Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

planned features, call for volunteers

2006-12-23 by manu@netbsd.org

Here are the next planned features for the CVS version. Feel free to
comment:

1) SMTP DATA stage ACL

We now have (in CVS) dacl rules, for ACL evaluated after the DATA stage.
Former acl rules have been renamed racl (for RCPT stage ACL). The acl
keyword still works for backward compatibility. 

DATA stage ACL cannot perform the greylist action, nor they can filter
on recipient.

Handling a rcpt clause in DATA stage ACL is not easy, because there can
be multiple recipients. And if we tempfail or reject at that stage, it's
done for all recipients at once: no way to reject for one recipient and
accept for another one.

How should such a rcpt clause work?  
dacl blacklist rcpt foo@...     
I guess it should match if foo@... is one of the recipients.

Is there any need for specifying a set of recipients? And how should
that be interpreted? Match if this is the exact set of recipient? Match
if it is a subset?

Performing the greylist action at DATA stage would mean inserting as
many tuples in the greylist database as we have recipients. I am not
convinced it would be a useful feature at all (feedback welcome here)


2) content filtering in DATA stage ACL
I think about a body clause:
dacl blacklist body "Subject: whatever" msg "I don't like your whatever"
As usual it would also accept regexps.

We could also check lengths: number of lines (lines keyword), number of
bytes (length keyword):
dacl blacklist lines 4000- msg "no more than 4000 lines"

Proposed syntax for lines and length values:
2000            exactly 2000 
2000-4000       between 2000 and 4000
4000-2000       Undefined behavior
2000-           More than 2000
-4000           Less than 4000


3) Time based filtering
We could specify time intervals and use them in ACL. I think about a
crontab(5)-like format specification: 
time "office" * 8-18 * 1,2,3,4,5

racl greylist time "office" delay 15m
racl greylist delay 1h

The time specification parsing will not be easy :-)


4) SPF, AUTH and STARTTLS integration in ACL
Example will tell more than a login explanation
racl whitelist spf
racl whitelist auth
racl whitelist starttls

I wonder if this is of some use, or if it's overkill: 
racl whitelist auth "login"
racl whitelist tls "cn=login,dc=example,dc=net"
 

5) delayedreject keyword in RCPT stage ACL
That would tell milter-greylist to await the DATA stage before
rejecting, just like we do for mail from <>
racl greylist rcpt "foo" delayedreject

Problem with that feature: what about multiple recipients? If one
recipient is whitelisted, and a second one is greylisted with
delayedreject, what should happen?

  
And now, the call for volunteers: Writing good docs takes time. Help
would really be appreciated here. As we add flexibility to the ACL, the
man page got more and more confusing. Anyone would like to work on
greylist.conf(5) and README?
 
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.