[milters] Archive

Lists Index Date Thread Search

Article: 1246
From: Quentin Campbell
Date: 2006-11-13 03:33:46 -0500
Subject: Re: Milter-link whitelisting per recipient

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Anthony

Thank you for the reply. I had not understood from the documentation,
though perhaps should have, that milter-link would have whitelisted on
the 'Spam:tim.johnson@... FRIEND' line thus obviating the need for a
separate 'milter-link-To:tim.johnson@... OK' line.

The whitelisting problem with milter-link appears to be _intermittent_.
It is working OK today (see log extracts below using
verbose=info,trace,db).

The symtoms I described in my original message applied to a set of
recipient mail addresses on one set of three gateways. The same symptoms
(ie. failure to whitelist) also occurred at the same time on a different
set of eight gateways that require milter-link to whitelist on source IP
address.

It appears that on all our 11 gateways and for all whitelisted mail
addresses and IP addresses in the 'access' file milter-link whitelisting
suddenly stopped working BUT the whitelisting by Sendmail from DNSBL
rejections WAS working for the same mail addresses. This suggests
milter-link rather than access.db as being the problem.

The /etc/mail/access.db file is re-built by script each night but
differs between the two sets of gateways. On one set (the ones that
handle the 'nortumbria.ac.uk' domain) the same source for the 'makemap
hash access <access' is used each night. Its contents are only
occasionally changed and then manually. 

On the other, larger set of gateways, the /etc/mail/access.db file is
rebuilt from source that changes almost every day with various changes
for relaying and whitelisting being added/removed by script.

Thus rebuilding the 'access' file each night may have accounted for the
intermittent behaviour of milter-link whitelisting (but see above) but
not on all 11 gateways at the same time. I will have to find some way of
more closely monitoring things but with the number of gateways and users
(accounting for almost 1 million messages per day), this will be costly.


I also note the recent message from Richard@golivenet.com who commented
that milter-link does not work when 'delay_checks' is enabled in
Sendmail. What is the issue here? We of course have this enabled as 

FEATURE(`delay_checks',`friend')dnl

in order for 'Spam:... FRIENDS' to work. For at least most of the time
the whitelisting in milter-link has worked OK with that.

Quentin  

--- cut here
[root@cheviot51 mail]# grep kAD7Zfvc005419 /var/log/maillog
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterMail(8944070, 89449f8) MAIL='<root@burnmoor.ncl.ac.uk>' auth=''
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterRcpt(8944070, 89449f8) RCPT='<tim.johnson@northumbria.ac.uk>'
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
"tim.johnson@northumbria.ac.uk" default action OK
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
recipient <tim.johnson@northumbria.ac.uk> OK
Nov 13 07:35:46 cheviot51 sendmail[5419]: kAD7Zfvc005419:
from=<root@burnmoor.ncl.ac.uk>, size=611, class=0, nrcpts=1,
msgid=<200611130735.kAD7ZfoS010532@ucsnew2.ncl.ac.uk>, proto=ESMTP,
daemon=MTA, relay=ucsnew2.ncl.ac.uk [128.240.233.6]
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterHeader(8944070, 'Received', 'from ucsnew2.ncl.ac....')
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterHeader(8944070, 'Received', '(from root@localhost...')
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterHeader(8944070, 'Date', 'Mon, 13 Nov 2006 07:...')
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterHeader(8944070, 'From', 'root <root@burnmoor....')
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterHeader(8944070, 'Message-Id', '<200611130735.kAD7Zf...')
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterHeader(8944070, 'To', 'tim.johnson@northumb...')
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterHeader(8944070, 'Subject', 'TEST - please ignore...')
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterEndHeaders(8944070)
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterBody(89 http://sweethear...',
29)
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419: white
listed, skipping
Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
filterEndMessage(8944070)
Nov 13 07:35:46 cheviot51 sendmail[5419]: kAD7Zfvc005419: Milter add:
header: Received-SPF: none (cheviot51.ncl.ac.uk: domain of
root@burnmoor.ncl.ac.uk does not designate permitted sender hosts)
Nov 13 07:35:46 cheviot51 sendmail[5419]: kAD7Zfvc005419:
to=<tim.johnson@northumbria.ac.uk>, delay=00:00:00, mailer=esmtp,
pri=30611, stat=queued
Nov 13 07:35:50 cheviot51 MailScanner[5341]: Message kAD7Zfvc005419 from
128.240.233.6 (root@burnmoor.ncl.ac.uk) to northumbria.ac.uk is spam,
SpamAssassin (score=15.509, required 6, autolearn=disabled,
SPF_HELO_PASS -0.00, URIBL_AB_SURBL 3.31, URIBL_JP_SURBL 3.36,
URIBL_OB_SURBL 2.62, URIBL_SBL 1.09, URIBL_SC_SURBL 3.60, URIBL_WS_SURBL
1.53)
Nov 13 07:35:50 cheviot51 MailScanner[5341]: Spam Actions: message
kAD7Zfvc005419 actions are deliver
Nov 13 07:35:53 cheviot51 sendmail[5498]: kAD7Zfvc005419:
to=<tim.johnson@northumbria.ac.uk>, delay=00:00:07, xdelay=00:00:01,
mailer=esmtp, pri=120611, relay=uhura.unn.ac.uk. [192.173.4.228],
dsn=2.0.0, stat=Sent (Submitted & queued (msg.09011-0))
--- cut here

