resolve to the host's A record with MX 0 as
> defined in RFC 974.

Right, but I would still have to use one line per subdomain in a
special db file, where up to now I had no need for it. We are not
using mailertables in our setup, we just rely on sending the email to
the A record of each subdomain.

> > For the moment we use the "-N /etc/mail/milter-ahead-table.db" option
> > and several entries that cover a few major internal mail servers but
> > this solution cannot scale and cover any mail server in our campus.
> What form does your mail addresses have?
>         user@host.dept.univ.gr
> or some such? Or just
>         user@dept.univ.gr

Mostly user@dept.univ.gr and/or user@lab.dept.uviv.gr (both cases are domains).

> > Another thing, milter-ahead seems to look up the sendmail access db
> > ("-f" option) for while/blacklisting only when the "-m"
option is
> This behaviour will probably be dropped in the next release anyways or
> at least some what changed.


> > defined. This behaviour is not well defined in the milter's manual and
> > caused us a bit of trouble until we consulted the sources.
> >
> > Ideally, in our setup we would like the milter to:
> > a. use the {rcpt_host} regardless the square brackets being there or not.
> -m  Remember RFC 974 says that if no MX can be found for the domain,
> then it falls back on the A record is it exists.

Let me explain a bit our setup by example.

We have three smtp servers (sendmail servers running milter-ahead).
Let's call them mx0.univ.gr, mx1.univ.gr and mx2.univ.gr. A
departmental domain, let's say dept1.univ.gr would have three MX
records of equal preference pointing to mx0, mx1 and mx2. It would
also have an A record pointing to the IP address of the host running
the departmental mail server (let's say mail.dept1.univ.gr).

An email to user@dept1.univ.gr coming from the internet would land on
one of the MX servers, let's say on mx0.univ.gr. Since all the rest MX
servers (mx1 and mx2) would have the same preference value for domain
dept1.univ.gr the sendmail in mx0 would send the email to the A record
of dept1.univ.gr, that is mail.dept1.univ.gr. So long so good, mail
delivered successfully.

Now, let's try adding milter-ahead into the soup. We don't want to use
-N option, we prefer things to work automagically as far as possible.
Using the -m option we don't get the same behaviour with milter-ahead
as with sendmail. Milter-ahead would look up for the MX records of
dept1.univ.gr, get them right and then try each one of them regardless
the fact that mx1 and mx2 have the same preference value of mx0 that
it is running on. The results are at least funny :). Oh, and the
domain's A record is not contacted since according to milter-ahead the
MX list is not empty.

> > b. look up the access db in order to whiltelist the incoming mail and
> > blacklist the outgoing.
> I would have modify the milter with general B/W support common to my
> milters. It can be done and a next release being prepared.

good too.

Panagiotis Christias,
p.christias [at] noc.ntua.gr, NTUA NOC

Lists Index Date Thread Search