Milter-greylist

On Fri, Nov 12, 2004 at 03:43:45PM +0100, manu@... wrote:
> Remy Card <Remy.Card@...> wrote:
> 
> >         Each entry would have this syntax:
> > 
> > acl greylist|whitelist [addr IP/CIDR] [from address|regex]
> >         [rcpt address|regex] [domain domain|regex]
> 
> Some thoughts:
> 1) It would be nice if the order of the addr, from, rcpt and domain
> clauses would not be fixed. i.e.: you could write "from friend@...
> rcpt grandma@..." and "rcpt grandma@... from
> friend@...", this would give the same result 

	Yep.  Order of clauses in an entry would not be fixed.

> 2) Is the acl keyword useful at all? We could have greylist and
> whitelist keywords without a leading acl.

	I  agree that the acl keyword is useless, but we already have a
greylist keyword:

# How long does a client has to wait before we accept 
# the messages it retries to send. Here, 1 hour.
greylist 30m

	We have to distinguish the two meanings of the greylist keyword.
Maybe we can add a new keyword?

> 3) It would be nice to allow a multiline syntax too. Your syntax is nice
> because it's lightweight, but having long lines of configuration can be
> unconvenient when working on a 25x80 terminal. I'd suggest two
> alternative syntaxes:
> 
> whitelist from friend@... rcpt grandma@...
> 
> or
> 
> whitelist {
>         from friend@... 
>         rcpt grandma@... 
> }

	No problem at all.  I think that yacc can handle this.

> >         This could be written:
> >  
> > acl whitelist from friend@... rcpt grandma@...
> > acl whitelist from another.friend@... rcpt grandma@...
> > acl greylist rcpt grandma@...
> > acl whitelist rcpt /.*/
> 
> I'd like to head Dan Hollis opinion (it's his setup, after all)

	I'm interested in Dan's comments as well.

> One more thought: you use "acl whitelist rcpt /.*/" as a default rule.
> This could also be written "acl whitelist from /.*/" or anything with a
> wildcard. A whitelist keyword without any (from, rcpt, domain, addr)
> specifier will also do the same thing.   
> 
> Maybe a "whitelist default" would be easier to understand for the
> newcomer.

	"acl whitelist rcpt /.*/" was a quick hack.  Actually, I think that
this line could be removed.  The default should be greylisting every mail when
running in normal mode and whitelisting every mail when running in test mode.
Thus, we can rely on this default action and we don't need to use this (ugly)
hack.

	Anyway, we can add a default keyword to be more specific.

> > > The last problem is to convert the older keyword to the new framework so
> > > that we can retain backward compatibility in the config file.
> (snip)
> >         With my proposal, conversion is much easier : just add "acl " before
> > each {addr|domain|from|rcpt} keyword.  A simple sed script could do the work.
> 
> You also need to add whitelist or greylist, and the keyword you need
> depends if the user was running test mode or not. 

	You're right.  I forgot about these keywords.  I guess that the
conversion script will need a parameter to know if milter-greylist runs
in noormal mde or not.

> test mode would not affect the way you read the ACL, right?

	Of course not.  ACL would be interpreted the same way in normal or
in test mode with the exception of the default action.

		R\ufffdmy