Milter-greylist

Hi,

My setup: Solaris 10, sendmail 8.13.8, milter-greylist 3.0rc5.

I have a sendmail Berkeley db file for "access ok" that looks
like so, before being hashed into a db file:

68.160.175.114 OK
166.137.179.183 OK
(etc)

I would like to have milter-greylist look at it to whitelist
IP numbers that appear in this db file.  I reference this db file
in my sendmail.cf as:

Kpopauth hash -a<OK> /etc/mail/db/pophash

then

SLocal_check_rcpt
R$*     $: $(popauth $&{client_addr} $: <?> $)
R<?>        $@ NoPopAuth

R$*<OK>     $# OK $(log "POPAUTH RELAY " $&{client_addr} $)

Can I get milter-greylist to use my db file?  How?  Is this via
the sendmail macro stuff mentioned in the greylist.conf manpage?

Jeff Earickson
Colby College

Jeff A. Earickson <jaearick@...> wrote:

> Can I get milter-greylist to use my db file?  How?  Is this via
> the sendmail macro stuff mentioned in the greylist.conf manpage?

Sure, you can do that. See the greylist.conf(5) man page:


SENDMAIL MACROS
       Any sendmail macro can be used as a clause in the access list. You need
       to define a (macro, value) pair using the sm_macro keyword before using
       it.  Here is an example that uses the {client_resolve} macro to apply a
       larger greylisting delay to hosts that have a bogus reverse DNS:

                sm_macro "maybe_forged" "{client_resolve}" "FORGED"

                acl greylist sm_macro "maybe_forged" delay 1h
                acl greylist default 15m

       A  regular  expression can be used as the macro value.  It must be sur-
       rounded with slashes and not by quotes.  The special  value  unset  can
       also be used to match an unset macro:

                sm_macro "not_foo" "{foo}" unset

       Note  that  any  Sendmail  macro  that  is  not exported using the Mil-
       ter.macros.envrcpt setting of sendmail.cf will be seen  as  unset  from
       milter-greylist.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Tue, 17 Oct 2006, manu@... wrote:

> Jeff A. Earickson <jaearick@...> wrote:
>
>> Can I get milter-greylist to use my db file?  How?  Is this via
>> the sendmail macro stuff mentioned in the greylist.conf manpage?
>
> Sure, you can do that. See the greylist.conf(5) man page:
>
>
> SENDMAIL MACROS

Yup, I was staring at this section of the manpage.  I added the
following to my greylist.conf:

sm_macro "POP relay" "popauth" "OK"
acl whitelist sm_macro "POP relay"

and it didn't work.  Syslog says (from an IP number I know is in
the popauth.db):

NOQUEUE: connect from pool-70-16-68-217.port.east.verizon.net [70.16.68.217]
Oct 17 13:28:54 jasper sendmail-in[19415]: [ID 801593 mail.info] k9HHSkWa019415: POPAUTH RELAY 70.16.68.217
Oct 17 13:28:54 jasper milter-greylist: [ID 751384 mail.info] k9HHSkWa019415: addr pool-70-16-68-217.port.east.verizon.net[70.16.68.217] from <testuser@...> to <jaearick@...> delayed for 00:05:00 (ACL 141)

Do I need to modify my sendmail.cf too, to add some kind of 
"O Milter.macros" line?  Or do I need to modify my popauth.db
file to say "ipnumber WHITE" instead of "ipnumber OK"?  What's
the trick here?

Jeff Earickson
Colby College

Jeff A. Earickson <jaearick@...> wrote:

> Do I need to modify my sendmail.cf too, to add some kind of 
> "O Milter.macros" line?  

As explained in greylist.conf(5), your sendmail.cf must contain a
Milter.macros.envrcpt which includes {popauth}. e.g.:
O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},
        {rcpt_addr},{popauth}

Also, your macro definition needs to include the curly braces:
sm_macro "POP relay" "{popauth}" "OK"

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Tue, 17 Oct 2006, manu@... wrote:

> Date: Tue, 17 Oct 2006 21:50:50 +0200
> From: manu@...
> Reply-To: milter-greylist@yahoogroups.com
> To: Milter Greylist list <milter-greylist@yahoogroups.com>
> Subject: Re: [milter-greylist] How to use sendmail db files?
> 
> Jeff A. Earickson <jaearick@...> wrote:
>
>> Do I need to modify my sendmail.cf too, to add some kind of
>> "O Milter.macros" line?
>
> As explained in greylist.conf(5), your sendmail.cf must contain a
> Milter.macros.envrcpt which includes {popauth}. e.g.:
> O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},
>        {rcpt_addr},{popauth}
>
> Also, your macro definition needs to include the curly braces:
> sm_macro "POP relay" "{popauth}" "OK"

I am still scratching my head over this issue, and I am wondering
how to test my setup, without having access to a remote host account
(offsite).  Is there any way to test milter-greylist (or any other
milter) via sendmail itself?  I was experimenting with the following
on my mail server:

% /usr/lib/sendmail -Am -bs -d64.5
milter_set_option(LogLevel = 12)
milter_set_option(macros.connect = j, {if_addr})
milter_set_option(macros.helo = {verify}, {cert_subject})
milter_set_option(macros.envfrom = i, {auth_authen})
milter_set_option(macros.envrcpt = {rcpt_mailer},{rcpt_host},{rcpt_addr},{popauth})
milter_set_option(macros.eom = {msg_id})
milter_negotiate(greylist): version 2, fflags 0x1, pflags 0x372
srvrsmtp.c:855: SM_ASSERT(q != NULL) failed
Abort
(hmmm, wonder what this is about???)

