Milter-greylist

Running FBSD-6.0 & gl-2.1.12

Finally got the dnsrbl compiled in & now experimenting.

Wonder if this syntax is correct? Below are some entries for blacklisting
and then the output on reloading the config.

greylist-config:
list "known spammers" rcpt { /.*@.../ /.*@.../ /bad1@*/
/bad2@*/ }
acl blacklist dnsrbl "known spammers" flushaddr

Then reload config output:
load list item /.*@.../
load list item /.*@.../
load list item /bad1@*/
load list item /bad2@*/
load list type rcpt 
load list name "known spammers"

(^_^)
Happy trails,
Jack L. Stone

System Admin
Sage-american

On Tue, Aug 08, 2006 at 07:18:57AM -0500, Jack L. Stone wrote:
> list "known spammers" rcpt { /.*@.../ /.*@.../ /bad1@*/
> /bad2@*/ }

IMO, you want /.*@example1\.com/ and /bad1@.*/

-- 
Emmanuel Dreyfus
manu@...

At 12:23 PM 8.8.2006 +0000, you wrote:
>On Tue, Aug 08, 2006 at 07:18:57AM -0500, Jack L. Stone wrote:
>> list "known spammers" rcpt { /.*@.../ /.*@.../ /bad1@*/
>> /bad2@*/ }
>
>IMO, you want /.*@example1\.com/ and /bad1@.*/
>
>-- 
>Emmanuel Dreyfus
>manu@...
>

Thanks, will modify.

BUT, I found the line:
acl blacklist dnsrbl "known spammers" flushaddr
...would not allow milter-greylist to start
So, changed to:
acl blacklist list "known spammers" flushaddr
...and it started.

Is this experimental change correct since the m-gl won't run the other way
as shown in the man greylist.cong(5)??



(^_^)
Happy trails,
Jack L. Stone

System Admin
Sage-american

On Tue, Aug 08, 2006 at 07:34:19AM -0500, Jack L. Stone wrote:
> BUT, I found the line:
> acl blacklist dnsrbl "known spammers" flushaddr
> ...would not allow milter-greylist to start

Which causes me no surprise, as you never defined "known spammers" as
a rcpt list, not a dnsrbl.

> So, changed to:
> acl blacklist list "known spammers" flushaddr
> ...and it started.
> 
> Is this experimental change correct since the m-gl won't run the other way
> as shown in the man greylist.cong(5)??

It would have accepted it if you had defined the dnsrbl before, as explained
in the DNSRBL section of the man page. 

-- 
Emmanuel Dreyfus
manu@...

At 12:48 PM 8.8.2006 +0000, you wrote:
>On Tue, Aug 08, 2006 at 07:34:19AM -0500, Jack L. Stone wrote:
>> BUT, I found the line:
>> acl blacklist dnsrbl "known spammers" flushaddr
>> ...would not allow milter-greylist to start
>
>Which causes me no surprise, as you never defined "known spammers" as
>a rcpt list, not a dnsrbl.
>

....yes, my bad.

>> So, changed to:
>> acl blacklist list "known spammers" flushaddr
>> ...and it started.
>> 
>> Is this experimental change correct since the m-gl won't run the other way
>> as shown in the man greylist.cong(5)??
>
>It would have accepted it if you had defined the dnsrbl before, as explained
>in the DNSRBL section of the man page. 
>
>Emmanuel Dreyfus

I have it defined earlier above in the config:
## SORBS
dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
acl greylist dnsrbl "SORBS DUN" delay 1h
acl greylist default delay 8m

(^_^)
Happy trails,
Jack L. Stone

System Admin
Sage-american

At 08:17 AM 8.8.2006 -0500, Jack L. Stone wrote:
>At 12:48 PM 8.8.2006 +0000, you wrote:
>>On Tue, Aug 08, 2006 at 07:34:19AM -0500, Jack L. Stone wrote:
>>> BUT, I found the line:
>>> acl blacklist dnsrbl "known spammers" flushaddr
>>> ...would not allow milter-greylist to start
>>
>>Which causes me no surprise, as you never defined "known spammers" as
>>a rcpt list, not a dnsrbl.
>>
>
>.....yes, my bad.
>
>>> So, changed to:
>>> acl blacklist list "known spammers" flushaddr
>>> ...and it started.
>>> 
>>> Is this experimental change correct since the m-gl won't run the other way
>>> as shown in the man greylist.cong(5)??
>>
>>It would have accepted it if you had defined the dnsrbl before, as explained
>>in the DNSRBL section of the man page. 
>>
>>Emmanuel Dreyfus
>
>I have it defined earlier above in the config:
>## SORBS
>dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
>acl greylist dnsrbl "SORBS DUN" delay 1h
>acl greylist default delay 8m
>

Sorry I'm not as sharp on this, but I gather I need to define it for a
blacklist rather than greylist???

