[milters] Archive

Lists Index Date Thread Search

Article: 1639
From: Kevin Kretz
Date: 2007-08-13 15:40:41 -0400
Subject: Re: milter-cli rules not working?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

on 08/13/2007 02:31 PM Anthony Howe said the following:
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
>
> Kevin Kretz wrote:
>   
>> on 08/13/2007 01:26 PM Anthony Howe said the following:
>>     
>
>   
>> Here's the actual cf file:
>>
>> +daemon
>> verbose=debug
>> access-db=/etc/mail/cli-access.db
>>     
>
> Try
>
> access-db=db!/etc/mail/cli-access.db
>   
Aug 13 15:23:52 intmail-fw milter-cli[11939]: failed to open 
"db!/etc/mail/cli-access.db"



I'll just take your advice and use the default /etc/mail/access.db.

I've got in the .cf file now:

access-db=/etc/mail/access.db


and my access file is


milter-cli-Connect:1.2.3.4                REJECT
mywork.com      RELAY



but it still lets mail from client at 1.2.3.4 through:

Aug 13 15:39:36 intmail-fw milter-cli[12130]: milter-cli/0.15.40 
Copyright 2005, 2007 by Anthony Howe. All rights reserved.
Aug 13 15:39:36 intmail-fw milter-cli[12130]: LibSnert/1.64.904 
Copyright 1996, 2007 by Anthony Howe. All rights reserved.
Aug 13 15:39:36 intmail-fw milter-cli[12130]: libmilter version 1.0.0
Aug 13 15:39:36 intmail-fw milter-cli[12130]: Sleepycat Software: 
Berkeley DB 4.3.29: (June 16, 2006)
Aug 13 15:39:39 intmail-fw milter-cli[12130]: 00001 NOQUEUE: enter 
smfAccessClient(80c3ac8, milter-cli-connect:, greatdane.mywork.com, 
1.2.3.4, 0, 0)
Aug 13 15:39:39 intmail-fw milter-cli[12130]: 00001 NOQUEUE: enter 
smfAccessPattern(80c3ac8, "1.2.3.4", "REJECT...", 0)
Aug 13 15:39:39 intmail-fw milter-cli[12130]: 00001 NOQUEUE: pin="REJECT..."
Aug 13 15:39:39 intmail-fw milter-cli[12130]: j7DJdd1213049cf mail=<> ok
Aug 13 15:39:39 intmail-fw milter-cli[12130]: 00001 NOQUEUE: exit  
smfAccessPattern(80c3ac8, "1.2.3.4", "REJECT...", 0) rc=J action=''
Aug 13 15:39:39 intmail-fw milter-cli[12130]: 00001 NOQUEUE: exit  
smfAccessClient(80c3ac8, milter-cli-connect:, greatdane.mywork.com, 
1.2.3.4, 0, 0) access=74
Aug 13 15:39:44 intmail-fw milter-cli[12130]: 00001 l7DJddpX012137: 
enter smfAccessPattern(80c3ac8, "kevin@mywork.com", "(NULL)...", 0)
Aug 13 15:39:44 intmail-fw milter-cli[12130]: 00001 l7DJddpX012137: 
exit  smfAccessPattern(80c3ac8, "kevin@mywork.com", "(NULL)...", 0)
rc=_ 
action=''
Aug 13 15:39:44 intmail-fw milter-cli[12130]: 00001 l7DJddpX012137: 
enter smfAccessPattern(80c3ac8, "kevin@kretz.net", "(NULL)...", 0)
Aug 13 15:39:44 intmail-fw milter-cli[12130]: 00001 l7DJddpX012137: 
exit  smfAccessPattern(80c3ac8, "kevin@kretz.net", "(NULL)...", 0)
rc=_ 
action=''
Aug 13 15:39:44 intmail-fw sendmail[12137]: l7DJddpX012137: from="Kevin 
Kretz"<kevin@mywork.com>, size=32, class=0, nrcpts=1, 
msgid=<200708131939.l7DJddpX012137@intmail-fw.mywork.com>, proto=ESMTP, 
daemon=MTA, relay=greatdane.mywork.com [1.2.3.4]
Aug 13 15:39:44 intmail-fw sendmail[12141]: STARTTLS=client, 
relay=[10.10.10.10], version=TLSv1/SSLv3, verify=FAIL, 
cipher=DHE-RSA-AES256-SHA, bits=256/256
Aug 13 15:39:45 intmail-fw sendmail[12141]: l7DJddpX012137: 
to="Kevin"<kevin@kretz.net>, delay=00:00:01, xdelay=00:00:01, 
mailer=esmtp, pri=120032, relay=[10.10.10.10] [10.10.10.10], dsn=2.0.0, 
stat=Sent (l7DJd6s6006200 Message accepted for delivery)



>
> 2. The access-db mappings have a precedence order. milter-cli-* tags 
> have highest precedence. The documentation shows the precedence order 
> within each SMTP state, though "milter-cli-Connect:1.2.3.4 REJECT" would 
> have rejected, but the problem is in the access-db specification since 
> it could not read your access.db file to start with


Now that I've got milter-cli pointed to a single access database, which 
contains "milter-cli-Connect:1.2.3.4 REJECT", shouldn't that mail have 
been rejected?


BTW, thank you so much for your assistance.




Lists Index Date Thread Search