Milter-greylist

I recently rebuilt my mail server and upgraded my milter-greylist to
the 2.0b3 release. Yesterday I send myself an email from my work email
and noticed that it was greylisted even though my work domain has
always been whitelisted using a domain entry.

My greylist.conf contains the line (rewritten from the old format in
the 1.x release):

acl whitelist domain crww.com 



I poked around this morning and here is what I am seeing.

A mail message arrives from otcfwm02.carlson.com which is passed into
acl_filter() where emailcmp("otcfwm02.carlson.com", "carlson.com")
returns no match.

I'm not sure whether the comparison should be from right to left so
that the mail host would match against the domain name or if the
machine name should be stripped from the host name before the
comparison so that the test would be emailcmp("carlson.com",
"carlson.com").


Switching the acl to:

acl whitelist domain /.*.crww.com/

and using a regular expression match works.

Has anyone else noticed a problem with whitelisting domain names?

Thanks,
Ken Brown

On Wed, Mar 23, 2005 at 02:28:11PM -0000, kenedwardbrown wrote:
> acl whitelist domain crww.com 
(snip)
> A mail message arrives from otcfwm02.carlson.com which is passed into
> acl_filter() where emailcmp("otcfwm02.carlson.com", "carlson.com")
> returns no match.

Why would you like otcfwm02.carlson.com to match crww.com?

-- 
Emmanuel Dreyfus
manu@...

--- In milter-greylist@yahoogroups.com, Emmanuel Dreyfus <manu@n...> 
wrote:
> On Wed, Mar 23, 2005 at 02:28:11PM -0000, kenedwardbrown wrote:
> > acl whitelist domain crww.com 
> (snip)
> > A mail message arrives from otcfwm02.carlson.com which is passed 
into
> > acl_filter() where emailcmp
("otcfwm02.carlson.com", "carlson.com")
> > returns no match.
> 
> Why would you like otcfwm02.carlson.com to match crww.com?
> 
> -- 
> Emmanuel Dreyfus
> manu@n...

I thought that the intent of the domain keyword was to whitelist all 
incoming mail from a particular domain, without regard to the name 
of the actual mailhost. If I'm wrong than there is no issue.

The man page for greylist.conf says that

acl whitelist domain example.net

will whitelist any machine in the example.net domain. 

So I was expecting that the match against the hostname passed in by 
sendmail would ignore the machine name, otcfwm02, and just match the 
domain of otcfwm02 against the acl.

Thanks,
Ken

On Wed, Mar 23, 2005 at 03:56:28PM -0000, kenedwardbrown wrote:
> > Why would you like otcfwm02.carlson.com to match crww.com?
> I thought that the intent of the domain keyword was to whitelist all 
> incoming mail from a particular domain, without regard to the name 
> of the actual mailhost. If I'm wrong than there is no issue.

Here otcfwm02.carlson.com is the resolved DNS name of the connecting
host, as handed out by sendmail. It is possible that the connecting 
host has several domain names, but you should use the one that is
used in reverse DNS resolution.

-- 
Emmanuel Dreyfus
manu@...