[milters] Archive

Lists Index Date Thread Search

Article: 1282
From: Quentin Campbell
Date: 2006-11-23 10:53:02 -0500
Subject: Re: Milter-link & size of VM

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

[snip]
>> I use in the access file on each gateway:
>> 
>> Connect:127.0.0.1               RELAY
>> Connect:10                      RELAY
>> Connect:127                     RELAY
>> Connect:128.240                 RELAY
>> milter-link-Connect:10          OK
>> milter-link-Connect:128.240     OK
>> 
>> to affect whitelisting for mail from local hosts on our 128.240.*.*
and
>> the 10.*.*.* networks. It normally works as expected. Those
milter-link
>> entries cannot be "trumped" by other lookups as these have the
highest
>> precedence in lookup order.
>
>Actually no. Typically, unless otherwise documented, the precedence 
>tends to reflect the lookup order from low to high SMTP states: 
>connection, MAIL, AUTH, RCPT; (AUTH will trump RCPT if matched or it 
>will in the next release from what I see in my code). Within each SMTP 
>state, the tag lookup order has its own high-to-low precedence starting

>with milter-NAME-tag: down to an untagged entry, depending on the SMTP 
>state.
>
>Also in milter-link's case it also has milter-link-body tag lookups
>that can reject on or ignore specified domains from lookups.
[snip]

Anthony

Thanks for the detailed reply. However I am now confused about what is
said when I re-RTFM (for milter-link/0.3):

--- (from milter-link/0.3 web page):
...
Access-db=/etc/mail/access.db
   ...
   milter-link-Connect:client-ip    value
   ...
All mail from this client-ip class is white-listed and excluded from
scanning...This allows you to white-list your network for mail sent
internally and off-site.
...
--- end web page extract

That is exactly what my "milter-link-Connect:10" entry was intended to
do for hosts on our 10.*.*.* network. 

I want to whitelist their messages from scanning by milter-link even if
I have other entries such as:

To:ncl.ac.uk                     RELAY
milter-link-To:ncl.ac.uk         SKIP
Connect:ncl.ac.uk                RELAY
milter-link-Connect:ncl.ac.uk    SKIP
 
which I need in order to relay for the "ncl.ac.uk" domain and to scan
with milter-link if not otherwise whitelisted (ie. messages coming in
from off-campus to recipients in the "ncl.ac.uk domain). 

However from what you say above then for messages from the 10 network
where the recipient addresses is in the "ncl.ac.uk" domain, at RCPT
stage (a higher SMTP state than "connect") the "milter-link-To:ncl.ac.uk
SKIP" entry above will undo the effect of the earlier
"milter-link-Connect:10 OK" whitelisting lookup.

Quentin 


Lists Index Date Thread Search