Milter-greylist

I've been running some 2.* versions of milter-greylist with great success 
for some two years or so. I'm now going to upgrade to 3.1.4 and have a few 
questions. I also saw that it now supports postfix, so am going to check 
it out for our postfix systems as well.

The basic install just went flawless and there was no problem to keep 
going with the existing greylist.conf. So, many thanks for making this 
upgrade process as perfect as it can be.

- the configure script is not executable by default, is there a reason for 
this?

- the init script for Suse still contains the clause
OPTIONS="-T -L 24 -w 14m -P $pidfile -u $user -p $socket
which leads to problems when you want to change some options in 
greylist.conf since the init parameter string will always override it.

I use OPTIONS="-P $pidfile -u $user -p $socket" which allows changes of 
all values you may typically change at runtime. I suggest changing the 
rc-suse.sh.in file in this way. (Did already back then).
I also added a "sleep 2" between the stop and start for the restart action 
as otherwise sometimes the successful stop would not get correctly 
detected.

- man greylist.conf says to use the "racl" keyword now. I suppose the acl 
keyword is still ok for compatibility reasons? Can I use racl and acl 
keywords mixed?

- the acl syntax used in the greylist.conf and the greylist2.conf is 
different. I suppose the syntax in the greylist.conf allows 
milter-greylist to load the list faster? Hm, just reading man 
greylist.conf says "grouping is sometimes useful". Is that all about it?

- I might want to use the rcptcount racl. Are authenticated clients 
automatically excluded from this if noauth is not set (so clients can send 
out with many recipients but incoming connections to clients can only drop 
a certain number of recipients)? Or would I need to change to "racl auth" 
and put that before the "racl rcptcount" line?

- there has been added quite a bit to the acl stuff and I'm not sure if I 
should make use of that. For instance what's the benefit of using DNSRBL 
in milter-greylist to using it in sendmail? Is there an article out 
somewhere that discusses this? Or how the urlcheck can be used?

Thanks,

Kai

-- 
Kai Sch\ufffdtzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Kai Schaetzl <maillists@...> wrote:

> The basic install just went flawless and there was no problem to keep
> going with the existing greylist.conf. So, many thanks for making this
> upgrade process as perfect as it can be.

Thank you for noticing. I take great care at making this software
sysadmin-friendly.

> - the configure script is not executable by default, is there a reason for
> this?

I just forgot to chmod it :-)

> - the init script for Suse still contains the clause
> OPTIONS="-T -L 24 -w 14m -P $pidfile -u $user -p $socket
> which leads to problems when you want to change some options in 
> greylist.conf since the init parameter string will always override it.
> 
> I use OPTIONS="-P $pidfile -u $user -p $socket" which allows changes of
> all values you may typically change at runtime. I suggest changing the
> rc-suse.sh.in file in this way. (Did already back then).
> I also added a "sleep 2" between the stop and start for the restart action
> as otherwise sometimes the successful stop would not get correctly 
> detected.

Send me a patch (-U2 against CVS please)
 
> - man greylist.conf says to use the "racl" keyword now. I suppose the acl
> keyword is still ok for compatibility reasons? Can I use racl and acl
> keywords mixed?

Sure, acl is just a synonym for racl now. I just committed an update to
the man page to document that.

> - the acl syntax used in the greylist.conf and the greylist2.conf is 
> different. I suppose the syntax in the greylist.conf allows 
> milter-greylist to load the list faster? Hm, just reading man 
> greylist.conf says "grouping is sometimes useful". Is that all about it?

You talk about the list clauses in ACL? I'm not sure the time to load is
different, but it makes the config file much simplier, as the same list
may be reused in different ACL.
 
> - I might want to use the rcptcount racl. Are authenticated clients 
> automatically excluded from this if noauth is not set (so clients can send
> out with many recipients but incoming connections to clients can only drop
> a certain number of recipients)? Or would I need to change to "racl auth"
> and put that before the "racl rcptcount" line?

I'd say you are right: they are excluded, except if you use noauth or an
auth clause. 

> - there has been added quite a bit to the acl stuff and I'm not sure if I
> should make use of that. For instance what's the benefit of using DNSRBL
> in milter-greylist to using it in sendmail? Is there an article out 
> somewhere that discusses this? 

You can adapt the greylisting delay based on the sender's reputaton in
various DNSRBL.

Also, sendmail does not offer you a nifty ACL where you can mix DNSRBL
results with recipients or other stuff.

> Or how the urlcheck can be used?

You can query an external source of information. I'm working at using a
LDAP directory for storing per-recipient settings.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...