Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] external config source and ACL

2006-01-11 by Marek Wodzinski

On Wed, 11 Jan 2006, manu@... wrote:

> Well the idea to merge poprelayd with ACL is to tell milter-greylist to
> check poprelayd only for some users (or IP, or whatever the ACL allows)
>
> For now we have an addr keyword to match an IP against the ACL argument:
> acl whitelist addr 10.0.0.8/24 rcpt toto@...
>
> We could have lines like this:
> acl whitelist addr bdb "/foo/bar.db" rcpt toto@...
>
> This would tell milter-greylist to whitelist if the sender IP address is
> in DB file "/foo/bar" and recipient is toto@...
>
> While we are there, we could also have flat files:
> acl whitelist addr file "/foo/bar.txt" rcpt toto@...
>
> And we could do it for other keywords:
> acl whitelist rcpt file "recipients.txt"
>
> And we could also have support for checking against a DNSRBL:
> acl greylist addr dns "dnsrbl.example.net"

Good idea. It's a first step to:
acl whitelist addr sql ... :-)

Suggestion: macro (or something else) to make this kind of constructions 
possible:
acl whitelist from bdb "${rcpt}.db"
so, we can check in only one line, if someone from address is in whitelist 
database for specific recipient.

> Of course in order to get decent performances, we should build a list of
> external config sources (bdb, file...) when parsing the ACL, and check
> addr, domain, rcpt and from against all the sources before evaluating
> the ACL.

hmmm...
This will make all things slow (in my opinion). I think that better will 
be fast partial evaluation of acl (is it already done?) and runtime 
checking.
I mean:
acl whitelist addr file "/foo/bar.txt" rcpt toto@...
This will check addr in file and if match occurs, then check recipient.
But for speed-up of evaluation of acl we can write:
acl whitelist rcpt toto@... addr file "/foo/bar.txt"
So, for addresses other than toto@... we don't have to check 
this external file.

And to avoid multiple query to one external database, there should be 
implemented some kind of cache...


This is my 3 cents...
I'm using milter-greylist for about half a year in production server and 
generating config for every client with his own whitelist isn't what I
like...
But, this despite of this - very good job!


Regards

Marek Wodzinski
-- 
"If you want something done...do yourself!"
Jean-Baptiste Emmanuel Zorg

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.