Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Can't get dacls to work at all

2015-12-04 by Rudolph T. Maceyko

On Nov 30, 2015, at 11:10 PM, manu@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:
> I will have to read the code again to answer your question, so expect a
> few days of delay, exept if someone else on the list beats me at it.

I have done a little diving through the code and just a tiny bit more playing around with this.  The problem remains.

Milter-greylist is only invoked using the -D option (via the systemd unit file provided by the EPEL milter-greylist RPM for CentOS 6.

The greylist.conf file in its entirety (minus blank lines and comments) is:

***

domainexact

list "known good servers" domain { \
…
}

list "ok countries" geoip { \
…
}

list "whitelist rcpts" rcpt {  \
…
}

list "blacklist rcpts" rcpt { \
...
}

list "blacklist from" from { \
…
}

list "blacklist empty sender" rcpt { \
…
}

report all

dumpfreq 1

timeout 5d

extendedregex

autowhite 0

quiet

geoipdb "/usr/share/GeoIP/GeoIP.dat"

socket "/run/milter-greylist/milter-greylist.sock"

dumpfile "/var/lib/milter-greylist/db/greylist.db" 600

user "grmilter"

list "my network" addr { \
…
}

list "broken mta" addr {   \
…
}

racl "RWMNET" whitelist list "my network"
racl "RWWRCP" whitelist list "whitelist rcpts"
racl "RWBMTA" whitelist list "broken mta"
racl "RWGSRV" whitelist list "known good servers"

racl "RBBFRM" blacklist list "blacklist from" flushaddr msg "invalid sender address"
racl "RBBNRP" blacklist from /^<>$/ list "blacklist empty sender" flushaddr msg "recipient address requires non-empty sender"
racl "RBBRCP" blacklist list "blacklist rcpts" flushaddr msg "invalid recipient address"

dacl "DC1" continue set $is_spam="no"
dacl "DC2" continue header /^X-Spam-Level:[ ]*(.*)$/ set $is_spam="yes"
dacl "DC3" continue $is_spam "yes" log "found X-Spam-Level header"
dacl continue header /^Subject:[ ]*(.*)$/ log "found subject header (%g{\1})"
dacl continue body /.*test.*/ log "found test string in body"
dacl continue msgsize > 0 log "message size is > 0"
dacl "DGXSPM" greylist $is_spam "yes" delay 31m autowhite 91m
dacl "DC2" continue not list "ok countries" log "%i geoip country = %C"
dacl "DGNOKC" greylist not list "ok countries" delay 16m autowhite 46m
dacl "DGDEFL" greylist default delay 6m auto white 15d

***

I’m getting only the following matches (this is just a sampling of recent logs):

  55027  RWMNET
    377  (empty ACL)
    123  RWWRCP
     42  RBBNRP
     42  312 (RBBNRP)
      9  RWGSRV
      5  RBBRCP
      5  313 (RBBRCP)
      3  RWDNSL (since removed from the configuration)

Nothing in dacl matches at all, and I’m getting logs for the header test that should trigger the DGXSPM dacl but instead I end up with the default 30 minute greylist (nowhere specified in the greylist.conf)

Thanks,
Rudy

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.