% /usr/lib/sendmail -bt -d64.5
milter_set_option(LogLevel = 12)
milter_set_option(macros.connect = j, {if_addr})
milter_set_option(macros.helo = {verify}, {cert_subject})
milter_set_option(macros.envfrom = i, {auth_authen})
milter_set_option(macros.envrcpt = {rcpt_mailer},{rcpt_host},{rcpt_addr},{popauth})
milter_set_option(macros.eom = {msg_id})
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> .D{client_addr}69.165.110.82
> /map popauth 69.165.110.82
map_lookup: popauth (69.165.110.82) returns OK<OK> (0)
>

What next to trigger/test a milter via sendmail?

Jeff Earickson
Colby College

Please, please a few more clues on troubleshooting...
I have tried many variants of the sendmail.cf settings, eg:

# Milter options
O Milter.LogLevel=12
O Milter.macros.connect=j, {if_addr}
# O Milter.macros.helo={verify}, {cert_subject}
O Milter.macros.envfrom=i
O Milter.macros.envrcpt={popauth}
#O Milter.macros.eom={msg_id}

I cannot get milter-greylist to whitelist anybody in the popauth
db, no matter what I do to greylist.conf or the sendmail.cf file.
I really need to get this working (and understand it).  Any good
reading on the milter macro settings above?

Jeff Earickson
Colby College

On Tue, 17 Oct 2006, manu@... wrote:

> Date: Tue, 17 Oct 2006 21:50:50 +0200
> From: manu@...
> Reply-To: milter-greylist@yahoogroups.com
> To: Milter Greylist list <milter-greylist@yahoogroups.com>
> Subject: Re: [milter-greylist] How to use sendmail db files?
> 
> Jeff A. Earickson <jaearick@...> wrote:
>
>> Do I need to modify my sendmail.cf too, to add some kind of
>> "O Milter.macros" line?
>
> As explained in greylist.conf(5), your sendmail.cf must contain a
> Milter.macros.envrcpt which includes {popauth}. e.g.:
> O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},
>        {rcpt_addr},{popauth}
>
> Also, your macro definition needs to include the curly braces:
> sm_macro "POP relay" "{popauth}" "OK"
>
> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
>
>
>
> Yahoo! Groups Links
>
>
>
>

Jeff A. Earickson <jaearick@...> wrote:

> I cannot get milter-greylist to whitelist anybody in the popauth
> db, no matter what I do to greylist.conf or the sendmail.cf file.
> I really need to get this working (and understand it).  Any good
> reading on the milter macro settings above?

It looks good.

It seems you'll have to do some debug. In macro.c, look for macro_check.
After the call to smfi_getsymval, add this

        syslog(LOG_INFO, "me->m_macro = \"%s\", value = \"%s\"\n", 
            me->m_macro, value);            

And tell me what you get.
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

This is already documented. You edited your poprelayd right? Google will tell 
you how to do this.

On Monday 23 October 2006 05:16 pm, Jeff A. Earickson wrote:
> Please, please a few more clues on troubleshooting...
> I have tried many variants of the sendmail.cf settings, eg:
>
> # Milter options
> O Milter.LogLevel=12
> O Milter.macros.connect=j, {if_addr}
> # O Milter.macros.helo={verify}, {cert_subject}
> O Milter.macros.envfrom=i
> O Milter.macros.envrcpt={popauth}
> #O Milter.macros.eom={msg_id}
>
> I cannot get milter-greylist to whitelist anybody in the popauth
> db, no matter what I do to greylist.conf or the sendmail.cf file.
> I really need to get this working (and understand it).  Any good
> reading on the milter macro settings above?
>
> Jeff Earickson
> Colby College
>
> On Tue, 17 Oct 2006, manu@... wrote:
> > Date: Tue, 17 Oct 2006 21:50:50 +0200
> > From: manu@...
> > Reply-To: milter-greylist@yahoogroups.com
> > To: Milter Greylist list <milter-greylist@yahoogroups.com>
> > Subject: Re: [milter-greylist] How to use sendmail db files?
> >
> > Jeff A. Earickson <jaearick@...> wrote:
> >> Do I need to modify my sendmail.cf too, to add some kind of
> >> "O Milter.macros" line?
> >
> > As explained in greylist.conf(5), your sendmail.cf must contain a
> > Milter.macros.envrcpt which includes {popauth}. e.g.:
> > O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},
> >        {rcpt_addr},{popauth}
> >
> > Also, your macro definition needs to include the curly braces:
> > sm_macro "POP relay" "{popauth}" "OK"
> >
> > --
> > Emmanuel Dreyfus
> > http://hcpnet.free.fr/pubz
> > manu@...
> >
> >
> >
> > Yahoo! Groups Links
>
> Yahoo! Groups Links
>
>
>

On Tue, 24 Oct 2006, manu@... wrote:

> Date: Tue, 24 Oct 2006 01:19:05 +0200
> From: manu@...
> Reply-To: milter-greylist@yahoogroups.com
> To: Milter Greylist list <milter-greylist@yahoogroups.com>
> Subject: Re: [milter-greylist] How to use sendmail db files?
> 
> Jeff A. Earickson <jaearick@...> wrote:
>
>> I cannot get milter-greylist to whitelist anybody in the popauth
>> db, no matter what I do to greylist.conf or the sendmail.cf file.
>> I really need to get this working (and understand it).  Any good
>> reading on the milter macro settings above?
>
> It looks good.
>
> It seems you'll have to do some debug. In macro.c, look for macro_check.
> After the call to smfi_getsymval, add this
>
>        syslog(LOG_INFO, "me->m_macro = \"%s\", value = \"%s\"\n",
>            me->m_macro, value);
>
> And tell me what you get.

