Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Access-lists in milter-greylist

2004-11-12 by manu@netbsd.org

Remy Card <Remy.Card@...> wrote:

>         Each entry would have this syntax:
> 
> acl greylist|whitelist [addr IP/CIDR] [from address|regex]
>         [rcpt address|regex] [domain domain|regex]

Some thoughts:
1) It would be nice if the order of the addr, from, rcpt and domain
clauses would not be fixed. i.e.: you could write "from friend@...
rcpt grandma@..." and "rcpt grandma@... from
friend@...", this would give the same result 

2) Is the acl keyword useful at all? We could have greylist and
whitelist keywords without a leading acl.

3) It would be nice to allow a multiline syntax too. Your syntax is nice
because it's lightweight, but having long lines of configuration can be
unconvenient when working on a 25x80 terminal. I'd suggest two
alternative syntaxes:

whitelist from friend@... rcpt grandma@...

or

whitelist {
        from friend@... 
        rcpt grandma@... 
}
 
> > First, a few examples...
> > 
> > # first config, Dan's setup:
> > acl grandma {
> >         rcpt grandma@...
> >         not from friend@...
> >         not from another.friend@...
> > }
> > greylist grandma
> > whitelist default
> 
>         This could be written:
>  
> acl whitelist from friend@... rcpt grandma@...
> acl whitelist from another.friend@... rcpt grandma@...
> acl greylist rcpt grandma@...
> acl whitelist rcpt /.*/

I'd like to head Dan Hollis opinion (it's his setup, after all)

One more thought: you use "acl whitelist rcpt /.*/" as a default rule.
This could also be written "acl whitelist from /.*/" or anything with a
wildcard. A whitelist keyword without any (from, rcpt, domain, addr)
specifier will also do the same thing.   

Maybe a "whitelist default" would be easier to understand for the
newcomer.

 
> > The last problem is to convert the older keyword to the new framework so
> > that we can retain backward compatibility in the config file.
(snip)
>         With my proposal, conversion is much easier : just add "acl " before
> each {addr|domain|from|rcpt} keyword.  A simple sed script could do the work.

You also need to add whitelist or greylist, and the keyword you need
depends if the user was running test mode or not. 

test mode would not affect the way you read the ACL, right?

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.