Milter-greylist

Kai Schaetzl <maillists@...> wrote:

> The basic install just went flawless and there was no problem to keep
> going with the existing greylist.conf. So, many thanks for making this
> upgrade process as perfect as it can be.

Thank you for noticing. I take great care at making this software
sysadmin-friendly.

> - the configure script is not executable by default, is there a reason for
> this?

I just forgot to chmod it :-)

> - the init script for Suse still contains the clause
> OPTIONS="-T -L 24 -w 14m -P $pidfile -u $user -p $socket
> which leads to problems when you want to change some options in 
> greylist.conf since the init parameter string will always override it.
> 
> I use OPTIONS="-P $pidfile -u $user -p $socket" which allows changes of
> all values you may typically change at runtime. I suggest changing the
> rc-suse.sh.in file in this way. (Did already back then).
> I also added a "sleep 2" between the stop and start for the restart action
> as otherwise sometimes the successful stop would not get correctly 
> detected.

Send me a patch (-U2 against CVS please)
 
> - man greylist.conf says to use the "racl" keyword now. I suppose the acl
> keyword is still ok for compatibility reasons? Can I use racl and acl
> keywords mixed?

Sure, acl is just a synonym for racl now. I just committed an update to
the man page to document that.

> - the acl syntax used in the greylist.conf and the greylist2.conf is 
> different. I suppose the syntax in the greylist.conf allows 
> milter-greylist to load the list faster? Hm, just reading man 
> greylist.conf says "grouping is sometimes useful". Is that all about it?

You talk about the list clauses in ACL? I'm not sure the time to load is
different, but it makes the config file much simplier, as the same list
may be reused in different ACL.
 
> - I might want to use the rcptcount racl. Are authenticated clients 
> automatically excluded from this if noauth is not set (so clients can send
> out with many recipients but incoming connections to clients can only drop
> a certain number of recipients)? Or would I need to change to "racl auth"
> and put that before the "racl rcptcount" line?

I'd say you are right: they are excluded, except if you use noauth or an
auth clause. 

> - there has been added quite a bit to the acl stuff and I'm not sure if I
> should make use of that. For instance what's the benefit of using DNSRBL
> in milter-greylist to using it in sendmail? Is there an article out 
> somewhere that discusses this? 

You can adapt the greylisting delay based on the sender's reputaton in
various DNSRBL.

Also, sendmail does not offer you a nifty ACL where you can mix DNSRBL
results with recipients or other stuff.

> Or how the urlcheck can be used?

You can query an external source of information. I'm working at using a
LDAP directory for storing per-recipient settings.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...