My setup: Solaris 10, sendmail 8.13.8, milter-greylist 3.0rc5.

I added this in, recompiled, reinstalled, restarted greymilter.  It dies
almost instantly, before I can get ready to test my setup with my test user.
I also tried "mg_log(LOG_INFO..." instead of a straight syslog call.
The syslogging I see is:

Oct 24 08:12:02 jasper sendmail-in[17978]: [ID 801593 mail.info] k9OCC2tS017978: Milter (greylist): init success to negotiate
Oct 24 08:12:02 jasper sendmail-in[17978]: [ID 801593 mail.info] k9OCC2tS017978: Milter: connect to filters
Oct 24 08:12:10 jasper sendmail-in[17978]: [ID 801593 mail.error] k9OCC2tS017978: Milter (greylist): write(D) returned -1, expected 23: Broken pipe
Oct 24 08:12:10 jasper sendmail-in[17978]: [ID 801593 mail.info] k9OCC2tS017978: Milter (greylist): to error state

Kaboom!  Now what?

Jeff Earickson
Colby College

On Tue, 24 Oct 2006, eclark wrote:

Where?  I googled all over the place.  My perl popauth relay script
has worked correctly for a very long time, allowing sendmail relays
to authenticated pop users.

There needs to be some kind of method for troubleshooting the milter
itself.  My current technique is by-hand telnet to my port 25 from 
an outside connection, and seeing what happens after the sequence
of

EHLO
Mail From: <outside@...>
Rcpt To: <testuser@...>

But this is totally hit-or-miss, since I don't get much feedback
from my syslogs.

Jeff Earickson
Colby College

> This is already documented. You edited your poprelayd right? Google will tell
> you how to do this.
>
>
> On Monday 23 October 2006 05:16 pm, Jeff A. Earickson wrote:
>> Please, please a few more clues on troubleshooting...
>> I have tried many variants of the sendmail.cf settings, eg:
>>
>> # Milter options
>> O Milter.LogLevel=12
>> O Milter.macros.connect=j, {if_addr}
>> # O Milter.macros.helo={verify}, {cert_subject}
>> O Milter.macros.envfrom=i
>> O Milter.macros.envrcpt={popauth}
>> #O Milter.macros.eom={msg_id}
>>
>> I cannot get milter-greylist to whitelist anybody in the popauth
>> db, no matter what I do to greylist.conf or the sendmail.cf file.
>> I really need to get this working (and understand it).  Any good
>> reading on the milter macro settings above?
>>
>> Jeff Earickson
>> Colby College
>>
>> On Tue, 17 Oct 2006, manu@... wrote:
>>> Date: Tue, 17 Oct 2006 21:50:50 +0200
>>> From: manu@...
>>> Reply-To: milter-greylist@yahoogroups.com
>>> To: Milter Greylist list <milter-greylist@yahoogroups.com>
>>> Subject: Re: [milter-greylist] How to use sendmail db files?
>>>
>>> Jeff A. Earickson <jaearick@...> wrote:
>>>> Do I need to modify my sendmail.cf too, to add some kind of
>>>> "O Milter.macros" line?
>>>
>>> As explained in greylist.conf(5), your sendmail.cf must contain a
>>> Milter.macros.envrcpt which includes {popauth}. e.g.:
>>> O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},
>>>        {rcpt_addr},{popauth}
>>>
>>> Also, your macro definition needs to include the curly braces:
>>> sm_macro "POP relay" "{popauth}" "OK"
>>>
>>> --
>>> Emmanuel Dreyfus
>>> http://hcpnet.free.fr/pubz
>>> manu@...
>>>
>>>
>>>
>>> Yahoo! Groups Links
>>
>> Yahoo! Groups Links
>>
>>
>>
>
>
>
> Yahoo! Groups Links
>
>
>
>

Third link down:

http://hcpnet.free.fr/milter-greylist/poprelay/

This is googling for poprelayd +greylist. Be abundently aware that poprelayd 
is buggy and does not populate popauth.db cleanly. It never has. At the very 
least, you will have to ensure clean entries with something like this:

$s =~ s/^[^0-9.]+//;

Otherwise, you get nonip addresses in your popauthdb. I dont think this was 
ever fixed in poprelayd later versions. 

