[milters] Archive

Lists Index Date Thread Search

Article: 1247
From: Anthony Howe
Date: 2006-11-13 04:16:27 -0500
Subject: Re: Milter-link whitelisting per recipient

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Quentin Campbell wrote:
> The symtoms I described in my original message applied to a set of
> recipient mail addresses on one set of three gateways. The same symptoms
> (ie. failure to whitelist) also occurred at the same time on a different
> set of eight gateways that require milter-link to whitelist on source IP
> address.

Is this a problem in the copying of the access file to each machine 
followed by a subsequent rebuild of access.db. As previous mentioned in 
another thread "Re: ...failed to open "/etc/mail/access.db":
Permission" 
about the difference between "create then move" vs "overwrite". If you

are generating the access.db on one machine and copying that to other 
machines then this is just another instance of the "create then move" 
problem. If you copy the access source file to each machine, which in 
turn regenerates a local access.db, then that should work.

> On the other, larger set of gateways, the /etc/mail/access.db file is
> rebuilt from source that changes almost every day with various changes
> for relaying and whitelisting being added/removed by script.

Which file is copied: the access source file or the resulting access.db 
file?

> I also note the recent message from Richard@golivenet.com who commented
> that milter-link does not work when 'delay_checks' is enabled in
> Sendmail. What is the issue here? We of course have this enabled as 
> 
> FEATURE(`delay_checks',`friend')dnl
> 
> in order for 'Spam:... FRIENDS' to work. For at least most of the time
> the whitelisting in milter-link has worked OK with that.

The sendmail milter API is such that all milters, not just SnertSoft 
milter, do not recognise FEATURE(`delay_checks'). Milters are not under 
the control of sendmail rulesets and execute in step with the SMTP 
protocol. A milter would have to be explicitly designed to behave as 
though FEATURE(`delay_checks') were enabled or have some option to 
behave that way.

Now my milters under things like Spam: FRIEND and Spam: HATER and the 
various other sendmail tags and untagged variants in an effort to 
simplify black/white listing and centralise the information.

I have some new features coming in the next round of updates that may 
help improved the means by which information is distributed. For example 
extended socket map support, ie. have all SnertSoft milters and even 
sendmail consult a socket map server that is a front end that reads the 
access.db, an LDAP, or SQL database. Its one possible solution.


> filterRcpt(8944070, 89449f8) RCPT='<tim.johnson@northumbria.ac.uk>'
> Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
> "tim.johnson@northumbria.ac.uk" default action OK
> Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
> recipient <tim.johnson@northumbria.ac.uk> OK

Recipient white list indicated by "OK".

> Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419:
> filterBody(89 http://sweethear...', 29)
> Nov 13 07:35:46 cheviot51 milter-link[5007]: 00064 kAD7Zfvc005419: white
> listed, skipping

Looks good here; message was white listed and skipped.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561
     http://www.snertsoft.com/

Lists Index Date Thread Search