[milters] Archive

Lists Index Date Thread Search

Article: 821
From: Anthony Howe
Date: 2006-02-15 06:42:12 -0500
Subject: Re: Trying to make milter-ahead fit into our sendmail

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Panagiotis Christias wrote:
> On 2/11/06, Anthony Howe <achowe@snert.com> wrote:
> Right, but I would still have to use one line per subdomain in a
> special db file, where up to now I had no need for it. We are not
> using mailertables in our setup, we just rely on sending the email to
> the A record of each subdomain.

Then -m should be sufficient still, even without the mailertable or -N 
table. Essentially with -m the MX of {rcpt_host} will be looked up, 
which should end up taking advantage of the RFC 974 MX/A record behaviour.

> We have three smtp servers (sendmail servers running milter-ahead).
> Let's call them mx0.univ.gr, mx1.univ.gr and mx2.univ.gr. A
> departmental domain, let's say dept1.univ.gr would have three MX
> records of equal preference pointing to mx0, mx1 and mx2. It would
> also have an A record pointing to the IP address of the host running
> the departmental mail server (let's say mail.dept1.univ.gr).
> 
> An email to user@dept1.univ.gr coming from the internet would land on
> one of the MX servers, let's say on mx0.univ.gr. Since all the rest MX
> servers (mx1 and mx2) would have the same preference value for domain
> dept1.univ.gr the sendmail in mx0 would send the email to the A record
> of dept1.univ.gr, that is mail.dept1.univ.gr. So long so good, mail
> delivered successfully.
> 
> Now, let's try adding milter-ahead into the soup. We don't want to use
> -N option, we prefer things to work automagically as far as possible.
> Using the -m option we don't get the same behaviour with milter-ahead
> as with sendmail. Milter-ahead would look up for the MX records of
> dept1.univ.gr, get them right and then try each one of them regardless
> the fact that mx1 and mx2 have the same preference value of mx0 that

Hmm. Then this might be a bug, since milter-ahead should only be testing 
   MX records of lower value. An A record would have MX 0, but of course 
since an MX list comes back, the A record as MX rule doesn't come into 
play. Hmm. Interesting.

> it is running on. The results are at least funny :). Oh, and the
> domain's A record is not contacted since according to milter-ahead the
> MX list is not empty.

Correct according to how RFC 974 outlines when the implicit MX rule is 
applied only when no MX records are found. I'll probably have to add 
some sort of exception and/or revisit how the MX pruning code works.

However RFC 2821 which obsoletes RFC 974 states:

    ...                                                               If
    no MX records are found, but an A RR is found, the A RR is treated as
    if it was associated with an implicit MX RR, with a preference of 0,
    pointing to that host.  If one or more MX RRs are found for a given
    name, SMTP systems MUST NOT utilize any A RRs associated with that
    name unless they are located using the MX RRs; the "implicit MX" rule
    above applies only if there are no MX records present.  If MX records
    are present, but none of them are usable, this situation MUST be
    reported as an error.

So I would have to go against the MUST NOT clause in this case, which 
probably means I need to make this an option.

>>> b. look up the access db in order to whiltelist the incoming mail and
>>> blacklist the outgoing.
>> I would have modify the milter with general B/W support common to my
>> milters. It can be done and a next release being prepared.
> 
> good too.

Surprisingly I started on this last month for 1.1 and then thought 
better of it:

    +	I'm thinking about adding full B/W list support semantics
    	common to all my milters. Currently this code is disabled
    	(use -DENABLE_BW_LIST_SUPPORT), while I evaluate the value
    	and impact of such a change.

I guess I'm going to be enabling this now since you obviously find value 
in it.

-- 
Anthony C Howe       http://www.snert.com/     +33 6 11 89 73 78
AIM: SirWumpus            ICQ: 7116561          Skype: SirWumpus
                    Sendmail Anti-Spam Solutions
http://www.snertsoft.com/         
         We Serve Your Server

Lists Index Date Thread Search