At 04:56 PM 3/9/2005, manu@... wrote:
>Matt Kettler <mkettler@...> wrote:
>
> > What's going on? Is there some bug where domain lookups aren't working
> right?
>
>milter-greylist doesn't do any DNS lookup (except for SPF). The resolved
>peer name is handed by sendmail.
>
>Let's debug that. In the beginning of acl.c:acl_filter(), add a
>syslog(LOG_DEBUG, "hostname = \"%s\"", hostname);
>
>Then in the block of if (acl->a_domain_re != NULL), you can add syslog
>statements to check the code path: does the regex matches or not?
This is really ODD.. I added a debug to every case in the switch...
Mar 9 17:22:13 xanadu milter-greylist: acl_filter hostname =
"[222.62.149.123]"
Mar 9 17:22:13 xanadu milter-greylist: j29MM62X026578: addr 222.62.149.123
from <xxxxx@...> to <xxxx@...> delayed for
00:01:00
None of the rules are matching, but it's being greylisted...
Here's my diff for acl.c so you can check what I added:
$ diff -u acl.c.orig acl.c
--- acl.c.orig 2005-03-09 17:11:32.000000000 -0500
+++ acl.c 2005-03-09 17:21:09.000000000 -0500
@@ -430,6 +430,8 @@
ACL_RDLOCK;
+ syslog(LOG_DEBUG, "acl_filter hostname = \"%s\"", hostname);
+
match = 0;
retval = 0;
TAILQ_FOREACH(acl, &acl_head, a_list) {
@@ -438,7 +440,10 @@
if (acl->a_addr != NULL) {
if (ip_match(sa, acl->a_addr, acl->a_mask))
+ {
+ syslog(LOG_DEBUG, "acl_filter match by
ip_match");
retval |= EXF_ADDR;
+ }
else {
match = 0;
continue;
@@ -447,7 +452,10 @@
if (acl->a_domain != NULL) {
/* Use emailcmp even if it's not an e-mail */
if (emailcmp(hostname, acl->a_domain) == 0)
+ {
+ syslog(LOG_DEBUG, "acl_filter match by
hostname emailcmp");
retval |= EXF_DOMAIN;
+ }
else {
match = 0;
continue;
@@ -456,7 +464,10 @@
if (acl->a_domain_re != NULL) {
if (regexec(acl->a_domain_re,
hostname, 0, NULL, 0) == 0)
+ {
+ syslog(LOG_DEBUG, "acl_filter match by
hostname regex");
retval |= EXF_DOMAIN;
+ }
else {
match = 0;
continue;
@@ -465,6 +476,7 @@
if (acl->a_from != NULL) {
if (emailcmp(from, acl->a_from) == 0) {
retval |= EXF_FROM;
+ syslog(LOG_DEBUG, "acl_filter match by from
address emailcmp");
} else {
match = 0;
continue;
@@ -472,6 +484,7 @@
}
if (acl->a_from_re != NULL) {
if (regexec(acl->a_from_re, from, 0, NULL, 0) == 0) {
+ syslog(LOG_DEBUG, "acl_filter match by from
address regex");
retval |= EXF_FROM;
} else {
match = 0;
@@ -480,6 +493,7 @@
}
if (acl->a_rcpt != NULL) {
if (emailcmp(rcpt, acl->a_rcpt) == 0) {
+ syslog(LOG_DEBUG, "acl_filter match by rcpt
address emailcmp");
retval |= EXF_RCPT;
} else {
match = 0;
@@ -488,6 +502,7 @@
}
if (acl->a_rcpt_re != NULL) {
if (regexec(acl->a_rcpt_re, rcpt, 0, NULL, 0) == 0) {
+ syslog(LOG_DEBUG, "acl_filter match by
rcmpt address regex");
retval |= EXF_RCPT;
} else {
match = 0;Message
Re: [milter-greylist] 2.0b2 - domain acl's not working?
2005-03-09 by Matt Kettler