Milter-greylist

The "domain" keyword is defined as performing a suffix search.
As coded, it actually performs a rightmost string match. This
is not what is expected and probably not what was intended.

Consider a real example:

	acl whitelist domain pix.net

fairly clear - I want to whitelist mail from "pix.net"

The surprise is that it also whitelists "epix.net"

I.e. it matches right most substrings instead of full domain "suffixes"

The biggest surprise is if you decide to have an acl based on
country code top level domains (for me a very effective acl addition)

Unfortunately, the country code domain "om" also matches "com" and that's
probably not at all what you want! (also note "et" matches "net"
and "il" "mil", etc.)

The fix is simple. I have been running it for a week with no problems.

---rick


*** acl.c.orig  Sun Oct  8 09:21:13 2006
--- acl.c       Fri Feb 23 18:38:15 2007
***************
*** 819,824 ****
--- 819,827 ----
        if (didx >= 0)
                return (0);

+       if ((hidx >= 0) && (host[hidx] != '.'))
+               return (0);
+
        return (1);
  }