From: Anthony Howe
Date: 2007-04-29 04:13:27 -0400
Subject: Re: milter-null not rejecting or my access tags are incorrect
More information..: http://www.milter.info/#Support
Andy Druda wrote:
> I have a mail server we call mail-hub where user mail is collected and
> accessed by users via imap. I have a mail relay called smtp which uses
> a mailertable entry to send all mail for andy.edu to mail-hub.andy.edu.
Is this to say that all outbound mail passes through the server running
milter-null? It is important in order to filter bounce messages
correctly, that the outbound mail get correctly tagged, else the inbound
won't make sense.
> The relay serves no other domains. here is one set of access tags I
> milter-null-To: SKIP
> milter-null-From: SKIP
> milter-null-connect: SKIP
These three should be sufficient to prevent the sendmail tags from being
> With the first example above I can telnet 25 from my workstation inside
> my andy.edu class C and send an email from a username and the mail gets
> a null tag added (and the mail is delivered) but if I send from <> no
> null tag is added and the mail is also delivered. So far none of the
You misunderstand how it works. Outbound user mail has to be tagged.
Bounces messages generated by your server are not tagged (since they
will never come back to you). Bounce messages from other systems though
will be checked for the X-Null-Tag. There are two tests you can do:
1. From your station send mail via your smtp server to a bogus account,
like <firstname.lastname@example.org>. You should correctly receive the bounce message.
2. From a shell account outside you system, telnet to port 25 of your
server and send MAIL FROM:<> to your account. Use a copy of the Yahoo
bounce message you received above, REMOVING the X-Null-Tag: header from
the message body. It should be rejected.
If it is not, then there may be some problem in access.db
permission/ownership issues. Check the maillog when milter-null starts
up for errors. See the Notes section for recommended permissions.
> above access tag setups has ever rejected anything on a production system.
> my sendmail tags in access look like this:
> To:andy.edu RELAY
> xx.xx.xx RELAY #andy.edu class C
> 172.16 RELAY
> 172.17 RELAY
> 172.31 RELAY
> 192.168 RELAY
> 127.0.0.1 RELAY
Without the milter-null-* tags use said you tried way above, the above
sendmail entries would considered white list entries and simply pass
through. (This will change in the next release of LibSnert based on some
prior list discussions the other month.)
Anthony C Howe Skype: SirWumpus SnertSoft
+33 6 11 89 73 78 AIM: SirWumpus Sendmail Milter Solutions
http://www.snert.com/ ICQ: 7116561
Copyright 2009, 2012 by SnertSoft. All rights reserved.