From: Anthony Howe
Date: 2006-11-15 09:38:23 -0500
Subject: Re: Milter-link whitelisting per recipient problem

Quentin Campbell wrote:
> Nov 15 09:05:03 cheviot51 milter-link[14377]: 05257 kAF94pQO016299:
> filterRcpt(b3701798, 88795a8) RCPT='<barbara.tully@northumbria.ac.uk>'

Where are the access.db lookups for <barbara.tully@northumbria.ac.uk>? 
 From further below it seemed that you had verbose=info,trace,db  There 
is A LOT more access.db related output for the connection, MAIL, and 
RCPT that doesn't appear here. These additional lookups should show 
whether it finds the Spam:barbara.tully@northumbria.ac.uk FRIEND entry 
or not.

> Nov 15 09:05:03 cheviot51 milter-link[14377]: 05257 kAF94pQO016299:
> "barbara.tully@northumbria.ac.uk" default action SKIP

Hmm. If it had found the white list entry, it would be OK instead

> Nov 15 09:05:04 cheviot51 sendmail[16299]: kAF94pQO016299:
> ruleset=check_rcpt, arg1=<are.gxthrie@northumbria.ac.uk>,
> relay=cpc2-belc2-0-0-cust615.belf.cable.ntl.com [],
> reject=550 5.7.1 <are.gxthrie@northumbria.ac.uk>... Rejected:
> listed at sbl-xbl.spamhaus.org; see
> http://www.ncl.ac.uk/iss/email/reject.html

sendmail BL check rejected the IP.

> # Check the /usr/share/doc/sendmail/README.cf file for a description
> # of the format of this file. (search for access_db in that file)
> # The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
> # package.
> ##
> ## Default entries for NorMAN gateway hosts
> ##
> # By default we allow relaying from localhost...
> Connect:localhost.localdomain   RELAY
> Connect:localhost               RELAY

Remove the above to lines. Can be abused by spammers though DNS tricks.

> Connect:               RELAY

> milter-link-To:northumbria.ac.uk        SKIP
> milter-link-Connect:northumbria.ac.uk   SKIP 

> Spam:barbara.tully@northumbria.ac.uk    FRIEND
> Spam:barbara.tully@unn.ac.uk            FRIEND
> #milter-link-To:barbara.tully@northumbria.ac.uk OK
> #milter-link-To:barbara.tully@unn.ac.uk         OK

Most odd. I'll have to test on my server to see if something relate to 
Spam: is broken. Its common code in libsnert used by all the milters, so 
if its broken it should be easy to find in any of my milters.

