Milter-greylist

Hi all,

i want to configure an acl for mails with an empty from header.
As suggested in a previous thread(starting with Message #3664) i tried the regex /^$/ and configured the following acl

acl greylist from /^$/ delay 6m autowhite 5d

In maillog i see, that the messages still hit the default acl at the end of the config file.
Is there an error in my acl line?
Example maillog entry:
addr xxx[xxx.xxx.xxx.xxx] from <> to <postmaster@...> delayed for 00:06:00 (ACL 157)
157 is the linenumber of the default acl in the cofig.

The intention is to deactivate the autowhitelist feature for those mails. An acl line with autowhite 0 leeds to a syntax error.
Do you have other suggestions for handling spam with empty from header?

My milter-greylist Version is 3.0

Thank you

Andreas

Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT FÜR ALLE NEUEINSTEIGER
Jetzt bei Arcor: günstig und schnell mit DSL - das All-Inclusive-Paket
für clevere Doppel-Sparer, nur  34,95 €  inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2

wrote on Wed, 8 Aug 2007 11:24:25 +0200 (CEST):

just guessing.

> acl greylist from /^$/ delay 6m autowhite 5d
> 
> In maillog i see, that the messages still hit the default acl at the end of the config file.
> Is there an error in my acl line?
> Example maillog entry:
> addr xxx[xxx.xxx.xxx.xxx] from <> to <postmaster@...> delayed for 00:06:00 (ACL 157)
> 157 is the linenumber of the default acl in the cofig.

Hm, do you get other entries that this mail got delayed any further than 6 minutes?
Just with this line it looks like it was delayed and rejected and will be allowed with the next connect as the 6 minutes are 
over. (I think it should be allowed in the next second after 00:06:00.)
I agree, the "ACL 157" suggests it doesn't use that specific ACL here, but is it really not using it?

> The intention is to deactivate the autowhitelist feature for those mails. An acl line with autowhite 0 leeds to a syntax error.

Don't know, but did you try 0d or 1s or so?

Kai

-- 
Kai Sch\ufffdtzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

oecher_news@... wrote:
> Hi all,
> 
> i want to configure an acl for mails with an empty from header.
> As suggested in a previous thread(starting with Message #3664) i tried the regex /^$/ and configured the following acl
> 
> acl greylist from /^$/ delay 6m autowhite 5d
> 
> In maillog i see, that the messages still hit the default acl at the end of the config file.
> Is there an error in my acl line?
> Example maillog entry:
> addr xxx[xxx.xxx.xxx.xxx] from <> to <postmaster@...> delayed for 00:06:00 (ACL 157)
> 157 is the linenumber of the default acl in the cofig.
> 
> The intention is to deactivate the autowhitelist feature for those mails. An acl line with autowhite 0 leeds to a syntax error.
> Do you have other suggestions for handling spam with empty from header?
> 
> My milter-greylist Version is 3.0
> 
> Thank you
> 

In my experience, despite claims to the contrary by Emmanuel, the From field
that gets passed to the ACLs contains the brackets. If my experience is true,
then /^$/ will never match anything.

Try /^<>$/ or /<>/ instead.

On Wed, Aug 08, 2007 at 10:36:05AM -0400, Matt Kettler wrote:
> In my experience, despite claims to the contrary by Emmanuel, the From field
> that gets passed to the ACLs contains the brackets. If my experience is true,
> then /^$/ will never match anything.
> 
> Try /^<>$/ or /<>/ instead.

Heh, I'm not 100% reliable. I wrote that code 3 years ago, that's enough 
for me to forget my orinal idea :-)

-- 
Emmanuel Dreyfus
manu@...

