Milter-greylist

When "nospf" option is unset everything passes through due to change
of spf.c on 2007/01/28.

Index: milter-greylist.c
===================================================================
RCS file: /milter-greylist/milter-greylist/milter-greylist.c,v
retrieving revision 1.176
diff -u -r1.176 milter-greylist.c
--- milter-greylist.c	9 Mar 2007 04:37:00 -0000	1.176
+++ milter-greylist.c	20 Mar 2007 03:53:32 -0000
@@ -418,7 +418,7 @@
 	/*
 	 * Is the sender address SPF-compliant?
 	 */
-	if ((conf.c_nospf == 0) && (SPF_CHECK(priv) != EXF_NONE)) {
+	if ((conf.c_nospf == 0) && SPF_CHECK(priv)) {
 		char ipstr[IPADDRSTRLEN];
 
 		if (iptostring(SA(&priv->priv_addr),

Tere.

Sorry, second try, don't know why previous message wasn't sent:

Mar 22 01:31:12 tibu sendmail[14096]: l2LNV0vs014092: 
to=<milter-greylist@yahoogroups.com>, ctladdr=<sysadmin@...> 
(516/500), delay=00:00:12, xdelay=00:00:12, mailer=esmtp, pri=121994, 
relay=mta7.grp.scd.yahoo.com. [66.218.67.33], dsn=2.0.0, stat=Sent (ok 
1174519872 qp 99928)



> When "nospf" option is unset everything passes through due to change
> of spf.c on 2007/01/28.
>
>   

I'm confused, does or doesn't this patch concern me?

You see, I have always compiled milter-greylist with same options:

./configure --with-user=smmsp --without-db --without-drac-db
\
    --with-conffile=/etc/mail/greylist.conf
--with-dumpfile=/etc/mail/greylist.db \
    --bindir=/usr/local/sbin --enable-dnsrbl --with-libbind=/usr/lib

And I presume, that the spf stuff is optional, not default choice?
Anyway I don't want to use spf feature. However since I compiled and
installed the milter-greylist-3.1.7 I noticed a lot spam coming true, so
I did even increase the delay time, but later checked logs:

Mar 22 00:24:59 tibu milter-greylist: Sender IP 218.113.87.15 and
address <wordsbyjoy.com@...> are SPF-compliant, bypassing
greylist
Mar 22 00:35:53 tibu milter-greylist: Sender IP 83.20.171.150 and
address <repetitionopu@...> are SPF-compliant,
bypassing greylist
Mar 22 00:46:38 tibu milter-greylist: Sender IP 85.82.202.106 and
address <hassan@...> are SPF-compliant, bypassing greylist

What the hell is going on? As I haven't compiled milter-greylist with
the spf support, also the nospf option is commented out in conf file.
Should I enble it, or use --without-libspf2 (btw I don't even have any
spf sources, etc at all in my computer) option when compiling?


-- 
Mart

Mart Pirita <sysadmin@...> wrote:

> However since I compiled and
> installed the milter-greylist-3.1.7 I noticed a lot spam coming true, so
> I did even increase the delay time, but later checked logs:
> 
> Mar 22 00:24:59 tibu milter-greylist: Sender IP 218.113.87.15 and
> address <wordsbyjoy.com@...> are SPF-compliant, bypassing
> greylist
(snip)
> What the hell is going on?

Can you remove AIDA Shinra's change, to make sure this is the problem?
cvs -r1.176 -r1.177 milter-greylist.c|patch -R

If it is the case, I'll roll out 3.1.8 with the fix immediatly.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Thu, Mar 22, 2007 at 08:24:25AM +0100, manu@... wrote:
> If it is the case, I'll roll out 3.1.8 with the fix immediatly.

I checked it out. Indeed the SPF fix cause the problem. I removed it, and
here is 3.1.8:

http://ftp.espci.fr/pub/milter-greylist/milter-greylist-3.1.8.tgz
MD5 (milter-greylist-3.1.8.tgz) = 963f1e253b1322a60779fd60d15b4984

From Changelog:
3.1.8
        Allow filtering on the HELO string
	Back out previous SPF fix, it caused accept-all with SPF-less builds

-- 
Emmanuel Dreyfus
manu@...

Tere.
>
> Can you remove AIDA Shinra's change, to make sure this is the problem?
> cvs -r1.176 -r1.177 milter-greylist.c|patch -R
>
> If it is the case, I'll roll out 3.1.8 with the fix immediatly.
>
>   
Prr, seems I have old and noncompatible cvs for that job:(.

-- 
Mart

On Thu, Mar 22, 2007 at 12:10:57PM +0200, Mart Pirita wrote:
> Prr, seems I have old and noncompatible cvs for that job:(.

Perhaps export CVS_RSH=ssh ?

3.1.8 contains the fix, anyway.

-- 
Emmanuel Dreyfus
manu@...

At Thu, 22 Mar 2007 10:16:53 +0000,
Emmanuel Dreyfus wrote:
> 
> On Thu, Mar 22, 2007 at 12:10:57PM +0200, Mart Pirita wrote:
> > Prr, seems I have old and noncompatible cvs for that job:(.
> 
> Perhaps export CVS_RSH=ssh ?
> 
> 3.1.8 contains the fix, anyway.

Real fix here:

Index: milter-greylist.c
===================================================================
RCS file: /milter-greylist/milter-greylist/milter-greylist.c,v
retrieving revision 1.179
diff -u -r1.179 milter-greylist.c
--- milter-greylist.c	22 Mar 2007 16:28:52 -0000	1.179
+++ milter-greylist.c	22 Mar 2007 11:35:46 -0000
@@ -415,7 +415,7 @@
 	/*
 	 * Is the sender address SPF-compliant?
 	 */
-	if ((conf.c_nospf == 0) && (SPF_CHECK(priv) != EXF_NONE)) {
+	if ((conf.c_nospf == 0) && SPF_CHECK(priv)) {
 		char ipstr[IPADDRSTRLEN];
 
 		if (iptostring(SA(&priv->priv_addr),
Index: spf.h
===================================================================
RCS file: /milter-greylist/milter-greylist/spf.h,v
retrieving revision 1.12
diff -u -r1.12 spf.h
--- spf.h	9 Jan 2007 22:22:43 -0000	1.12
+++ spf.h	22 Mar 2007 11:35:46 -0000
@@ -47,7 +47,7 @@
 		  struct acl_param *, struct mlfi_priv *);
 #define SPF_CHECK(priv) spf_check(NULL, AS_RCPT, NULL, (priv))
 #else
-#define SPF_CHECK(priv) EXF_NONE
+#define SPF_CHECK(priv) 0
 
 #endif

Tere.
>
> Perhaps export CVS_RSH=ssh ?
>   
Maybe?
> 3.1.8 contains the fix, anyway.
>
>   
Yes, thank You.

-- 
Mart