From: Anthony Howe
Date: 2010-08-24 09:44:38 -0400
Subject: Re: milter-spamc/sender Connect:ip whitelist not working
On 24/08/2010 14:42, Andrew Lyon whispered from the shadows...:
> I have whitelisted the ip address of one of my servers which needs to
> bypass all milter checks, I expected that milter-sender and spamc
> would then allow that host to send messages without any filtering, but
> the access entry doesn't seem to have any effect.
> I've tried:
> x.x.x.x OK
Note that untagged entries have long since been deprecated by Sendmail.
So don't you should not rely on them as they may disappear any time. If
you really want to continue with them and depending on the version of
libsnert, see configure option --enable-access-tagless.
> Connect:x.x.x.x OK
> milter-sender-Connect:x.x.x.x OK
Either of these should work.
milter-sender connect white listing should work, but for milter-spamc,
that code may missing (long story).
Quick solution is in milter-spamc.c (version 1.15) after line 445 (which
should be within a switch statement) insert:
smfLog(SMF_LOG_TRACE, TAG_FORMAT "sender %s white listed", TAG_ARGS,
(Note not tested.)
> Rebuilt access.db but when I connect from that ip the usual callback
> checks are applied.
How is the access.db rebuilt exactly? This might influence the milter's
ability to detect the update.
Make sure to use only "overwrite in place".
> What is the correct method to exclude an ip address from all milter
> and sendmail filtering?
For example milter-sender and milter-spamc should both pick up:
Assume the connecting host is 192.0.2.1. Alternatively
Are equivalent to the first one, though they have higher priority than
Restart one of the milters with verbose=info,db to see the series of
access.db lookups made. Its very verbose. Note that you need to make
sure that your maillog is configured for debug level output or that you
direct debug level output to a separate file.
1. Edit /etc/syslog.conf,
2. a) either add
You might need to "touch /var/log/maillog.debug" first.
2. b) or replace
4. Then pkill -HUP syslogd.
Personally I like option b) since then I have the sendmail log lines
interweaved with the milter's. But for temporary debugging, option a) is
probably wiser for high-volume machines.
Anthony C Howe Skype: SirWumpus SnertSoft
+33 6 11 89 73 78 Twitter: SirWumpus BarricadeMX & Milters
http://snert.com/ http://nanozen.info/ http://snertsoft.com/
Copyright 2009, 2012 by SnertSoft. All rights reserved.