Milter-greylist

Hello everybody

I've completed the hard part with DNSRBL integration. It seems to work
but needs to be polished before I release a tarball.

Here is how the config file would like so far. Please raise your voice
if you have concerns:

peer 193.54.82.198
socket "/home/manu/greylist.sock"
dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
dnsrbl "SORBS open" dnsbl.sorbs.net 127.0.0.5
dumpfreq 10m

acl greylist dnsrbl "SORBS open" delay 24h
acl greylist dnsrbl "SORBS DUN" delay 24h
acl greylist rcpt manu@... delay 15m
acl whitelist default


No feedback on yesterday's peer-acl greylist settings?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

mno> I've completed the hard part with DNSRBL integration. It seems to work
mno> but needs to be polished before I release a tarball.
mno> Here is how the config file would like so far. Please raise your voice
mno> if you have concerns:

Emmanuel, are you going to implement "blacklist" acl feature in the
nearest releases?

Best regards,
Denis Solovyov

On Wed, Jul 26, 2006 at 09:47:33PM +0900, Denis Solovyov wrote:
> Emmanuel, are you going to implement "blacklist" acl feature in the
> nearest releases?

Probably, If my users leave me enough free time before hollydays


-- 
Emmanuel Dreyfus
manu@...

Tere.
> Hello everybody
>
> I've completed the hard part with DNSRBL integration. It seems to work
> but needs to be polished before I release a tarball.
>
> Here is how the config file would like so far. Please raise your voice
> if you have concerns:
>
> peer 193.54.82.198
> socket "/home/manu/greylist.sock"
> dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
> dnsrbl "SORBS open" dnsbl.sorbs.net 127.0.0.5
> dumpfreq 10m
>
> acl greylist dnsrbl "SORBS open" delay 24h
> acl greylist dnsrbl "SORBS DUN" delay 24h
> acl greylist rcpt manu@... delay 15m
> acl whitelist default
>
>
> No feedback on yesterday's peer-acl greylist settings?
>
>   
Hmm, but what if sendmail already uses dnsbl feature? Why double it?

-- 
Sysadmin

On Fri, Jul 28, 2006 at 09:31:33AM +0300, Sysadmin wrote:
> Hmm, but what if sendmail already uses dnsbl feature? Why double it?

Because you cannot use sendmail DNSRBL to tell miltergreylist what to
do with a message, especially how long it should be greylisted.

-- 
Emmanuel Dreyfus
manu@...

Tere.
>
> Because you cannot use sendmail DNSRBL to tell miltergreylist what to
> do with a message, especially how long it should be greylisted.
>
>   
Hmm, damn heat, but I still don't figure out, why milter-greylist should
now duplicate sendmail -s job, doing the same queries from the rbl
lists? It will rise the network traffic, thats for sure but what about
benefit? Can't find any? Or it just that damn heat:).

-- 
Sysadmin

Sysadmin <sysadmin@...> wrote:
   
> Hmm, damn heat, but I still don't figure out, why milter-greylist should
> now duplicate sendmail -s job, doing the same queries from the rbl
> lists? It will rise the network traffic, 

Well, it double queries between the mail server and your local DNS,
which should cache the results.

> thats for sure but what about
> benefit? Can't find any? Or it just that damn heat:).

I use a greylist delay of 2 hours for machines in DSL pools and of 15 mn
for other machines. 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Tere.
> Well, it double queries between the mail server and your local DNS,
> which should cache the results.
>
>   
Ok, actually in my case the dns and mail server are together.
> I use a greylist delay of 2 hours for machines in DSL pools and of 15 mn
> for other machines. 
>   
Seems reasonable, btw is this ip address (dnsbl.sorbs.net 127.0.0.10) 
needed at all, as dns query to the address (dnsbl.sorbs.net) will made 
anyway? Actually I don't even know, these rbl servers ip addresses, 
which I'm using with sendmail.

-- 
Sysadmin

Sysadmin <sysadmin@...> wrote:

> Seems reasonable, btw is this ip address (dnsbl.sorbs.net 127.0.0.10)
> needed at all, as dns query to the address (dnsbl.sorbs.net) will made
> anyway? Actually I don't even know, these rbl servers ip addresses, 
> which I'm using with sendmail.

It's not the DNSRBL IP address, it's the value that the DNS returns in
case of a hit. dnsbl returns 127.0.0.10 for an IP in a dynamic pool. 

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...