On Tuesday 24 October 2006 08:39 am, Jeff A. Earickson wrote:
> On Tue, 24 Oct 2006, eclark wrote:
>
> Where?  I googled all over the place.  My perl popauth relay script
> has worked correctly for a very long time, allowing sendmail relays
> to authenticated pop users.
>
> There needs to be some kind of method for troubleshooting the milter
> itself.  My current technique is by-hand telnet to my port 25 from
> an outside connection, and seeing what happens after the sequence
> of
>
> EHLO
> Mail From: <outside@...>
> Rcpt To: <testuser@...>
>
> But this is totally hit-or-miss, since I don't get much feedback
> from my syslogs.
>
> Jeff Earickson
> Colby College
>
> > This is already documented. You edited your poprelayd right? Google will
> > tell you how to do this.
> >
> > On Monday 23 October 2006 05:16 pm, Jeff A. Earickson wrote:
> >> Please, please a few more clues on troubleshooting...
> >> I have tried many variants of the sendmail.cf settings, eg:
> >>
> >> # Milter options
> >> O Milter.LogLevel=12
> >> O Milter.macros.connect=j, {if_addr}
> >> # O Milter.macros.helo={verify}, {cert_subject}
> >> O Milter.macros.envfrom=i
> >> O Milter.macros.envrcpt={popauth}
> >> #O Milter.macros.eom={msg_id}
> >>
> >> I cannot get milter-greylist to whitelist anybody in the popauth
> >> db, no matter what I do to greylist.conf or the sendmail.cf file.
> >> I really need to get this working (and understand it).  Any good
> >> reading on the milter macro settings above?
> >>
> >> Jeff Earickson
> >> Colby College
> >>
> >> On Tue, 17 Oct 2006, manu@... wrote:
> >>> Date: Tue, 17 Oct 2006 21:50:50 +0200
> >>> From: manu@...
> >>> Reply-To: milter-greylist@yahoogroups.com
> >>> To: Milter Greylist list <milter-greylist@yahoogroups.com>
> >>> Subject: Re: [milter-greylist] How to use sendmail db files?
> >>>
> >>> Jeff A. Earickson <jaearick@...> wrote:
> >>>> Do I need to modify my sendmail.cf too, to add some kind of
> >>>> "O Milter.macros" line?
> >>>
> >>> As explained in greylist.conf(5), your sendmail.cf must contain a
> >>> Milter.macros.envrcpt which includes {popauth}. e.g.:
> >>> O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},
> >>>        {rcpt_addr},{popauth}
> >>>
> >>> Also, your macro definition needs to include the curly braces:
> >>> sm_macro "POP relay" "{popauth}" "OK"
> >>>
> >>> --
> >>> Emmanuel Dreyfus
> >>> http://hcpnet.free.fr/pubz
> >>> manu@...
> >>>
> >>>
> >>>
> >>> Yahoo! Groups Links
> >>
> >> Yahoo! Groups Links
> >
> > Yahoo! Groups Links
>
> Yahoo! Groups Links
>
>
>

Just a caveat; the newer release of greylist probably does work with the 
macros if the db was sanitized. I am running an older version of the milter 
that isnt going anywhere yet until 3.0 goes stable. :)

On Tuesday 24 October 2006 08:39 am, Jeff A. Earickson wrote:
> On Tue, 24 Oct 2006, eclark wrote:
>
> Where?  I googled all over the place.  My perl popauth relay script
> has worked correctly for a very long time, allowing sendmail relays
> to authenticated pop users.
>
> There needs to be some kind of method for troubleshooting the milter
> itself.  My current technique is by-hand telnet to my port 25 from
> an outside connection, and seeing what happens after the sequence
> of
>
> EHLO
> Mail From: <outside@...>
> Rcpt To: <testuser@...>
>
> But this is totally hit-or-miss, since I don't get much feedback
> from my syslogs.
>
> Jeff Earickson
> Colby College
>
> > This is already documented. You edited your poprelayd right? Google will
> > tell you how to do this.
> >
> > On Monday 23 October 2006 05:16 pm, Jeff A. Earickson wrote:
> >> Please, please a few more clues on troubleshooting...
> >> I have tried many variants of the sendmail.cf settings, eg:
> >>
> >> # Milter options
> >> O Milter.LogLevel=12
> >> O Milter.macros.connect=j, {if_addr}
> >> # O Milter.macros.helo={verify}, {cert_subject}
> >> O Milter.macros.envfrom=i
> >> O Milter.macros.envrcpt={popauth}
> >> #O Milter.macros.eom={msg_id}
> >>
> >> I cannot get milter-greylist to whitelist anybody in the popauth
> >> db, no matter what I do to greylist.conf or the sendmail.cf file.
> >> I really need to get this working (and understand it).  Any good
> >> reading on the milter macro settings above?
> >>
> >> Jeff Earickson
> >> Colby College
> >>
> >> On Tue, 17 Oct 2006, manu@... wrote:
> >>> Date: Tue, 17 Oct 2006 21:50:50 +0200
> >>> From: manu@...
> >>> Reply-To: milter-greylist@yahoogroups.com
> >>> To: Milter Greylist list <milter-greylist@yahoogroups.com>
> >>> Subject: Re: [milter-greylist] How to use sendmail db files?
> >>>
> >>> Jeff A. Earickson <jaearick@...> wrote:
> >>>> Do I need to modify my sendmail.cf too, to add some kind of
> >>>> "O Milter.macros" line?
> >>>
> >>> As explained in greylist.conf(5), your sendmail.cf must contain a
> >>> Milter.macros.envrcpt which includes {popauth}. e.g.:
> >>> O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},
> >>>        {rcpt_addr},{popauth}
> >>>
> >>> Also, your macro definition needs to include the curly braces:
> >>> sm_macro "POP relay" "{popauth}" "OK"
> >>>
> >>> --
> >>> Emmanuel Dreyfus
> >>> http://hcpnet.free.fr/pubz
> >>> manu@...
> >>>
> >>>
> >>>
> >>> Yahoo! Groups Links
> >>
> >> Yahoo! Groups Links
> >
> > Yahoo! Groups Links
>
> Yahoo! Groups Links
>
>
>

