Article: 1667
From: Anthony Howe
Date: 2007-08-31 08:19:07 -0400
Subject: Re: Milter-ahead and milter-gris. Using the access

DAve wrote:
> OK, had a few internal things to sort out, but it is working and now I 
> am really confused. My access file looks like so,
> Connect:10.0.241.	OK

No trailing dot when matching parts of an IP address.

Connect:10.0.241	OK

> milter-gris-Connect:	OK

This white lists EVERYTHING through milter-gris. Since your original 
Connect line was specified incorrectly, that would explain the problem 
as to why no white list entry was found.

This could be diagnosed by increasing the log output with:


The verbose=db show all the access DB lookups and you would see that no 
match is being found. It would also clarify the lookup sequence. Please 
note though on a busy server this generates LOTS of output.

> OK RELAY = yes, affirmative

RELAY was change in libsnert 1.64 to be ignored by default (sort of like 
SKIP). To restore previous behaviour specify +smdb-relay-ok. From 

    +	Added smdb-relay-ok option. When enabled, a right hand side
    	access.db value of RELAY will be treated the same as a white
    	list OK value, which is technical correct according to the
    	sendmail definition. However, some sites want to "filter before
    	relay" and so do not want to treat RELAY as a white list entry.

> REJECT ERROR = no, negative
> SKIP = continue

SKIP in C or Perl speak would be more equivalent to "break" loop 
statement, ie. it stops any further access.db lookups for the current 
token. It is a form of short circuit word. See the sendmail cf/README 
for their original terse description.

