[milters] Archive

Lists Index Date Thread Search

Article: 1019
From: Andrew Lyon
Date: 2010-08-24 10:11:45 -0400
Subject: Re: milter-spamc/sender Connect:ip whitelist not working

On Tue, Aug 24, 2010 at 2:44 PM, Anthony Howe <achowe@snert.com> wrote:
> On 24/08/2010 14:42, Andrew Lyon whispered from the shadows...:
>> Hi,
>>
>> I have whitelisted the ip address of one of my servers which needs to
>> bypass all milter checks, I expected that milter-sender and spamc
>> would then allow that host to send messages without any filtering, but
>> the access entry doesn't seem to have any effect.
>>
>> I've tried:
>>
>> x.x.x.x OK
>
> Note that untagged entries have long since been deprecated by Sendmail.
> So don't you should not rely on them as they may disappear any time. If
> you really want to continue with them and depending on the version of
> libsnert, see configure option --enable-access-tagless.

Understood.

>
>> Connect:x.x.x.x OK
>> milter-sender-Connect:x.x.x.x OK
>
> Either of these should work.

They do.

>
> milter-sender connect white listing should work, but for milter-spamc,
> that code may missing (long story).
>
> Quick solution is in milter-spamc.c (version 1.15) after line 445 (which
> should be within a switch statement) insert:
>
> args[0]);
>
> (Note not tested.)
>
>> Rebuilt access.db but when I connect from that ip the usual callback
>> checks are applied.
>
> How is the access.db rebuilt exactly? This might influence the milter's
> ability to detect the update.
>
> http://www.snertsoft.info/lists/article.php?l=milters&d=2005-09&f=722
>
> Make sure to use only "overwrite in place".
>

access-db is rebuilt on one machine and then pushed to the backup mx using scp.

>> What is the correct method to exclude an ip address from all milter
>> and sendmail filtering?
>
> For example milter-sender and milter-spamc should both pick up:
>
>
> Assume the connecting host is 192.0.2.1. Alternatively
>
>
> Are equivalent to the first one, though they have higher priority than
> Connect:
>
> Restart one of the milters with verbose=info,db to see the series of
> access.db lookups made. Its very verbose. Note that you need to make
> sure that your maillog is configured for debug level output or that you
> direct debug level output to a separate file.

OK.

>
> 1. Edit /etc/syslog.conf,
>
> 2. a) either add
>
>
> You might need to "touch /var/log/maillog.debug" first.
>
> 2. b) or replace
>
> with
>
> 3. Save.
>
> 4. Then pkill -HUP syslogd.
>
> Personally I like option b) since then I have the sendmail log lines
> interweaved with the milter's. But for temporary debugging, option a) is
> probably wiser for high-volume machines.
>
> --
>


Lists Index Date Thread Search