Bruncsak, Attila <attila.bruncsak@...> wrote:
> I do not see any bug.
I tracked it down to this minimal example:
racl blacklist rcpt archibald.haddock@... msg "blacklisted"
racl whitelist auth /.*/ report "Authenticated sender"
racl whitelist default
Sending as an authenticated user, I get the following result:
archibald.haddock@... -> blacklisted, as expected
emmanuel.dreyfus@... -> accepted
Now if I start sending with an accepted user first:
emmanuel.dreyfus@... -> accepted
archibald.haddock@... -> wrongly accepted
My understanding is that the offending code is at the begining of
real_envrcpt():
if ((priv->priv_sr.sr_whitelist & EXF_WHITELIST) &&
(priv->priv_sr.sr_whitelist &
(EXF_NONIP | EXF_AUTH | EXF_STARTTLS | EXF_SPF)))
goto exit_accept;
That reuses the status from previous recipient. I made the change below,
which avoids it based on a global configuration parameter, but I wonder
if it makes sense to preserve the original behavior. Is it just a plain
bug, or can it have some merit?
--- milter-greylist-4.5.1/milter-greylist.c
+++ milter-greylist-4.5.1p1/milter-greylist.c
@@ -638,8 +638,16 @@
*/
prop_clear(priv, UP_CLEARPROP);
#endif
+ /*
+ * If we re-evaluate racl for each recipient, forget
+ * about previous decision.
+ */
+ if (conf.c_multiracl)
+ priv->priv_sr.sr_whitelist &=
+ ~(EXF_WHITELIST|EXF_GREYLIST|EXF_BLACKLIST);
+
if ((priv->priv_sr.sr_whitelist & EXF_WHITELIST) &&
(priv->priv_sr.sr_whitelist &
(EXF_NONIP | EXF_AUTH | EXF_STARTTLS | EXF_SPF)))
goto exit_accept;
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...Message
Re: [milter-greylist] racl confusion
2013-06-23 by manu@...