Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Message

Re: [milter-greylist] Whitelist with Sendmail access db

2017-06-29 by Johann Klasek

On Tue, Jun 27, 2017 at 03:58:52PM +0000, markus@... [milter-greylist] wrote:
> Hello!
>  
> 
>  I'm trying to get whitelisting with Sendmails access.db to work, with no luck :(
>  I'm using 4.6.2. The milter works just fine otherwise except for the access.db feature.
>  
> 
>  In my servers sendmail.mc i got:
>  
> 
>  dnl
>  dnl Milter macros (required by milter-greylist)
>  dnl
>  define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')dnl
>  define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')dnl
>  define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')dnl
>  define(`confMILTER_MACROS_ENVRCPT', `{greylist}')dnl
>  
> 
>  I also got this at the end of sendmail.mc:
>  
> 
>  dnl
>  dnl Required by milter-greylist
>  dnl
>  LOCAL_CONFIG
>  Kstorage macro
>  LOCAL_RULESETS
>  SLocal_check_rcpt
>  R$+         $: $(storage {greylist} $) $&{client_addr}
>  R$+         $: $>A <$1> <?> <+Connect> <$1>
>  R<$+> <$*>  $: $(storage {greylist} $@ $1 $) $2
>  
> 
>  As mentioned in the documentation, I made sure to use tabs in front om the $:
>  
> 
>  I'm not really sure what the exact syntax is suppost to be in the access file. I've tried a few variations.
>  My last bet was this:
>  
> 
>  Connect:example.com OK
>  
> 
>  Also tried:
>  
> 
>  Connect:example.com WHITE

Because the rules above are using client_addr, it uses the IP address for
a match in access-db!

You have to state the ip address in access-db ...

Connect:1.2.3.4         OK

(OK, RELAY, WHITE tells milter-greylist to whitelist the IP) - use WHITE
to prevent side-effects (not allowing any relaying to foreign hosts).

For a simple fix, change client_addr to client_name
which contains the hostname or in case this isn't resolveable [a.b.c.d]
for IPv4 or something like this [IPv6:2a02:c207:2011:3138::1] for IPv6
addresses.

This checks the address and if not found the hostname against access-db
...

SLocal_check_rcpt
R$+             $: $(storage {greylist} $) $&{client_addr}
R$+             $: $>A <$1> <?> <+Connect> <$1>
R<?> <$+>       $: <?> $&{client_name}
R<?> $+         $: $>A <$1> <?> <+Connect> <$1>
R<$+> <$*>      $: $(storage {greylist} $@ $1 $) $1

Regards,

Johann K.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.