Milter-greylist

Hi

I user per-recipient settings, where each user can choose the level of
tiltering: nothing, greylisting for 15 minutes, using DNSRBL, and so on.

For now, users ask for various filtering levels, and the milter-greylist
configuration file is modified to satisfy their requests. 

It would be better to pull the per-recipient info from a centralized 
database that users could modify on their own: it would save admin
time.

LDAP seems a good candidate for the database.

Are there some experienced LDAP users here? How would you fit the
filtering level attribute in the database? How do you imagine the 
config file syntax to specify the use of the LDAP directory?

I imagine something like this:
ldap "ldap1" "ldaps://ldap.example.net" "mail=%s,dc=example,dc=net" \
    "cn=user,dc=example,dc=net" "greylist_level" "level 1" \
    "/etc/mail/greylist.crt" "/etc/mail/greylist.key"

acl greylist rcpt_ldap "ldap1" greylist 15m
acl whitelist default

With ldap statement arguments being:
	"ldap1" name of the config referenced later in the file
	"ldaps://ldap.example.net" URI of the server
	"mail=%s,dc=example,dc=net" filter, %s is replaced by rcpt e-mail.
	"cn=user,dc=example,dc=net" name used for connecting to the server
	"greylist_level" the attribute to look up
	"level 1" the value we look for a match
	"/etc/mail/greylist.crt" certificate (optional)
	"/etc/mail/greylist.key" key (optionnal)

But that looks a bit overkill (well, I assume it can't be otherwise with
LDAP)...

Or are there other good ways of handling the issue?

-- 
Emmanuel Dreyfus
manu@...