Hi, On Sun, Sep 07, 2014 at 07:42:56PM +0200, manu@... [milter-greylist] wrote: > 'Andrew J. Schorr' aschorr@... [milter-greylist] > <milter-greylist@yahoogroups.com> wrote: > > > Is it currently possible to do this with milter-greylist? > > No, because milter-greylist does greylisting at RCPT stage, and DMARC > header is only known at DATA stage. Thanks for getting back to me, but I'm a bit confused. The man page for greylist.conf says, in part: ACL using the racl keyword are evaluated at the RCPT stage of the SMTP transaction. It is also possible to have ACL evaluated at the DATA stage of the SMTP transaction, using the dacl keyword, provided the message went through RCPT-stage ACL, and possibly greylisting. Note that you cannot use the greylist action at DATA-stage if the RCPT-stage ACL that matched had a greylist action itself. This seems to suggest that something like this might work: racl whitelist default dacl greylist default dacl whitelist header /^authentication-results.*dmarc=pass/ Am I understanding the man page incorrectly? I'd also like to whitelist emails from my local network, so I'm not sure how to solve that problem, since such emails will not have the dmarc header... > > If not, do you think it would be easy to patch milter-greylist to do this? > > It depends what you call easy :-) I haven't looked at the code yet, but it seems from the man page as if the dacl checks are skipped if the racl checks do not finish in a whitelist state. So I might want to patch the code to add an option to continue to run the dacl checks regardless of the racl outcome. I perhaps foolishly imagine that this should not require huge changes... Thanks, Andy
Message
Re: [milter-greylist] whitelisting messages that pass DMARC authentication
2014-09-07 by Andrew J. Schorr