[milters] Archive

Lists Index Date Thread Search

Article: 1164
From: Rose, Bobby
Date: 2006-10-02 11:09:06 -0400
Subject: Re: Milter-sender and access file question

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Sorry for the questions but I'm trying to troubleshoot something and
have gotten more info from the domain I'm having problems with.

If sendmail refuses connections due to load, how would milter-sender
react in that event if there is only one MX for domain it's checking or
if that domain has a DNS round-robin setup and the IP of the second MX
resolves to the same IP address.  I'm not sure if the remote domain is
actually using refuseLA or if they have some other process that just
stops their sendmail.  In the logs, milter-sender logs the "opening SMTP
connection to x.x.x.x" message and then a "x.x.x.x connection failed
code=421 rc=2" but then since it occurs with the second MX (which in
this case happens to be the same IP due unfortunate luck and their
round-robin setup) the check fails and the sender's message is rejected.

If they are purposely taking MXs offline and leaving the records in DNS
then one could cry RFC violation but if it's due to load problems then
one can't but I haven't seen sendmail rejections due to load in years so
I can't remember if sendmail just refuses to listen to any inbound
requests or if it allows a connection and merely issues a try again
later response code.

 

-----Original Message-----
From: milters-bounce@milter.info [mailto:milters-bounce@milter.info] On
Behalf Of Anthony Howe
Sent: Sunday, October 01, 2006 5:03 AM
To: milters@milter.info
Subject: [milters] Re: Milter-sender and access file question

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Rose, Bobby wrote:
> Is it possible to skip sender verification on a specific mail from to 
> a specific rcpt to?  I'm not sure if the NEXT action would do this or 
> not based on the examples on the man page.

No. There currently does NOT exist any means to black/white list combos
like sender/recipient, sender/client, sender/recipient/client, etc.

The NEXT action is the opposite of SKIP and intended for pattern lists
where none of the patterns match and so you want to resume the access
lookup following the pattern list entry.

For example:

milter-sender-connect:10.0		OK
milter-sender-connect:10.0.1		[10.0.1.32/29]REJECT NEXT

I can white list all of 10.0.0.0/16, except a small subnet on
10.0.1.32/29. First sendmail has no CIDR support, but using a pattern
list I can specify a LHS that acts as a selector for the general range
and then a RHS pattern list with a CIDR for a more precise check. So if
a host 10.0.1.167 connects, it should be white listed, but the 10.0.1
would match, but the CIDR pattern would not. NEXT action resumes the
access lookup so that I'll find the 10.0 white list entry.

The above could have been written also like:

milter-sender-connect:10.0		[10.0.1.32/29]REJECT OK

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561
     http://www.snertsoft.com/



Lists Index Date Thread Search