Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

2.0b2 - domain acl's not working?

2005-03-09 by Matt Kettler

First, I know this is a beta, so I understand if there's a bug in this 
release. However I would like to at least make sure I'm not doing something 
wrong or foolish.

Scenario: I'm in a situation where I can't blanket greylist all email in 
the network, because of the delay. This is a business, and we generaly work 
better when our email runs reasonably fast. I greylist my own account, and 
I've had some sites take several hours to retry despite my using a 1 minute 
greylist delay.

I'm also hesitant to use much in the way of RBLs, due to the occasional 
false listing.

So, what I'd like to do is use milter-greylist as a form of "soft" RBL, 
where only mail from certain domain names gets subjected to greylisting.

I wrote some regexes to try to only greylist end-user nodes of certain 
networks. For example this one:

acl greylist domain /pcp.*\...\.comcast\.net/

This targets the naming convention comcast uses for cablemodem subscriber 
PC's which are along the format of:
	pcp00########pcs.howard01.md.comcast.net

I use all this with a "acl whitelist default" at the end of my 
greylist.conf, and I've made sure that I have no old-syntax statements in 
my greylist.conf.

Here's a quick grep for lines that do not contain "acl", have at least one 
character on them, and removing those that are comments:
	$grep -v "acl" greylist.conf |grep . |grep -v ^\#
	greylist 1m
	autowhite 5d
	nospf

So there's no old pre-acl syntax in the file.

Unfortunately, when I add the domain ACL to my greylist, ALL email starts 
getting greylisted unless previously whitelisted. Even hosts that have no 
resemblance to the regex like:

Mar  9 15:52:08 xanadu milter-greylist: j29Kq82X00xxx: addr 64.4.56.40 from 
<xxxxxx@...> to <xxxxxxxx@...> delayed for 00:01:00

	$host 64.4.56.40
	40.56.4.64.in-addr.arpa domain name pointer bay101-f30.bay101.hotmail.com.


Disabling the line and restarting milter-greylist clears the problem back up.

Mar  9 15:53:29 xanadu milter-greylist: j29KrT2X022xxx: skipping greylist 
because this is the default action, 
(from=<xxxxx@...>,rcpt=<xxxxx@...>, addr=64.4.56.40)


What's going on? Is there some bug where domain lookups aren't working right?

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.