Solution for ACCESS.DB found
2006-11-15 by Oliver Haufe
Hello,
recently i investigated the the features milter-greylist3.0rc7 and i read
nearly all posts that deal with sm_macor and access.db
The good news is that the sm_macro works as long as the macro is defined by
D{macro_mame}value or by ${macro_name} but on the other hand just defining
D{greylist}WHITE would nearly WITHLIST everything that das passed ACCESS.DB
or with other words it would move the spam prevention back into ACCESS.DB.
But it does not solve the POP before SMTP problematik. After my
investigation i wrote some code that can be placed into milter-greylist.c
and after a recompile it solved the probelm in my setup. If you find it
useful let me know. the code change i have documented after some
explanations of the macro features in sendmail.
Or to be more clear:
Please read carefuly because it contain valuable information of sendmails
behavior.
1) sm_macro "my macro" "themacro" VALUE -> is ok if
a) it is defined with "D{themacro}VALUE
b) and it is passed foe example with one of the milter macros to
milter-greylist like
O Milter.macros.envrcpt={themacro}
c) if a user wants to change the value in a rule set he can do it on the
RHS side of a rule set by doing a global define of
Kstorage macro
and in the rule set
R$* $: $(storage {themarco} $@ $1 $) $1
example:
in check_relay you will find
R<$={Accept}> < $* > $@ $1
if you change that to
R<$={Accept}> < $* > $@ $(storage {themacro} $@ STRING $) $1
{themacro} will contain "STRING" everytime the LHS side matches
2) When it comes to access.db for example sendmail is ckecking check_rcpt
before the milter "envrcpt" is called. if a user defines
O Milter.macros.envrcpt={greylist}
and futher follows the readme by define the macro and its value static with
D{greylist}WHITE
he completely disables the milter-greylist somehow because the turn the
SPAM control to access.db and depending on the features for RELAY checks is
automaticly whitelists all traifc that is not rejected explict in theaccess.db
To make it work correctly for example POP before SMTP (SMTP after POP=
environments the need to define the global macro
D{greylist}GREY
and then ajusting the rule sets to use the access.db in the right way like
i explained in 1) for check_relay but this time in the rule set check_rcpt.
Doing this i assume is for most of the users a hard task because i see a
lack of knowlegde by writing the correct LHS and RHS rules as i could see
from your mailing list.
CONCLUSION:
most POP before SMTP enviroment only writing to the access.db some thing like
x.x.x.x RELAY
y.y.y.y RELAY
and so on.
And now the code change to milter-greylist.c
The code honors "RELAY" and "OK" in the /etc/mail/access file and i used
the rc7 code as basis - the code is already kinda sanity checked and tested
- it works with my sendmail and aprox 1000 mail per hour
and i added in milter-greylist.c in the declaration of the the function
after row 291 four (4) variables.
sfsistat
mlfi_envrcpt(ctx, envrcpt)
SMFICTX *ctx;
char **envrcpt;
{
struct mlfi_priv *priv;
time_t remaining;
char *greylist;
char addrstr[IPADDRSTRLEN];
char rcpt[ADDRLEN + 1];
/* new definations added #1 begin*/
FILE *fda;
char accbuff[100];
char acc_ipaddr[50];
char acc_code[50];
/* new definations added #1 end*/
/* new definations added #2 after line 367 or after the exsiting code of
access.db - begin*/
if((fda = fopen("/etc/mail/access","r")) != NULL)
{
while(fgets(accbuff,100,fda) != 0)
{
sscanf(accbuff,"%s %s\n",acc_ipaddr,acc_code);
if(strncmp(acc_ipaddr,addrstr, strlen(addrstr))==0)
{
if(strcmp(acc_code,"RELAY") == 0 ||
strcmp(acc_code,"relay") == 0
|| strcmp(acc_code,"OK") == 0 ||
strcmp(acc_code,"ok") == 0)
{
mg_log(LOG_DEBUG, "whitelisted by
{/etc/mail/access}");
priv->priv_elapsed = 0;
priv->priv_whitelist = EXF_ACCESSDB;
fclose(fda);
return SMFIS_CONTINUE;
}
}
}
fclose(fda);
}
/* new definations added #2 end */
I hope you find it useful - just drop me a line...
mfg
Oliver