Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Thread

Whitelisting

Whitelisting

2004-06-03 by Johnny Sletteland

Greetings, this is my first post here, so I guess a hello is in order.

I have been using milter-greylist in production environments for a short
time now, and the effect is great.
However there are some addresses i wish to let through since 1. we dont
get much spam using these and 2. they contribute to most of the valid
mail traffic to us.

Since they have sub-hosts I have added lines like
from /.*@.*\.example\.no/
from /.*@.*\.anotherdomain\.no/

It looks like if the address is longer than 31 characters, these rules
are not honored.

Another thing is the error bad mailers get:
Transcript of session follows:
	  Command:  DATA
	  Response: 551 No valid recipients

I think this might be a sendmail issue, but if anyone know if its
possible to change that to something a bit more readable for the end
user with poor it-staff that surely would be appreciated.

-Johnny

Re: [milter-greylist] Whitelisting

2004-06-03 by Emmanuel Dreyfus

On Thu, Jun 03, 2004 at 12:51:07PM +0200, Johnny Sletteland wrote:
> I have been using milter-greylist in production environments for a short
> time now, and the effect is great.
> However there are some addresses i wish to let through since 1. we dont
> get much spam using these and 2. they contribute to most of the valid
> mail traffic to us.
> 
> Since they have sub-hosts I have added lines like
> from /.*@.*\.example\.no/
> from /.*@.*\.anotherdomain\.no/

Consider whitelisting the netblock allocated to the sender's organisation:
addr 192.0.2.0/24

sender address whitelisting is not a good thing, because spammers can
forge the sender address easily. They cannot forge the IP used for the
connexion.

> It looks like if the address is longer than 31 characters, these rules
> are not honored.

Yes, this bug has been reported, and  the fix is on track, but I'll add
it after version 1.4 is out. If you are in a desesperate need for a quick
fix, increase ADDRLEN to a higher value (512 should do it) in dump.h, and
rebuild.

> Transcript of session follows:
> 	  Command:  DATA
> 	  Response: 551 No valid recipients
> 
> I think this might be a sendmail issue, but if anyone know if its
> possible to change that to something a bit more readable for the end
> user with poor it-staff that surely would be appreciated.

Mmmm... broken client?  I suspect the following scenario;
The recipient was refused at RCPT time (temporary failure due to greylisting), 
and the client tried to send the message (issuing a DATA command), ignoring 
the previous error. This resulted into a permanent error at DATA stage, 

Could you run a tcpdump -s0 -X 'host ... & port 25' during such a failure,
to confirm this theory?

-- 
Emmanuel Dreyfus
manu@...

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.