From: Steve Freegard
Date: 2007-01-08 14:47:55 -0500
Subject: Whitelisting on RELAY entries in access-map
More information..: http://www.milter.info/#Support
I wanted to bring up a general point that is common to all Snert milters
to see what others thought about this.
Currently all the milters treat a 'RELAY' entry in the access-map as >
OK == whitelist - this is fine for the most part, but on occasion it
leads to undesired results.
For example - I prefer putting domains that I relay for into the
access-map with a tagged 'To' entry as I can avoid the necessary restart
required if I were to put them into the 'relay-domains' file. For example:
However - this will then mean that the Snert milters will whitelist all
message to this domain, definitely not what I intended.
I was wondering what other people think about this and whether or not
there might be a better way to deal with this. Note that putting:
Does cure the problem, but that means that all tagged 'To' entries will
be ignored, not just the RELAY result.
Other examples where this can be problematic - consider that you use
milter-link and allow some machines to relay through you but the
machines could easily become infected, you have:
In your access-map, this results in the host being whitelisted through
Maybe it should be considered to optionally ignore RELAY entries and
require that if this functionality is required, then a specific tag is
used instead e.g.:
Or a generic tag for all the Snert milters e.g.
Copyright 2009, 2012 by SnertSoft. All rights reserved.