Milter-greylist

I have been using Milter-Greylist for about 3 years now and have never had
a problem - until today that is..

We noticed recently that some of the FBI phishing emails have made it past
our filters.  We currently use 4 milters as such..

# Input mail filters
O InputMailFilters=greylist, milter-sender, Main, mimedefang

Main is the entry for PureMessage - our only commercial product.  From
what I can tell through the log files is that we received an email with
multiple recipients - some of which are not part of greylisting as we
offer it as an option.  The greylist processed the email as if it was
being sent to each individual separately.  But because one of the
recipients was not greylisting the message was passed on to PureMessage
and ended up in the quarantine for each user. Has anyone else seen this
happen with multiple recipient messages and is there a way around it?  We
also noticed that some emails are processed out of order.  One message we
traced went through milter-sender and then through the greylist.  Aren't
milters supposed to be processed in order?
 
I'm fairly sure we are dropping PureMessage and milter-sender and will
just use greylisting and mimedefang.  We are also going to require
everyone use greylisting so this might might not matter anymore but any
insight would be appreciated.

Thanks!

My config is RedHat AS 3, Sendmail 8.12.10 (from source) and
milter-greylist 2.0rc5.

-----------------------------------------------------------------
Steve Ladendorf                                                           
    Network Manager
sladendorf at blakeschool.org                                        The
Blake School
"The only secure computer is one that's unplugged, locked in a safe,
and buried 20 feet under the ground in a secret location... and I'm
not even too sure about that one"
                                                                      --
Dennis Huges, FBI.

On Thu, Dec 01, 2005 at 01:24:21PM -0600, Steve Ladendorf wrote:
> I have been using Milter-Greylist for about 3 years now and have never had
> a problem - until today that is..

Wow, you started using it 15 months before I wrote version 1.0!

(snip)
> anyone else seen this
> happen with multiple recipient messages and is there a way around it?  

You can delay milter-greylist decision until the DATA stage, which is
not recipient-specific: the delayedreject option does that for messages
from <>, but you can patch the milter to do it for all messages.

> We
> also noticed that some emails are processed out of order.  One message we
> traced went through milter-sender and then through the greylist.  Aren't
> milters supposed to be processed in order?

the logic is roughly the following:
for stage in (connect, hello, from, rcpt, data, eom)
	for milter in (configured milters)
		call handler $stage of $milter

So milter execution is interleaved.

-- 
Emmanuel Dreyfus
manu@...

> You can delay milter-greylist decision until the DATA stage, which is
> not recipient-specific: the delayedreject option does that for messages
> from <>, but you can patch the milter to do it for all messages.

Sorry, but i've seemed to have missed this. 
How is this done (the patch thing)?

Thanks,
/P

On Fri, Dec 02, 2005 at 11:10:47AM +0100, fredrik.pettai@... wrote:
> > You can delay milter-greylist decision until the DATA stage, which is
> > not recipient-specific: the delayedreject option does that for messages
> > from <>, but you can patch the milter to do it for all messages.
> 
> Sorry, but i've seemed to have missed this. 
> How is this done (the patch thing)?

Look at the code and remove the test for the source address being <>,
and you'll have that for any mail.

-- 
Emmanuel Dreyfus
manu@...