On Tue, 2006-10-24 at 08:39 -0400, Jeff A. Earickson wrote:
> On Tue, 24 Oct 2006, eclark wrote:
> 
> Where?  I googled all over the place.  My perl popauth relay script
> has worked correctly for a very long time, allowing sendmail relays
> to authenticated pop users.
> 
> There needs to be some kind of method for troubleshooting the milter
> itself.  My current technique is by-hand telnet to my port 25 from 
> an outside connection, and seeing what happens after the sequence
> of
> 
> EHLO
> Mail From: <outside@...>
> Rcpt To: <testuser@...>
> 
>From Milter-Greylist homepage.

http://hcpnet.free.fr/milter-greylist/poprelay/

Regards
Michael Baird

On Tue, 24 Oct 2006, eclark wrote:

> Third link down:
>
> http://hcpnet.free.fr/milter-greylist/poprelay/

Ahah!  I never saw the links on the webpage because of the grey lettering/
green sidebar.  Old age, or maybe some color blindness.  I don't use
poprelayd, but an older variant on the same idea, see:

http://www.iecc.com/pop-before-smtp.html

Anyway, the suggestions of Mr. Messerer on this webpage concerns me.
The poprelayd fiddles with the contents of greylist.conf.  Yuck.

I would much rather have the greylist code use an existing 
Berkeley DB file that my sendmail.cf file looks at by way of the
following entry in my sendmail.cf file:

Kpopauth hash -a<OK> /etc/mail/db/pophash

This is what I'm trying to get to with the entries:

sm_macro "POP relay" "{popauth}" "OK"
acl whitelist sm_macro "POP relay"

in greylist.conf and the corresponding entries in sendmail.cf:

O Milter.macros.envrcpt={popauth}   (or something)

This is what I was trying to get to with M. Dreyfus' help and (maybe)
code debugging of rc5.  I would like to continue on that path.

Jeff Earickson
Colby College

I had this long, detailed email. I decided to shorten it. :)

Get rid of pop before smtp.

Weve used the hack described in that link for several months now and have had 
no issue, but our number 1 goal right now is to get rid of this archaic and 
outmoded authentication method. Saying it is of course, easier than doing it, 
but I would definitely recommend giving it a shot.

On Tuesday 24 October 2006 12:15 pm, Jeff A. Earickson wrote:
> On Tue, 24 Oct 2006, eclark wrote:
> > Third link down:
> >
> > http://hcpnet.free.fr/milter-greylist/poprelay/
>
> Ahah!  I never saw the links on the webpage because of the grey lettering/
> green sidebar.  Old age, or maybe some color blindness.  I don't use
> poprelayd, but an older variant on the same idea, see:
>
> http://www.iecc.com/pop-before-smtp.html
>
> Anyway, the suggestions of Mr. Messerer on this webpage concerns me.
> The poprelayd fiddles with the contents of greylist.conf.  Yuck.
>
> I would much rather have the greylist code use an existing
> Berkeley DB file that my sendmail.cf file looks at by way of the
> following entry in my sendmail.cf file:
>
> Kpopauth hash -a<OK> /etc/mail/db/pophash
>
> This is what I'm trying to get to with the entries:
>
> sm_macro "POP relay" "{popauth}" "OK"
> acl whitelist sm_macro "POP relay"
>
> in greylist.conf and the corresponding entries in sendmail.cf:
>
> O Milter.macros.envrcpt={popauth}   (or something)
>
> This is what I was trying to get to with M. Dreyfus' help and (maybe)
> code debugging of rc5.  I would like to continue on that path.
>
> Jeff Earickson
> Colby College
>
>
>
> Yahoo! Groups Links
>
>
>

At Wed, 18 Oct 2006 17:14:29 -0400 (EDT),
Jeff A. Earickson wrote:
> 
> On Tue, 17 Oct 2006, manu@... wrote:
> 
> > Date: Tue, 17 Oct 2006 21:50:50 +0200
> > From: manu@...
> > Reply-To: milter-greylist@yahoogroups.com
> > To: Milter Greylist list <milter-greylist@yahoogroups.com>
> > Subject: Re: [milter-greylist] How to use sendmail db files?
> > 
> > Jeff A. Earickson <jaearick@...> wrote:
> >
> >> Do I need to modify my sendmail.cf too, to add some kind of
> >> "O Milter.macros" line?
> >
> > As explained in greylist.conf(5), your sendmail.cf must contain a
> > Milter.macros.envrcpt which includes {popauth}. e.g.:
> > O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},
> >        {rcpt_addr},{popauth}
> >
> > Also, your macro definition needs to include the curly braces:
> > sm_macro "POP relay" "{popauth}" "OK"
> 
> I am still scratching my head over this issue, and I am wondering
> how to test my setup, without having access to a remote host account
> (offsite).  Is there any way to test milter-greylist (or any other
> milter) via sendmail itself?  I was experimenting with the following
> on my mail server:
> 
> % /usr/lib/sendmail -Am -bs -d64.5
> milter_set_option(LogLevel = 12)
> milter_set_option(macros.connect = j, {if_addr})
> milter_set_option(macros.helo = {verify}, {cert_subject})
> milter_set_option(macros.envfrom = i, {auth_authen})
> milter_set_option(macros.envrcpt = {rcpt_mailer},{rcpt_host},{rcpt_addr},{popauth})
> milter_set_option(macros.eom = {msg_id})
> milter_negotiate(greylist): version 2, fflags 0x1, pflags 0x372
> srvrsmtp.c:855: SM_ASSERT(q != NULL) failed
> Abort
> (hmmm, wonder what this is about???)

