Re: [milter-greylist] SPF SELF without known local address
2013-08-12 by Jim Klimov
... Something like that, yes :) There is nothing like it here: http://hcpnet.free.fr/milter-greylist/greylist.conf.5.txt ...though now that you said it, I see
Messages
Browse messages
Page 21 of 144 · 7199 messages matched
Re: [milter-greylist] Re: Patches to use localaddr if there is no if_addr, and some more SPF verbosity
2013-08-12 by Jim Klimov
... Huh? I think they are in your patch as well as in mine... ... So far it doesn t... I did consider it at one point as a cheaper check than strncmp(),
Re: [milter-greylist] SPF SELF without known local address
2013-08-12 by manu@...
... racl continue msg stuff ? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@netbsd.org
Re: [milter-greylist] SPF SELF without known local address
2013-08-12 by Jim Klimov
... But isn t the point of the spf self test to detect that a spammer owns or abuses a domain whose SPF record allows too much - such as our server s address
Re: Patches to use localaddr if there is no if_addr, and some more SPF verbosity
2013-08-12 by manu@...
... You forgot the bits from conf.c and conf.h. I added them and refactored the patch a bit. For instance, local_ipstr() never returns NULL, therefore there is
Re: [milter-greylist] SPF SELF without known local address
2013-08-12 by manu@...
... The spammer may use a domain that passes 127.0.0.1. It is less easy to prepare a domain that will mathc the MX of all the target recipient. -- Emmanuel
Patches to use localaddr if there is no if_addr, and some more SPF verbosity
2013-08-11 by Jim Klimov
... -POSIX +Postfix ... So here is a couple of patches: one allows use of localaddr by local_ipstr() for %V format string parsing, I believe; its result
SPF SELF without known local address
2013-08-11 by Jim Klimov
I wonder if it makes sense to test spf self with 127.0.0.1 for example, in case neither {if_addr} nor localaddr are set, instead of bailing out completely?
Re: [milter-greylist] config.h included twice
2013-08-11 by Jim Klimov
... Hmmm... maybe false alarm; at least if you can t reproduce - no need to bother then. My build routine keeps the original code separate from the generated
Re: [milter-greylist] Toggle to not log failure to fetch {if_addr}
2013-08-11 by manu@...
... There is no such standard API, unfortunately. Older system peek at kernel internals through /dev/kmem. Modern systems use sysctl, but the data format is
Re: [milter-greylist] Toggle to not log failure to fetch {if_addr}
2013-08-11 by Jim Klimov
... I thought that maybe netstat -an relies on some standard API to list the kernel s established TCP sessions on various OSes. Forking an executable for
config.h included twice
2013-08-11 by Jim Klimov
I found some build noise in the milter-greylist compilation like this: gcc -L/lib -L/usr/lib -L/usr/local/ssl/lib -L/usr/local/lib -L/usr/sfw/lib
Re: [milter-greylist] Toggle to not log failure to fetch {if_addr}
2013-08-11 by manu@...
... No, it seems fine to do so ... You want to run netstat in popen()? Or use the system non standard API to retreive the information? -- Emmanuel Dreyfus
Re: [milter-greylist] How is SPF processed in absence of keywords in config?
2013-08-11 by Jim Klimov
... Thanks, in the absence of any documented examples I tried to quote the statuses which gave syntax errors... vague indications in the mailing list archives
Re: [milter-greylist] Toggle to not log failure to fetch {if_addr}
2013-08-11 by Jim Klimov
... This I cannot vouch for or against... It would seem logical for the API client capable of setting the macro (Sendmail) to do so regardless of the socket
Re: [milter-greylist] "Config error at line" should also display the problematic line contents
2013-08-11 by manu@...
... Try to use yytext (defined as extern char *yytext), but I am not sure wether you only get the current line, or all the remaining of the file. You may have
Re: [milter-greylist] Contribution: regex rules for "bad" hostname patterns
2013-08-11 by manu@...
... No, but here is an idea: milter-greylist already have the concept of variables, fetched from LDAP or a random web service (ldapcheck and urlcheck). They
Re: [milter-greylist] How is SPF processed in absence of keywords in config?
2013-08-11 by manu@...
... Right. ... Correct. ... racl whitelist spf pass racl blacklist spf error racl blacklist spf fail -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz
Re: [milter-greylist] Toggle to not log failure to fetch {if_addr}
2013-08-11 by Jim Klimov
... I see an as-of-yet undocumented config keyword localaddr which can be defined, apparently, for Postfix users to use spf self . I wonder if it is for any
Re: [milter-greylist] Toggle to not log failure to fetch {if_addr}
2013-08-11 by manu@...
... In fact I understand we get it each time a mail is received through a Unix socket. I think we should completely get rid of the message, as it fail to
Re: [milter-greylist] Contribution: regex rules for "bad" hostname patterns
2013-08-11 by Jim Klimov
... I did not find anything like it, so rolled my own: %c format string to substitute by the email address defined with the new contact_email keyword. This
Re: [milter-greylist] Toggle to not log failure to fetch {if_addr}
2013-08-11 by Jim Klimov
... The name? Probably so, but it won the role in a casting competition ;) First names were even uglier and less to the point, for example, nomacro_if_addr -
Re: [milter-greylist] How is SPF processed in absence of keywords in config?
