[milters] Archive

Lists Index Date Thread Search

Article: 1642
From: Anthony Howe
Date: 2007-08-14 05:18:17 -0400
Subject: Re: milter-cli rules not working?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Kevin Kretz wrote:
> Removal...........: milters-request@milter.info?subject=remove
> More information..: http://www.milter.info/#Support
> --------------------------------------------------------
> 
> on 08/13/2007 02:31 PM Anthony Howe said the following:
>> Removal...........: milters-request@milter.info?subject=remove
>> More information..: http://www.milter.info/#Support
>> --------------------------------------------------------
>>
>> Kevin Kretz wrote:
>>   
>>> on 08/13/2007 01:26 PM Anthony Howe said the following:
>>>     
>>   
>>> Here's the actual cf file:
>>>
>>> +daemon
>>> verbose=debug

try

verbose=info,trace,db

to get more detailed output concerning access.db

>>> access-db=/etc/mail/cli-access.db
>>>     
>> Try
>>
>> access-db=db!/etc/mail/cli-access.db
>>   
> Aug 13 15:23:52 intmail-fw milter-cli[11939]: failed to open 
> "db!/etc/mail/cli-access.db"
> 
> 
> 
> I'll just take your advice and use the default /etc/mail/access.db.
> 
> I've got in the .cf file now:
> 
> access-db=/etc/mail/access.db
> 
> 
> and my access file is
> 
> 
> milter-cli-Connect:1.2.3.4                REJECT
> mywork.com      RELAY
> 
> 
> 
> but it still lets mail from client at 1.2.3.4 through:

Well that's normal. A blacklist entry for milter-cli has no effect, 
since the same can be achieved with sendmail and it's own access tags. 
You could reconfigure and recompile with the

	CFLAGS='-DENABLE_BLACKLIST' ./configure
	make clean build

The blacklisting facility was never available though it had been 
considered and rejected since the same could be achieved using a script 
or sendmail.

A white list entry however, will exclude a message from script processing.

Now using an envelope script you could do the combo rejection you wanted 
to do in access.db in your original message. For example:

---milter-cli.cf---

envelope-filter="/usr/bin/awk -f /etc/mail/envelope.awk"

---envelope.awk---
BEGIN {
	# Hope this is gawk.
	IGNORECASE = 1

	statusAccept	= 0
	statusTempfail	= 1
	statusReject	= 2
	statusDiscard 	= 3
	statusTag	= 4
	statusCopy	= 5
	statusRedirect	= 6

	exitStatus = statusReject

         nrClientIP      = 1
         nrClientName    = 2
         nrHELO          = 3
         nrMAIL          = 4
         nrMessageId     = 5
         nrFirstRCPT     = 6
}

NR == nrClientIP && /1.2.3.4/ {
	bad_ip = 1
}

NR >= nrFirstRCPT && /kevin@kretz.net/ {
	if (bad_ip)	
		exit(statusReject)
}
---

Other examples scripts are provided in the examples/ directory.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561      Sendmail Milter Solutions
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search