Be patient on a user with no fear to try things, but will not always
comprehend.

I might add that milter-greylist is really maturing into a very powerful &
configurable spam fighter... keep up the good work fellows. I'm just trying
to keep up with you.

(^_^)
Happy trails,
Jack L. Stone

System Admin
Sage-american

At 12:23 PM 8.8.2006 +0000, you wrote:
>On Tue, Aug 08, 2006 at 07:18:57AM -0500, Jack L. Stone wrote:
>> list "known spammers" rcpt { /.*@.../ /.*@.../ /bad1@*/
>> /bad2@*/ }
>
>IMO, you want /.*@example1\.com/ and /bad1@.*/
>
>-- 
>Emmanuel Dreyfus
>manu@...

The man page sez this:
The domain, from, and rcpt clauses may be  used  with  regular  expres-
       sions.  The  regular  expressions  must  be enclosed by slashes (/). No
       escaping is available to provide a slash inside a  regular  expression,
       so  just do not use it. Regular expressions follow the format described
       in re_format(7).  Here is an example:

         acl greylist rcpt /.*@.../

(^_^)
Happy trails,
Jack L. Stone

System Admin
Sage-american

On Tue, Aug 08, 2006 at 08:31:13AM -0500, Jack L. Stone wrote:
> >I have it defined earlier above in the config:
> >## SORBS
> >dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
> >acl greylist dnsrbl "SORBS DUN" delay 1h
> >acl greylist default delay 8m
> >
> 
> Sorry I'm not as sharp on this, but I gather I need to define it for a
> blacklist rather than greylist???

It depends what you are looking for. blacklist means you just refuse mail 
sent from dynamic pools.

The above setup will require a minimum delay of 15 mn between resends
attempts, except for hosts on dynamic pools, which will have to wait 
one hour.

dynamic pools host xDSL and cable customers, which are known to be 
infected by spam engines. Very few of them will send legitimate mail.
Those who will can do it with a delay of one hour.
 
> Be patient on a user with no fear to try things, but will not always
> comprehend.
> I might add that milter-greylist is really maturing into a very powerful &
> configurable spam fighter... keep up the good work fellows. I'm just trying
> to keep up with you.

Yes, it's amazing how efficient the new features can be. I have not seen a
single spam getting through yet. I use exactly the setup above, but with 
a even higher delay for dynamic pools.

-- 
Emmanuel Dreyfus
manu@...

On Tue, Aug 08, 2006 at 08:35:35AM -0500, Jack L. Stone wrote:
> The man page sez this:
> The domain, from, and rcpt clauses may be  used  with  regular  expres-
>        sions.  The  regular  expressions  must  be enclosed by slashes (/). No
>        escaping is available to provide a slash inside a  regular  expression,
>        so  just do not use it. Regular expressions follow the format described
>        in re_format(7).  Here is an example:
> 
>          acl greylist rcpt /.*@.../

The man page contains the missing \ but does not displau it :-(

Here is a patch that fix it at mine. hat about you?
Index: greylist.conf.5
===================================================================
RCS file: /cvsroot/milter-greylist/greylist.conf.5,v
retrieving revision 1.39
diff -U1 -r1.39 greylist.conf.5
--- greylist.conf.5     8 Aug 2006 12:43:17 -0000       1.39
+++ greylist.conf.5     8 Aug 2006 13:53:03 -0000
@@ -130,3 +130,3 @@
 .PP
-  acl greylist rcpt /.*@example\.net/
+  acl greylist rcpt /.*@example\\.net/
 .PP
@@ -219,7 +219,7 @@
 
-acl whitelist rcpt /.*@.*otherdomain\.org/
+acl whitelist rcpt /.*@.*otherdomain\\.org/
 acl whitelist addr 192.168.42.0/24 rcpt user1@...
-acl whitelist from friend@... rcpt /.*@.*mydomain\.org/
+acl whitelist from friend@... rcpt /.*@.*mydomain\\.org/
 acl whitelist rcpt user2@...
-acl greylist rcpt /.*@.*mydomain\.org/
+acl greylist rcpt /.*@.*mydomain\\.org/
 acl whitelist default


-- 
Emmanuel Dreyfus
manu@...