It is a known bug in sendmail 8.13.8.
http://www.sendmail.org/releases/8.13.8.php

Patch is available:
http://www.sendmail.org/patches/client_name.assert.p0

On Tue, Oct 24, 2006 at 12:15:17PM -0400, Jeff A. Earickson wrote:
> This is what I was trying to get to with M. Dreyfus' help and (maybe)
> code debugging of rc5.  I would like to continue on that path.

Me too! If the macro stuff is broken, I would like to fix it before
releasing 3.0. 

Did you tried running with the printf that shows the macro milter-greylist
is able to read?

-- 
Emmanuel Dreyfus
manu@...

At Tue, 24 Oct 2006 08:32:29 -0400 (EDT),
Jeff A. Earickson wrote:
> 
> On Tue, 24 Oct 2006, manu@... wrote:
> 
> > Date: Tue, 24 Oct 2006 01:19:05 +0200
> > From: manu@...
> > Reply-To: milter-greylist@yahoogroups.com
> > To: Milter Greylist list <milter-greylist@yahoogroups.com>
> > Subject: Re: [milter-greylist] How to use sendmail db files?
> > 
> > Jeff A. Earickson <jaearick@...> wrote:
> >
> >> I cannot get milter-greylist to whitelist anybody in the popauth
> >> db, no matter what I do to greylist.conf or the sendmail.cf file.
> >> I really need to get this working (and understand it).  Any good
> >> reading on the milter macro settings above?
> >
> > It looks good.
> >
> > It seems you'll have to do some debug. In macro.c, look for macro_check.
> > After the call to smfi_getsymval, add this
> >
> >        syslog(LOG_INFO, "me->m_macro = \"%s\", value = \"%s\"\n",
> >            me->m_macro, value);
> >
> > And tell me what you get.
> 
> My setup: Solaris 10, sendmail 8.13.8, milter-greylist 3.0rc5.
> 
> I added this in, recompiled, reinstalled, restarted greymilter.  It dies
> almost instantly, before I can get ready to test my setup with my test user.
> I also tried "mg_log(LOG_INFO..." instead of a straight syslog call.
> The syslogging I see is:
> 
> Oct 24 08:12:02 jasper sendmail-in[17978]: [ID 801593 mail.info] k9OCC2tS017978: Milter (greylist): init success to negotiate
> Oct 24 08:12:02 jasper sendmail-in[17978]: [ID 801593 mail.info] k9OCC2tS017978: Milter: connect to filters
> Oct 24 08:12:10 jasper sendmail-in[17978]: [ID 801593 mail.error] k9OCC2tS017978: Milter (greylist): write(D) returned -1, expected 23: Broken pipe
> Oct 24 08:12:10 jasper sendmail-in[17978]: [ID 801593 mail.info] k9OCC2tS017978: Milter (greylist): to error state
> 
> Kaboom!  Now what?

Manu's patch was inappropreate. The value seems to be NULL.
Instead, try milter-greylist -v and look at a line like this:
Oct xx xx:xx:xx hostname milter-greylist: sm_macro "xx" {popauth}=XXXX nomatch

On Tue, 24 Oct 2006, eclark wrote:

> Date: Tue, 24 Oct 2006 12:34:04 -0400
> From: eclark <eclark@...>
> Reply-To: milter-greylist@yahoogroups.com
> To: milter-greylist@yahoogroups.com
> Subject: Re: [milter-greylist] How to use sendmail db files?
> 
> I had this long, detailed email. I decided to shorten it. :)
>
> Get rid of pop before smtp.

I totally agree.  I've taken several swipes at doing this, all with
no success so far.  Don't know why I cannot get it to work.

However, it would be good if greylist-milter could talk to other
access db's in sendmail.

Jeff Earickson
Colby College

Jeff A. Earickson wrote:
> On Tue, 24 Oct 2006, eclark wrote:
>
>   
>> Date: Tue, 24 Oct 2006 12:34:04 -0400
>> From: eclark <eclark@...>
>> Reply-To: milter-greylist@yahoogroups.com
>> To: milter-greylist@yahoogroups.com
>> Subject: Re: [milter-greylist] How to use sendmail db files?
>>
>> I had this long, detailed email. I decided to shorten it. :)
>>
>> Get rid of pop before smtp.
>>     
>
> I totally agree.  I've taken several swipes at doing this, all with
> no success so far.  Don't know why I cannot get it to work.
>
> However, it would be good if greylist-milter could talk to other
> access db's in sendmail.

We've tried a different approach. Had it running for a year or more, but
it periodically barfs and dies. So I have a further step of having a
chron job that watches milter-greylist and restarts it if it dies.

