Milter-greylist

> 4) SPF, AUTH and STARTTLS integration in ACL
> Example will tell more than a login explanation
> racl whitelist spf

I'm not sure if this has already been dealt with, but the mechanisms
in 3.0 for dealing with mail farms by whitelisting them, be it based
on IP or SPF, seems a misfeature to me. There's no guarantee that just
because mail comes from a farm that it is not spam, and in fact
there's a good chance that an SPF-compliant source is not well-behaved...

http://www.theregister.co.uk/2004/09/03/email_authentication_spam/

I'm already seeing spam come through the milter because it's SPF
compliant or because it's from a whitelisted mail farm IP.

Anyway, the right solution, I think, is something closer to the CIDR
mask idea; equivalence classes of IPs and a change in the code that
looks up IPs in the greylist so that the comparison is on this equivalence
instead of identity.

All that's needed is an extra bit of syntax in the config file like

equivalent { ... }

where "..." is a list of IPs with optional masks. For each such list
the conf loader generates a unique ID to stand for all the addresses in
the list, and the ACL code can do its stuff based on this ID instead of
the IP.

It'd be easy to use a global assocative array for this with the address
being the key and the class ID being the value. You can then sanity check
the equivalence classes by making sure no address is duplicated
(masked addresses might need to be enumerated).

Has something like this been done or planned?

Cheers,

	- Joel