2013-08-11 by jimklimov@cos.ru
So by default we whitelist spf pass es and do nothing about both uncertainties and outright failures, right? Any non-success results just fall through to other
Re: [milter-greylist] How is SPF processed in absence of keywords in config?
2013-08-11 by jimklimov@cos.ru
OK, so by default we whitelist spf succeses,, but do nothing about Typos courtesy of my Samsung Mobile ... От: manu@netbsd.org Дата: 2013.08.11 6:32
Re: [milter-greylist] Toggle to not log failure to fetch {if_addr} [1 Attachment]
2013-08-11 by manu@...
... Your config option is ugly! :-) We could just report the error once, and remain silent for later messages. After all the thing is configured,(or not
Re: [milter-greylist] How is SPF processed in absence of keywords in config?
2013-08-11 by manu@...
... IIRC, when you have SPF support compiled, SPF compliant message are whitelisted by default, except if: - you use the nospf keyword OR - you have any ACL
Re: [milter-greylist] Submitter DNS name resolution and forgery detection [1 Attachment]
2013-08-11 by manu@...
... The fact that your neighbor breaks the law is not a good reason for breaking it yourself :-) I checked that patch in. -- Emmanuel Dreyfus
Contribution: regex rules for "bad" hostname patterns
2013-08-11 by Jim Klimov
Hello all, I ve ported into milter-greylist regex capabilities some rules from our milter-regex setup (much time has passed, so I am not sure if these rules
"Config error at line" should also display the problematic line contents
2013-08-11 by Jim Klimov
If I have any typos in the configuration, milter-greylist aborts startup and logs a message like this: config error at line 1427: syntax error end Sun Aug 11
Toggle to not log failure to fetch {if_addr}
2013-08-11 by Jim Klimov
My MTA (Sun/Oracle CommSuite Messaging Server) does not have an {if_addr} macro to designate which IP address of the MTA received the SMTP connection. This
How is SPF processed in absence of keywords in config?
2013-08-11 by Jim Klimov
How is SPF processed in absence of spf rules or nospf keyword in config? The manual is not quite clear on this default processing.
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-11 by Jim Klimov
Okay, so here goes the third version of the un-bracketer :) There was quite a bit of indentation, so formatting may still be a bit ugly, especially around the
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-11 by manu@...
... Well, why not? Anyone else has opinion on this? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@netbsd.org
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-11 by manu@...
... Because it was introduced at a time milter-greylist did not do any DNS lookup on its own, and therefore it did not include the header that would have given
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-11 by manu@...
... I committed it, with the configure test after all. Perhaps it could be useful to someone that wants to add wrappers? I do not know, but we already do it
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-11 by manu@...
... The Unpublished Rules say sthat tabs are used as 8 spaces :-) ... Well, since I will do it if you do not, I of course prefer if you do. It would also be
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-10 by Jim Klimov
Manu, can you clarify something? The priv_hostname is defined to be char[ADDRLEN+1], where ADDRLEN is the name of local user part plus the domain part and some
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-10 by Jim Klimov
... Added to both locations, broke the lines to fit into 80 chars, though some existing examples nearby break this code of honour ;) Also fixed the help text
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-10 by Jim Klimov
... I guess you re right, sorry for keeping the commented part. For some reason, $TOUCH did not resolve on one of the build systems at some point (while worked
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-10 by Jim Klimov
... Basically, because a distro maintainer or you as the vanilla tarball maker is free to pick the hardcoded default (retain current behavior and leave
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-10 by Jim Klimov
... Hmm... indeed, it looks like the proper place. I did not realize that there was a method to show the detailed release information. Still, the convention I
Re: [milter-greylist] Submitter DNS name resolution and forgery detection [3 Attachments]
2013-08-10 by manu@...
... I am not sure I understand correctly: unbracket is the default and should do the current behavior, right? Why add a new option. Anyway, I am not sure it is
Re: [milter-greylist] Submitter DNS name resolution and forgery detection [3 Attachments]
2013-08-10 by manu@...
... I am fine with the autoconf part, but you use it when displaying usage. Why not add the new information after current output of milter-greylist -r ? It
Re: [milter-greylist] Submitter DNS name resolution and forgery detection [3 Attachments]
2013-08-10 by manu@...
... Could you cleanup commented commands in that one? For instance: +#TOUCH= @TOUCH@ +TOUCH= touch I think you can skip autoconf here,
Logging of messages with format strings and long SMTP dialog message lines
2013-08-09 by Jim Klimov
In the milter s syslog entries I see the format strings represented as original escape characters (somewhat reasonable as this is a quote from the ACL table).
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-08 by manu@...
... That is a bug and it sould be easy to fix, feel free to send a patch. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@netbsd.org
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-08 by Jim Klimov
... Unfortunately, the CommSuite Messaging Server with which I am integrating now, does not define this macro. But thanks for suggestion, it might be useful on
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-08 by Jim Klimov
... Just tested - this does not work, the %d is not expanded in this context. It does match literally HELO %d though :) //Jim
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-08 by Jim Klimov
Hello all, As a follow-up on the recent post about un-bracketing unresolved names, I d like to submit a rework of that code and a new patch for review. *
Re: [milter-greylist] Submitter DNS name resolution and forgery detection
2013-08-05 by Johann Klasek
... Sendmial provides macro client_resolve, I use it like that: sm_macro maybe_forged {client_resolve} FORGED racl greylist sm_macro maybe_forged delay