Anyway, we have C code that's patched into milter-greylist to read the
popip.db from poprelayd and not greylist if an entry is found in the
database. We are trying to convert everyone to using secure
authentication with smtp, but older clients cannot do that. So our use
of popip.db is maintained to help those on older computers with older OS
and clients.

I believe Lawren Quigley-Jones who wrote this code sent it in. He's no
longer here. If anyone is interested and no one has any memory of it
being submitted before, I could do a diff (patched vs. orig) and send it
in. You could look at it and see if it is useful. I have it running with
milter-greylist-1.6. We also have a patched version of
milter-greylist-2.0.2, but that seemed more unstable when we tried to
bring it up. So we've stayed with 1.6.


---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst 

<hoogendyk@...>

--------------- 

Erd\ufffds 4

AIDA Shinra <shinra@...> wrote:

> Manu's patch was inappropreate. The value seems to be NULL.

Well, let's make sure that it was really the debug message that wxas
crashing it:

        mg_log(LOG_INFO, "me->m_macro = \"%s\", value = \"%s\"\n",
            (me->m_macro != NULL) ? me->m_macro : "(null)", 
            (value != NULL) ? value : "(null)");



-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

I'll try this tomorrow.  We had a power failure today followed by
several hours of severe network problems.  No time for fun like this!

Jeff Earickson
Colby College

On Tue, 24 Oct 2006, manu@... wrote:

> Date: Tue, 24 Oct 2006 22:52:28 +0200
> From: manu@...
> Reply-To: milter-greylist@yahoogroups.com
> To: milter-greylist@yahoogroups.com
> Subject: Re: [milter-greylist] How to use sendmail db files?
> 
> AIDA Shinra <shinra@...> wrote:
>
>> Manu's patch was inappropreate. The value seems to be NULL.
>
> Well, let's make sure that it was really the debug message that wxas
> crashing it:
>
>        mg_log(LOG_INFO, "me->m_macro = \"%s\", value = \"%s\"\n",
>            (me->m_macro != NULL) ? me->m_macro : "(null)",
>            (value != NULL) ? value : "(null)");
>
>
>
> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
>
>
>
> Yahoo! Groups Links
>
>
>
>

Manu,

I stuck the line below into macro.c.  Now I get beaucoup of:

milter-greylist: ...  me->m_macro = "{popauth}", value = "(null)"

in my syslog.  Good.  So I continued fiddling with the sendmail.cf
settings, eg:

# Milter options
O Milter.LogLevel=12
O Milter.macros.connect=j,{if_addr}
# O Milter.macros.helo={verify}, {cert_subject}
O Milter.macros.envfrom=i,{popauth}
O Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},{rcpt_addr},{greylist},{popauth}
#O Milter.macros.eom={msg_id}

trying various settings for envfrom and envrcpt (I don't understand 
what happens here, so I don't know what I am doing).  Nothing that
I have tried in the Milter.macros gives me anything other than
value = "(null)" in the syslog lines.  Here is what some of the syslogging
looks like:

Oct 25 11:07:09 jasper sendmail-in[21282]: [ID 801593 mail.info] k9PF6kSB021282: POPAUTH RELAY 134.181.129.111
Oct 25 11:07:09 jasper milter-greylist: [ID 407512 mail.info] me->m_macro = "{popauth}", value = "(null)"
Oct 25 11:07:09 jasper milter-greylist: [ID 751384 mail.info] k9PF6kSB021282: addr a5198.bates.edu[134.181.129.111] from <jaearick@...> to <joeblow@...> delayed for 01:00:00 (ACL 144)
Oct 25 11:07:09 jasper sendmail-in[21282]: [ID 801593 mail.info] k9PF6kSB021282: milter=greylist, action=rcpt, reject=451 4.7.1 Greylisting in action, please come back in 01:00:00
Oct 25 11:07:09 jasper sendmail-in[21282]: [ID 801593 mail.info] k9PF6kSB021282: Milter: to=<joeblow@...>, reject=451 4.7.1 Greylisting in action, please come back in 01:00:00

When I did this test, the remote site (134.181.129.111) was already in the 
popauth.db file, and sendmail announces this via the "POPAUTH RELAY" syslog
line.  Then I get the null value from m_macro and get greylisted.

Is this issue a code bug or misconfiguration in the sendmail.cf milter.macros?
Now what?

Jeff Earickson
Colby College 

On Tue, 24 Oct 2006, manu@... wrote:

> Date: Tue, 24 Oct 2006 22:52:28 +0200
> From: manu@...
> Reply-To: milter-greylist@yahoogroups.com
> To: milter-greylist@yahoogroups.com
> Subject: Re: [milter-greylist] How to use sendmail db files?
> 
> AIDA Shinra <shinra@...> wrote:
>
>> Manu's patch was inappropreate. The value seems to be NULL.
>
> Well, let's make sure that it was really the debug message that wxas
> crashing it:
>
>        mg_log(LOG_INFO, "me->m_macro = \"%s\", value = \"%s\"\n",
>            (me->m_macro != NULL) ? me->m_macro : "(null)",
>            (value != NULL) ? value : "(null)");
>
>
>
> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
>
>
>
> Yahoo! Groups Links
>
>
>
>

Jeff A. Earickson <jaearick@...> wrote:

