[milters] Archive

Lists Index Date Thread Search

Article: 1488
From: Anthony Howe
Date: 2007-03-09 15:03:18 -0500
Subject: Re: Feedback desired about black / white listing support.

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Ren=C3=A9 Berber wrote:
> Anthony Howe wrote:
>> b) Revisit support for sendmail's Connect:, From:, To:, and Spam: tags=

>> which are currently used for global B/W behaviour in my milters.
>> =3D20
>> c) Related to b) revisit what RHS values are supported? Should RELAY
>> white list or be ignored?
>=20
> RELAY is the most general form of whitelist, why ignore? makes no sense=
 t=3D
> o ignore.

Steve Freegard is away just now and would be the best if he argues this=20
case.

By definition in sendmail's cf/README, RELAY is equal to OK plus relay=20
and so is currently treated as white list entry. Steve's argument is=20
that in many cases you want to relay, but still filter a message before=20
relaying it. Because of the current B/W design, many sites would end up=20
passing mail marked as RELAY without any filtering applied. So in order=20
to get the correct behaviour you have to add a lot of milter-NAME-TYPE:=20
SKIP tags or similar. When you have one milter, this is not too=20
burdensome, but as you add more milters, maintenance of the access.db=20
becomes an issue.

I suppose the real question concerning my milters is what is the most=20
common default _expectation_ of how RELAY should be applied w.r.t. milter=
s?

    white list and pass through (current & technically literal design)
or
    filter before relay


>> e) Consider new tags to provide delay-check like behaviour with combo
>> lookups, ie. Connect:From:, Connect:Auth:, Connect:To:, From:To: I hav=
e=3D
>=20
>> a very long brain storm mail about this from a private discussion to=3D=
20
>> post later about this.
>=20
> I like this one, the lack of logical operators in Sendmail's access is =
so=3D
> mething
> we stumble sometimes, this "combo" will act as a logical AND so it is a=
 s=3D
> tep in
> the right direction.

Yes, but at the sake of more access.db lookups which could be a=20
performance issues on high volume sites. Does the feature warrant the=20
extra overhead?

--=20
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561
     http://www.snertsoft.com/


Lists Index Date Thread Search