Milter-greylist

On Mon, Aug 21, 2006 at 11:37:13PM +0900, AIDA Shinra wrote:
> 1. may_be_forged ACL condition
> http://www.j10n.org/files/milter-greylist-3.0a2-step1.patch
> 
> When a client has bogus reverse DNS, that is, IP -> PTR -> A != IP,
> sendmail sets {client_resolve} macro to FORGED. This patch implements
> ACL condition to take advantage of it. You need to add
> {client_resolve} into Milter.macros.connect. Example:
> acl blacklist domain /.*\.info/ may_be_forged
> acl greylist may_be_forged

I had an idea about this: what about allowing random macros to be checked,
instead of just this particular one? I think about such a syntax:
sm_macro "may_be_forged" "{client_resolve}" "FORGED"
acl blacklist domain /.*\.info/ sm_macro "may_be_forged"

It would bring much more flexibility, as any sendmail setting could be 
used in the ACL. For instance, someone asked for a sendmail bound to 
multiple IP with a different milter-greylist configuration for each IP.
Using the if_addr macro in the ACL would allow that:

sm_macro "ip1" "{if_addr}" "192.0.2.3"
sm_macro "ip2" "{if_addr}" "192.0.2.4"
acl whitelist sm_macro "ip1"
acl greylist sm_macro "ip2" delay 15m autowhite 3d

Likewise, SMTP AUTH status could be used in the ACL just by checking
{auth_authen}.

I wonder if going further is of any interest: should we support regexp for
the macro value? lists of sm_macros? Anyone sees an usage for that? Here is an 
example of macro + list that we could support:

sm_macro "may_be_forged" "{client_resolve}" "FORGED"
sm_macro "blacklist" "{blacklist}" "BLACK"
list "bad_macros" sm_macro { "may_be_forged" "blacklist" }
acl blacklist domain /.*\.info/ list "bad_macros"

Any comment?

-- 
Emmanuel Dreyfus
manu@...