[milters] Archive

Lists Index Date Thread Search

Article: 1021
From: Anthony Howe
Date: 2006-07-10 11:53:48 -0400
Subject: Re: milter-cli. Where is the problem, again

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

(Message found in the junk mail box; reposted with my initial feedback
included to save time. BTW I've subscribed you too so you can get the
answers back.)

Milter-link blocked your posting because of:

amontpellier-152-1-2-129.w81-251.abo. wanadoo.fr [81.251.32. 129]

is black listed by sbl-xbl.spamhaus.org. I've excluded mail to
milters@milter.info from milter-link now.

You snipped some log lines, which might have been significant to white
or black listing issues. Please don't do that. Its makes it hard to see
what is going on.

Michel HEIRBAUT wrote:
> Hello,
> 
> I am a system administrator and I try hard to keep spam out of our 5.000 
> mailboxes.
> A few weeks ago I ran into milter-cli and found it could be very usefull.
> So I compiled the last version milter-cli/0.12.33 with LibSnert/1.61.829 
> and sendmail 8.13.6
> Everything with the "-DSMFI_VERSION=4" option.
> When trying to use "envelope-filter=" or "content-filter=" in the
config 
> file, it does nothing.

Specify your exact configuration beyond defaults. You can leave off the
comments.

Do you pass arguments to you envelope-filter or content-filter options?
Did you remember to quote or single-quote the command just as you would
if specified on the command-line?

For example I use:

content-filter='/usr/bin/awk -v debug=1 -f /etc/mail/content.awk'
content-max-size=128
envelope-filter='/usr/bin/awk -f /etc/mail/envelope.awk'
filter-timeout=120

Do your scripts work when tested by hand when you feed standard input
the envelope info for the envelope-filter or the message for the
content-filter? A bug in the script would cause problems.

Did you use an absolute command line for your script engine and script
or for the program?

> My problem seems to be the same as what was mentioned by Sergey N. 
> Romanov in a post on 2006-Apr-15 with the title "milter-cli. Where is 
> problem?".

In the April 15 posting by Sergey Romanov the response I should have
given was that:

01:55:39 [16] milter-cli[80964]: 00002 NOQUEUE: host localhost.xxx.net
[127.0.0.1] OK

shows as access.db white listed "host blah-blah-name [127.0.0.1] OK"
where OK is an access.db OK/RELAY hit.

The loopback interface is hard coded white listed typically in most of
my milters, including mitler-cli. To make an effective test from an ssh
session on the same machine you must "telnet machine-ip 25" or connect
from a different machine. If you "telnet 127.0.0.1 25", you come in on
the loopback interface and hit the hard coded white listing for it.

> Even with "verbose=all" there is no trace of the filter options to be used.

verbose=all is far too much. Most cases can be resolved with

	verbose=info,trace,db,dialog,debug

Continued below...

> Here is the beginning of the logfile if it can help:
> 
> Jul 10 09:53:15 dl05 milter-cli[31925]: pid file 
> "/var/run/milter/milter-cli.pid": process 2220 exists
> Jul 10 14:39:14 dl05 milter-cli[21575]: milter-cli: Opening listen 
> socket on conn inet:777@localhost
> Jul 10 14:39:14 dl05 milter-cli[21575]: process ruid=78 rgid=33334 
> euid=78 egid=33334
> Jul 10 14:39:14 dl05 milter-cli[21575]: milter-cli/0.12.33 Copyright 
> 2005, 2006 by Anthony Howe. All rights reserved.
> Jul 10 14:39:14 dl05 milter-cli[21575]: LibSnert/1.61.829 Copyright 
> 1996, 2006 by Anthony Howe. All rights reserved.
> Jul 10 14:39:14 dl05 milter-cli[21575]: libmilter version 4 (4)
> Jul 10 14:39:14 dl05 milter-cli[21575]: Sleepycat Software: Berkeley DB 
> 4.2.52: (December 11, 2004)
> Jul 10 14:40:22 dl05 milter-cli[21711]: milter-cli: Opening listen 
> socket on conn inet:777@localhost
> Jul 10 14:40:22 dl05 milter-cli[21711]: process ruid=78 rgid=33334 
> euid=78 egid=33334
> Jul 10 14:40:22 dl05 milter-cli[21711]: milter-cli/0.12.33 Copyright 
> 2005, 2006 by Anthony Howe. All rights reserved.
> Jul 10 14:40:22 dl05 milter-cli[21711]: LibSnert/1.61.829 Copyright 
> 1996, 2006 by Anthony Howe. All rights reserved.
> Jul 10 14:40:22 dl05 milter-cli[21711]: libmilter version 4 (4)
> Jul 10 14:40:22 dl05 milter-cli[21711]: Sleepycat Software: Berkeley DB 
> 4.2.52: (December 11, 2004)
> Jul 10 14:40:33 dl05 milter-cli[21711]: 00001 NOQUEUE: 
> filterOpen(9fb7a38, 'AMontpellier-152-1-2-129.w81-251.abo.wanadoo. fr', 
> [81.251.32. 129])

The above line was triggered milter-link.

> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "milter-cli-connect:81.251.32. 129"
> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "milter-cli-connect:81.251.32"
> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "milter-cli-connect:81.251"
> [snip]
> ................................
> [snip]
> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "connect:fr"
> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "amontpellier-152-1-2-129.w81-251.abo.wanadoo. fr"
> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "w81-251.abo.wanadoo. fr"
> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "abo.wanadoo. fr"
> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "wanadoo. fr"
> Jul 10 14:40:33 dl05 milter-cli[21711]: checking "/etc/mail/access.db" 
> for "fr"
> Jul 10 14:40:33 dl05 milter-cli[21711]: i6ACeX21711add2 mail=<> ok

The above shows that MAIL FROM:<> was OK (white listed), but the
milter-cli source does not white list the null address, so in this case
the white listing is a carry over from the connection client IP being
white listed for some reason above, BUT since you snipped that part I
can't be sure.

> I also can't see any reply to the post off Sergey.

Probably because I was too busy at the time to answer it and forgot to
follow up on it later.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561
     http://www.snertsoft.com/


Lists Index Date Thread Search