> I stuck the line below into macro.c.  Now I get beaucoup of: 
> milter-greylist: ...  me->m_macro = "{popauth}", value = "(null)"
(snip) 
> # Milter options
> O Milter.LogLevel=12
> O Milter.macros.connect=j,{if_addr}
> # O Milter.macros.helo={verify}, {cert_subject}
> O Milter.macros.envfrom=i,{popauth}
> O
Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},{rcpt_addr},{greylist},{
popauth}
> #O Milter.macros.eom={msg_id}
> 
> trying various settings for envfrom and envrcpt (I don't understand 
> what happens here, so I don't know what I am doing).  Nothing that
> I have tried in the Milter.macros gives me anything other than
> value = "(null)" in the syslog lines.  Here is what some of the syslogging
> looks like:

Weird. Can you add another mg_log to check what happens if you try to
other macros that are known to be okay? Can you read {i} or {rcpt_addr},
for instance?


-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Sometime, somewhere, Jeff Earickson scribbled:

> Anyway, the suggestions of Mr. Messerer on this webpage concerns me.
> The poprelayd fiddles with the contents of greylist.conf. Yuck.
>
> I would much rather have the greylist code use an existing
> Berkeley DB file that my sendmail.cf file looks at by way of the
> following entry in my sendmail.cf file:
>
> Kpopauth hash -a<OK> /etc/mail/db/pophash
>
> This is what I'm trying to get to with the entries:
>
> sm_macro "POP relay" "{popauth}" "OK"
> acl whitelist sm_macro "POP relay"
>
> in greylist.conf and the corresponding entries in sendmail.cf:
>
> O Milter.macros.envrcpt={popauth} (or something)
>
> This is what I was trying to get to with M. Dreyfus' help and 
(maybe)
> code debugging of rc5. I would like to continue on that path.
>
> Jeff Earickson

Fellow humans,

I'm no sendmail guru.  I've been trying to find a solution to this 
problem concurrently.  I think I've discovered the source of our 
difficulty.

If someone knows something that I don't (which wouldn't be hard), 
please slap me around.

After having conducted some research, I've come to the conclusion that 
popauth db, like access db, is a map.  I don't think we can pass a map 
to a milter, only a macro.  It seems to me (again, no sendmail expert) 
that a macro could be likened to a variable, whereas a map seems to be 
more of a function.

Regardless, I totally agree with you Jeff, that munging the conf file 
is a hazardous proposition at best.  I think that the quickest path to 
success will be us finding someone who can write a sendmail ruleset to 
populate a macro (that we can then pass to the milter) based upon a 
lookup from a map.

On Wed, 25 Oct 2006, Bigby Findrake wrote:

> After having conducted some research, I've come to the conclusion that
> popauth db, like access db, is a map.  I don't think we can pass a map
> to a milter, only a macro.  It seems to me (again, no sendmail expert)
> that a macro could be likened to a variable, whereas a map seems to be
> more of a function.

Yes, it is a map.  Witness, on my mail server:

% /usr/lib/sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /map popauth 134.181.129.111   (the IP number I was using for testing)
map_lookup: popauth (134.181.129.111) returns OK<OK> (0)
(cntl-D)

So maybe I was confused all along.  The manpage for milter-greylist 
indicates that the milter can access the hash/map db files that sendmail
uses.  Maybe this isn't true???

>
> Regardless, I totally agree with you Jeff, that munging the conf file
> is a hazardous proposition at best.  I think that the quickest path to
> success will be us finding someone who can write a sendmail ruleset to
> populate a macro (that we can then pass to the milter) based upon a
> lookup from a map.

On Wed, 25 Oct 2006, manu@... wrote:

> Date: Wed, 25 Oct 2006 18:02:58 +0200
> From: manu@...
> Reply-To: milter-greylist@yahoogroups.com
> To: milter-greylist@yahoogroups.com
> Subject: Re: [milter-greylist] How to use sendmail db files?
> 
> Jeff A. Earickson <jaearick@...> wrote:
>
>> I stuck the line below into macro.c.  Now I get beaucoup of:
>> milter-greylist: ...  me->m_macro = "{popauth}", value = "(null)"
> (snip)
>> # Milter options
>> O Milter.LogLevel=12
>> O Milter.macros.connect=j,{if_addr}
>> # O Milter.macros.helo={verify}, {cert_subject}
>> O Milter.macros.envfrom=i,{popauth}
>> O
> Milter.macros.envrcpt={rcpt_mailer},{rcpt_host},{rcpt_addr},{greylist},{
> popauth}
>> #O Milter.macros.eom={msg_id}
>>
>> trying various settings for envfrom and envrcpt (I don't understand
>> what happens here, so I don't know what I am doing).  Nothing that
>> I have tried in the Milter.macros gives me anything other than
>> value = "(null)" in the syslog lines.  Here is what some of the syslogging
>> looks like:
>
> Weird. Can you add another mg_log to check what happens if you try to
> other macros that are known to be okay? Can you read {i} or {rcpt_addr},
> for instance?

I'm confused again...  The line that I added in macro_check() seems 
general -- it should report on any macro, right?  But all it ever
mentions is {popauth}.  What would I put where?  Can't I just put
"debug" in the greylist.conf file and get a lot of debugging?  Maybe
this is overkill...

Jeff Earickson
Colby College