Milter-greylist

Graham Dunn <gdunn@...> wrote:

> Squid has already invented this particular wheel, yes?

Good, I hate re-inventing the wheel.
(snip)

> Of course, this makes your configuration hideously complex :]

You don't *have* to use the complex features, but it's good to have them
available:

So we'd have a first match list of greylist/whitelist keywords, each
using an ACL using a last match basis. Here is a complete proposal, I'd
appreciate if people could comment:

First, a few examples...

# first config, Dan's setup:
acl grandma {
        rcpt grandma@...
        not from friend@...
        not from another.friend@...
}
greylist grandma
whitelist default



# Second config, Remy's setup:
acl foo {
        rcpt .*@...
        not rcpt postmaster@...
}
greylist foo 
whitelist default



# And finaly, Manu's setup:
acl myusers {
        rcpt user1@...
        rcpt user2@...
        rcpt user3@...
}
acl mywhitelist {
        addr 193.54.0.0/16
        domain friendly.com
}
whitelist mywhitelist
greylist myusers
whitelist default 





default is an internally defined ACL that match anything.

It seems to me that it matches all the needs that have been described
here so far. Now, let's try to be more formal:

For each {greylist|whitelist} keyword {
        for each entry in its ACL {
                if it's addr and the IP doesn't match
                        break out of the ACL loop
                if it's domain and the domain doesn't match
                        break out of  the ACL loop
                if it's from and the sender doesn't match
                        break out of  the ACL loop
                if it's rcpt and the recipient doesn't match
                        break out of  the ACL loop
        }
        if all entries in the ACL matched or if it was void {
                retain the {greylist|whitelist} decision 
                exit the keyword loop
        }
}



The last problem is to convert the older keyword to the new framework so
that we can retain backward compatibility in the config file.

"rcpt X" in test mode will be interpreted as
acl X {
        rcpt X
}
greylist X


"rcpt X" in "normal" mode will be interpreted as
acl X {
        rcpt X
}
whitelist X
 

"{addr|from|domain} X" turns into
acl X {
        {addr|from|domain} X
}
whitelist X


Test mode turns into adding "whitelist default" at the end of the config
Normal mode turns into adding "greylist default" at the end of the
config.


We would tag as obsolete all the old syntax, but we will keep it working
for the sake of backward compatibility (did I ever explained I hated
software that broke my config files? :-) 


Opinions? 

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...