Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

dnsrbl urlcheck syntax explanation

2009-05-14 by Piotr Wadas

Hello,
Using milter-greylist 4.2+

from greylist.conf manual page

#       Here is an example that will use various DNSRBL depending on a 
#per-recipient setting stored in the dnsrbl attribute of a LDAP directory.
#
# dnsrbl "RBL2" "rbl.example.net" "127.0.0.2" 
# dnsrbl "RBL3" "rbl.example.net" "127.0.0.3" 
# dnsrbl "RBL4" "rbl.example.net" "127.0.0.4" 

# urlcheck "userconf" "ldap://localhost/dc=org?milterGreylistStatus,dnsrbl?one?mail=%r" 5 getprop clear

#  racl blacklist urlcheck "userconf" $dnsrbl "RBL2" dnsrbl "RBL2"
#  racl blacklist $dnsrbl "RBL3" dnsrbl "RBL3"
#  racl blacklist $dnsrbl "RBL4" dnsrbl "RBL4"

#Note that when matching gathered properties, format strings and regex can 
#be used.

Could I ask for additional explanation what exactly it means?
After four (including urlcheck) dnsrbl definitions 
and then three racl matching. Message to john@... is evaluated in 
the following way:

Assume I have ldap entry with

dn: cn=john,ou=foobar.net,dc=org
cn: john
mail: john@...
dnsrbl: MYRBL5 rbl5.example.net 127.0.0.5
dnsrbl: rbl6.example.net 127.0.0.6
dnsrbl: rblx7.example.net 
milterGreylistStatus: TRUE

1) ldap query (mail=john@...), requesting attributes
milterGreylistStatus and dnsrbl attributes, so the example matching 
response would be:

dnsrbl: MYRBL5 rbl5.example.net 127.0.0.5
dnsrbl: rbl6.example.net 127.0.0.6
dnsrbl: rblx7.example.net 
milterGreylistStatus: TRUE

so, what actually will be substituted as $dnsrbl keyword with racl using 
"userconf" ? Should I make sure, there'll be only one variable of dnsrbl 
retrieved? AFAIK return-only-matching-values ldapserver extension is not 
supported by classic ldapurl scheme, so the only way is to force
dnsrbl attribute with SINGLE-VALUE keyword in ldap directory schema.
But which one will be valid ? 

Assuming $dnsrbl in racl is just substituted "as-is", the following 
combination would be valid, depending on actual dnsrbl value

#1: dnsrbl: RBLX rblx.example.net 127.0.0.1
racl blacklist urlcheck "userconf" $dnsrbl 

OR

#2: dnsrbl: rblx.example.net 127.0.0.1
racl blacklist urlcheck "userconf" RBLX $dnsrbl

OR

#3: dnsrbl: 127.0.0.1
racl blacklist urlcheck "userconf" RBLX rblx.example.net $dnsrbl 

OR

#4: dnsrbl: rblx.example.net
racl blacklist urlcheck "userconf" RBLX $dnsrbl 127.0.0.1

#5. dnsrbl: rblx.example.net
#no 127.0.0.1, any response cosidered positive match
racl blacklist urlcheck "userconf" RBLX $dnsrbl 

I guess response is used as value, without attributeName, (string 
"attributeName: attributeValue" trimmed to "attributeValue"), so what 
about the following trick:

#filter: (&((mail=john@...)(customAttrName=*)), 
#custom attribute storing preference
#ldap://localhost/dc=org?milterGreylistStatus,customAttrName?one?mail=%r"

#4: customAttrName: RBLX rblx.example.net 127.0.0.1
racl blacklist urlcheck "userconf" $customAttrName

customAttrName must be SINGLE-VALUE anyway, multi-value will confuse 
urlcheck/ldapcheck ? 

Regards,

PW

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.