[milters] Archive

Lists Index Date Thread Search

Article: 1637
From: Kevin Kretz
Date: 2007-08-13 13:50:55 -0400
Subject: Re: milter-cli rules not working?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

on 08/13/2007 01:26 PM Anthony Howe said the following:
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
>
> Kevin Kretz wrote:
>   
>> My cf file is /etc/mail/cli-access.db.  I'm sure that milter-cli is 
>>     
>
> The cf file is NOT the access.db file. The former is configuration 
> options the latter access control. Are you talking the access-db option 
> or the file option?
>   
Sorry, I didn't mean the cf file.   It's the access-control file





>   
>> looking at the right file, because when I rename it, it complains:
>>
>>        Aug 13 11:48:54 intmail-fw milter-cli[11429]: open error hash 
>> "/etc/mail/cli-access.db": No such file or directory
>>     
>
> Please show the options in question you have changed.
>   

Here's the actual cf file:

+daemon
verbose=debug
access-db=/etc/mail/cli-access.db
#content-filter=/usr/local/bin/content_filter.sh
content-max-size=0
#envelope-filter=/usr/local/bin/envelope_filter.sh

It behaved the same way with or without the two filters configured.



>   
>> I'm connecting from a machine at IP (changed) 1.2.3.4 and am sending a 
>> test message from kevin@mywork.com (changed) to kevin@kretz.net.  I've 
>> tried the following cli-access tables:
>>     
>
> I'm assuming your /etc/mail/milter-cli.cf file has the following option 
> setting:
>
> access-db=/etc/mail/cli-access.db
>
> which is different from the default.
>
>   
>> milter-cli-Connect:1.2.3.4 REJECT
>> milter-cli-To:kretz.net              REJECT
>>
>> milter-cli-Connect:1.2.3.4 REJECT
>> milter-cli-To:kevin@kretz.net             REJECT
>>
>> milter-cli-Connect:1.2.3.4 REJECT
>> milter-cli-To:!*kevin@kretz.net*!               REJECT
>>     
>
> First multiple milter-cli-Connect:1.2.3.4 have no affect. They do not 
> work in combination with other tags (this has been a point of discussion 
> in a separate thread for a new set of tags to do combinations).
>   
That wasn't a single "cli-access" table, that was three different ones, 
each of which I've tried with the same result.




> Second this "milter-cli-To:!*kevin@kretz.net*! REJECT" will not work. 
> You want to say:
>
> milter-cli-To:kretz.net		!*kevin@kretz.net*!REJECT
>
> The left-hand-side can NOT specify a pattern, only the right-hand-side 
> can contain a list of pattern-action pairs and default.
>
>   
>> and none of those seem to reject a mail from client 1.2.3.4 to address 
>> kevin@kretz.net, though it does seem to recognize the 1.2.3.4 rule:
>>     
>
> Currently no way to do this combo.
>   

Well, shouldn't either of the Connect/To: rules in place (not the 
!*kevin@kretz.net*!) have REJECTed this message?










Lists Index Date Thread Search