Milter-greylist

I'm still fighting with prop usage.

When incoming message is on its way, I got the following in verbose log:

Querying "ldap://127.0.0.1"
got prop $dnsrbl = "xxxx"
ldapcheck lookup performed in 0.001245s

and the following config:

###
ldapconf "ldap://127.0.0.1B"                                                                                                                                                                                                                                                                                                 
ldapcheck "lck" "ldap://nohost/dc=net?dnsrbl?sub?(mail=%r))" clear

dnsrbl "RBL2" rbl2.example.net 127.0.0.2
dnsrbl "RBL3" rbl3.example.net 127.0.0.2

racl blacklist ldapcheck "lck" $dnsrbl "xxxx" dnsrbl "RBL2"
####

So, in short, a property dnsrbl IS retrieved from ldap directory,
but racl still doesn't match. Expected behaviour is 
to use RBL2 or RBL3, depending on what "dnsrbl" attribute contains.
I tried to put "xxx" in dnsrbl ldap attribute, I tried
to put "RBL2" with/without quotes, still no effect. 
I tried to put the whole line 'dnsrbl "RBL2" x.y.z 127.0.0.2' 
in ldap attribute, and also 'x.y.z' (rbl server FQDN), and 
the answer rbl server is returnig. I tried to put 'TRUE' or 'OK'

WHAT the hell is the expected variable, to be returned as property value
from directory, to have racl match, and - as matched - use "RBL2"
dnsrbl entry (defined above) with "%r" user ? 

The following works as expected:

###
dnsrbl "RBL2" rbl2.example.net 127.0.0.2                                                                                                 
dnsrbl "RBL3" rbl3.example.net 127.0.0.2                                                                                                  
                                                                                                                                             
racl blacklist dnsrbl "RBL2"       
####

please :) what is the expected variable to be returned
as property right from directory, to match racl line?
In above example, I expect attribute value must match
sixth word in racl line, to use dnsrbl entry specified by
name as eighth word of racl line. I wonder to lookup in
source coude, but racl syntax definition is probably
complicated a little bit :)
regards,
Piotr 

On Thu, 14 May 2009, Emmanuel Dreyfus wrote:

> On Thu, May 14, 2009 at 10:24:15AM +0200, Piotr Wadas wrote:
> > Could I ask for additional explanation what exactly it means?
> > After four (including urlcheck) dnsrbl definitions 
> 
> You don't need to duplicate the urlcheck clause: once it is
> evaluated, you have the fetched variables available for the
> remaining ACLs.
> 
> > so, what actually will be substituted as $dnsrbl keyword with racl using 
> > "userconf" ? Should I make sure, there'll be only one variable of dnsrbl 
> > retrieved?
> 
> urlcheck fetched values can be multivalued. If there are multiple dnrbl
> attributes in your LDAP directory, $dnsrbl will contain all of them. 
> An ACL will match if any of the $dnsrbl value match.
> 
> I made a presentation at SolutionsLinux 2009 about milter-greylist.
> The slides are in french, but that will not prevent you for grabbing
> the smple config files:
> http://ftp.espci.fr/shadow/manu/SL2009.pdf
> 
> Once you will have the thing working, feel free to contribute documentation
> to the milter-greylist wiki.
> 
>