[milters] Archive

Lists Index Date Thread Search

Article: 1014
From: Andrew Lyon
Date: 2010-08-24 09:38:05 -0400
Subject: Re: milter-spamc/sender Connect:ip whitelist not working

On Tue, Aug 24, 2010 at 1:42 PM, Andrew Lyon <andrew.lyon@gmail.com> wrote:
> Hi,
>
> I have whitelisted the ip address of one of my servers which needs to
> bypass all milter checks, I expected that milter-sender and spamc
> would then allow that host to send messages without any filtering, but
> the access entry doesn't seem to have any effect.
>
> I've tried:
>
> x.x.x.x OK
> Connect:x.x.x.x OK
> milter-sender-Connect:x.x.x.x OK
>
> Rebuilt access.db but when I connect from that ip the usual callback
> checks are applied.
>
> What is the correct method to exclude an ip address from all milter
> and sendmail filtering?
>
> Andy
>

I added database to the milter Verbose setting and I can see the
connecting hostname being looked up and access.db returns RELAY:

Aug 24 14:18:02 mailsvr1 milter-sender[27550]: map="access"
key=29:"connect:soapstone.yuri.org.uk" value="RELAY"

So I would expect that no more filtering would take place, but when I
deliberately attempt to send mail from a non existent sender address
milter-sender does the usual callback verification:

Aug 24 14:18:53 jos-gl1 milter-sender[27550]: 00002 o7ODHgq6027564:
trying MX 5 'gmail-smtp-in.l.google.com.' [74.125.79.27] for
<kjashdjkaskdhasdhajkh1312631236786263@gmail.com>

If I change RELAY to OK then the milter is bypassed, but the host cannot relay.

The only method that seems to allow bypassing the milter and relay is
to whitelist like this:

milter-sender-Connect:soapstone.yuri.org.uk   OK
Connect:soapstone.yuri.org.uk   RELAY

Is this expected behaviour?

Andy

Lists Index Date Thread Search