At 01:54 PM 8.8.2006 +0000, you wrote:
>On Tue, Aug 08, 2006 at 08:35:35AM -0500, Jack L. Stone wrote:
>> The man page sez this:
>> The domain, from, and rcpt clauses may be  used  with  regular  expres-
>>        sions.  The  regular  expressions  must  be enclosed by slashes
(/). No
>>        escaping is available to provide a slash inside a  regular
expression,
>>        so  just do not use it. Regular expressions follow the format
described
>>        in re_format(7).  Here is an example:
>> 
>>          acl greylist rcpt /.*@.../
>
>The man page contains the missing \ but does not displau it :-(
>
>Here is a patch that fix it at mine. hat about you?
>-- 
>Emmanuel Dreyfus
>manu@...
>

Well, your suggested add "\" made more sense. Will try the patch.

Thanks!


(^_^)
Happy trails,
Jack L. Stone

System Admin
Sage-american

Emmanuel Dreyfus wrote:
> On Tue, Aug 08, 2006 at 07:18:57AM -0500, Jack L. Stone wrote:
>> list "known spammers" rcpt { /.*@.../ /.*@.../ /bad1@*/
>> /bad2@*/ }
> 
> IMO, you want /.*@example1\.com/ and /bad1@.*/
> 

Side note:

why /.*@example\.com/ instead of /@example\.com/ ?

In general, because regexes match sub-strings, any wild-cards at the beginning
or end of a regex are redundant and reduce efficiency.

/foo/ is equivalent to /.*foo.*/, but the later takes longer to run and uses
more memory. Both will match "foo" "foobar"  "somefoo" and "somefoobar".


You can abuse perl's regex debugger to compare the two. Admittedly,
milter-greylist doesn't use perl's regex engine, but it's a quick-and-easy tool
to show what at least one regex compiler will do with it in a straight-forward
implementation. (The perl regex optimizer might remove some of this later if you
did it in perl, but I doubt the basic POSIX regex library does such things).

Note the difference in the "size" and the number of bytes for offset annotations.

-------------------------------
perl -Mre=debug -e  "/foo/"
Freeing REx: `","'
Compiling REx `foo'
size 3 Got 28 bytes for offset annotations.
first at 1
rarest char f at 0
   1: EXACT <foo>(3)
   3: END(0)
anchored `foo' at 0 (checking anchored isall) minlen 3
Offsets: [3]
        1[3] 0[0] 4[0]
Omitting $` $& $' support.

-------------------------------
$perl -Mre=debug -e  "/.*foo.*/"
Freeing REx: `","'
Compiling REx `.*foo.*'
size 7 Got 60 bytes for offset annotations.
first at 2
rarest char f at 0
   1: STAR(3)
   2:   REG_ANY(0)
   3: EXACT <foo>(5)
   5: STAR(7)
   6:   REG_ANY(0)
   7: END(0)
floating `foo' at 0..2147483647 (checking floating) anchored(MBOL) implicit minlen 3

Offsets: [7]
        2[1] 1[1] 3[3] 0[0] 7[1] 6[1] 8[0]
Omitting $` $& $' support.
-------------------------------

At 11:58 AM 8.8.2006 -0400, you wrote:
>Emmanuel Dreyfus wrote:
>> On Tue, Aug 08, 2006 at 07:18:57AM -0500, Jack L. Stone wrote:
>>> list "known spammers" rcpt { /.*@.../ /.*@.../ /bad1@*/
>>> /bad2@*/ }
>> 
>> IMO, you want /.*@example1\.com/ and /bad1@.*/
>> 
>
>Side note:
>
>why /.*@example\.com/ instead of /@example\.com/ ?
>
>In general, because regexes match sub-strings, any wild-cards at the
beginning
>or end of a regex are redundant and reduce efficiency.
>
>/foo/ is equivalent to /.*foo.*/, but the later takes longer to run and uses
>more memory. Both will match "foo" "foobar"  "somefoo" and "somefoobar".
>
>
>You can abuse perl's regex debugger to compare the two. Admittedly,
>milter-greylist doesn't use perl's regex engine, but it's a quick-and-easy
tool

Thanks, Matt. I'll modify my lines for this.

BTW: I thought there was also a website that allowed one to check regex
statements at least to see if they work okay -- maybe not an optimizer, but
quick check for someone like me who has to be a "Jack of all (many?) trades
-- master of some".

(^_^)
Happy trails,
Jack L. Stone

System Admin
Sage-american

Jack L. Stone wrote:

> 
> BTW: I thought there was also a website that allowed one to check regex
> statements at least to see if they work okay -- maybe not an optimizer, but
> quick check for someone like me who has to be a "Jack of all (many?) trades
> -- master of some".

Were you perhaps thinking of this site?

http://osteele.com/tools/reanimator/