Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: Suggested improvements to dacl processing: what do you prefer?

2009-11-08 by reschauzier

I uploaded a patch to improve the dacl handling and fix the dkim bug. The patch ('mg-4.3.5_to_mg-4.3.5-dacl.patch') can be found here:

http://tech.groups.yahoo.com/group/milter-greylist/files/

(Sorry, Yahoo does not allow direct links). The file patches against the latest CVS check-out.

The modification will base the precedence of racl and dacl lines on the order in which they appear in the conf file.

As an example, a conf file like

dacl whitelist dkim pass
racl greylist default

will whitelist a sender if it passes dkim, and default to greylisting if not.

The modifications to the code turned out to be quite simple; all of the necessary hooks were already in there. The logic as the message passes through the milter stages is as follows:

1. The connecting host and sender are processed in the rcpt stage of the SMTP connection and checked for matches against racl statements

2. If a racl matches, the milter checks to see if there are any dacl statements before the matching racl statement. If so, the result of the racl match is stored and the message proceeds to the data and body stage of the SMPT connection.

If there are no dacl statements before the matching racl line, no data stage processing is needed and the racl result is processed immediately in the rcpt stage (saving CPU).

3. If there are dacl lines before the matching racl line, the milter will continue to the data and body stages of the SMPT connection. It will process the dacl commands up to the matching racl line. In case of a match, the dacl result will be processed; no match means the racl results will be restored.

Although the processing logic may sound complicated, the result is very intuitive and greatly increases performance by not passing messages through the dacl stage when not needed.

Take this example:

racl whitelist spf pass
dacl whitelist dkim pass
racl greylist default

If a sender matches the spf clause, the message is accepted immediately and does not pass through the data stage.

The line based dacl precedence will also work for black listing based on content scanning:

racl whitelist spf
dacl whitelist dkim pass
dacl blacklist spamd
racl greylist default

In this case, all messages that match spf or dkim will be whitelisted, whereas any other messages which are flagged by Spamassasin will be rejected. All other messages will be greylisted.

Please go ahead and try the patch. I am very interested to hear your feedback. By turning on 'verbose' in the conf file, the program will clearly log its racl/dacl decisions. The logic should become quite obvious after a couple of messages.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.