>-----Original Message-----
>From: milters-bounce@milter.info 
>[mailto:milters-bounce@milter.info] On Behalf Of Anthony Howe
>Sent: 10 November 2006 16:58
>To: milters@milter.info
>Subject: [milters] Re: Milter-link whitelisting per recipient
>
>Removal...........: milters-request@milter.info?subject=remove
>More information..: http://www.milter.info/#Support
>--------------------------------------------------------
>
>Quentin Campbell wrote:
>> I relay for a domain, 'northumbria.ac.uk', and want all mail to that
>> site filtered by milter-link except for a recipient who needs to be
>> whitelisted. He has also requested whitelisting from the 
>DNSBL blocking
>> carried out by my Sendmail configuration.
>> 
>> In /etc/mail/access on cheviot51.ncl.ac.uk I thus have:
>> 
>> Connect:127.0.0.1               RELAY
>> # ...and to the domains we host
>> To:northumbria.ac.uk            RELAY
>> Connect:northumbria.ac.uk       RELAY
>> ...
>> milter-ahead-To:northumbria.ac.uk       SKIP
>> milter-ahead-Connect:northumbria.ac.uk  SKIP
>> milter-link-To:northumbria.ac.uk        SKIP
>> milter-link-Connect:northumbria.ac.uk   SKIP
>
>Looks fine.
>
>> Spam:Postmaster@northumbria.ac.uk       FRIEND
>> milter-link-To:Postmaster@northumbria.ac.uk     OK
>> # Added at request of Debbie 11/02/05
>> # Users want to receive mail from *.ja & *.kr domains
>> Spam:tim.johnson@northumbria.ac.uk      FRIEND
>> milter-link-To:tim.johnson@northumbria.ac.uk    OK
>
>Milter-link-to: would have found Spam:tim.johnson@northumbria.ac.uk 
>  FRIEND and used that anyway, but the above line should work too.
>
>> So my whitelisting of 'tim.johnson@northumbria.ac.uk' for 
>milter-link is
>> not operating as I expected. The permissions on 
>/etc/mail/access.db are:
>
>> What is wrong with the milter-link entries in my 'access' file?
>
>Best way to find out is turn on the debugging and fire a test through:
>
>	verbose=info,trace,db
>
>is what you want in order to see all the access.db lookups. Make sure 
>your syslog.conf allows mail.* or mail.debug in order to see the extra 
>logging.
>
>-- 
>Anthony C Howe          Skype: SirWumpus                    SnertSoft
>+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
>http://www.snert.com/     ICQ:
7116561      http://www.snertsoft.com/
>
>


Lists Index Date Thread Search