Emmanuel Dreyfus wrote:
> On Wed, Aug 08, 2007 at 10:36:05AM -0400, Matt Kettler wrote:
>> In my experience, despite claims to the contrary by Emmanuel, the From field
>> that gets passed to the ACLs contains the brackets. If my experience is true,
>> then /^$/ will never match anything.
>>
>> Try /^<>$/ or /<>/ instead.
> 
> Heh, I'm not 100% reliable. I wrote that code 3 years ago, that's enough 
> for me to forget my orinal idea :-)
> 

True, but neither is my experience, hence my "try this and see what happens"
recommendation. :-)

--- In milter-greylist@yahoogroups.com, Kai Schaetzl <maillists@...>
wrote:
>
>  wrote on Wed, 8 Aug 2007 11:24:25 +0200 (CEST):
> 
> just guessing.
> 
> > acl greylist from /^$/ delay 6m autowhite 5d
> > 
> > In maillog i see, that the messages still hit the default acl at
the end of the config file.
> > Is there an error in my acl line?
> > Example maillog entry:
> > addr xxx[xxx.xxx.xxx.xxx] from <> to <postmaster@...> delayed for
00:06:00 (ACL 157)
> > 157 is the linenumber of the default acl in the cofig.
> 
> Hm, do you get other entries that this mail got delayed any further
than 6 minutes?

> Just with this line it looks like it was delayed and rejected and
will be allowed with the next connect as the 6 minutes are 
> over. (I think it should be allowed in the next second after 00:06:00.)

Thats the behaviour i expect and if resend after the 6 min the triple
gets autowhitelisted for the default value of 7 days not for the 5
days specified at the acl they should hit.
Sorry for posting only that one line. It illustrates the first attempt
of such mail and the hit acl. The log-entry "...autowhitelisted
for..." did not inform about the acl taken. So i did not post such line.

> I agree, the "ACL 157" suggests it doesn't use that specific ACL
here, but is it really not using it?
> 
> > The intention is to deactivate the autowhitelist feature for those
mails. An acl line with autowhite 0 leeds to a syntax error.
> 
> Don't know, but did you try 0d or 1s or so?

I tried 1s but was not sure if that was the fault, because timeout is
set to 5d. Somwhere i read if autowhite is smaler than timeout the
defualt autowhite will be taken.
But now i think the regex /^$/ will not be hit by those messages with
empty from field.
The above acl resides at line 153 of the config and is the first acl
of type greylist. And as i understood the docu the first hit line will
do the job.

Kind regards

Andreas

--- In milter-greylist@yahoogroups.com, Matt Kettler <mkettler@...> wrote:
>
> Emmanuel Dreyfus wrote:
> > On Wed, Aug 08, 2007 at 10:36:05AM -0400, Matt Kettler wrote:
> >> In my experience, despite claims to the contrary by Emmanuel, the
From field
> >> that gets passed to the ACLs contains the brackets. If my
experience is true,
> >> then /^$/ will never match anything.
> >>
> >> Try /^<>$/ or /<>/ instead.
> > 
> > Heh, I'm not 100% reliable. I wrote that code 3 years ago, that's
enough 
> > for me to forget my orinal idea :-)
> > 
> 
> True, but neither is my experience, hence my "try this and see what
happens"
> recommendation. :-)
>

I'll try both and report tomorrow.

Thank you

Andreas

Thank you!!!


> >> Try /^<>$/ or /<>/ instead.

both regex do the job.

Kind regards

Andreas

Will this work for subject line also, like following?


acl greylist subject /^<>$/ delay 6m autowhite 5d


Simon

>
>
>
> In my experience, despite claims to the contrary by Emmanuel, the From
> field
> that gets passed to the ACLs contains the brackets. If my experience
> is true,
> then /^$/ will never match anything.
>
> Try /^<>$/ or /<>/ instead.
>
>

On Wed, Aug 08, 2007 at 09:44:03AM -0700, Simon Gao wrote:
> Will this work for subject line also, like following?
> acl greylist subject /^<>$/ delay 6m autowhite 5d

We don't have this clause. You can filter on the headers (note it's dacl:
DATA stage):
dacl whitelist header /^Subject: <>$/

I don't recall if we can greylist at data stage, thought. I suspect we
can't

-- 
Emmanuel Dreyfus
manu@...

Emmanuel Dreyfus wrote:
> On Wed, Aug 08, 2007 at 09:44:03AM -0700, Simon Gao wrote:
>> Will this work for subject line also, like following?
>> acl greylist subject /^<>$/ delay 6m autowhite 5d
> 
> We don't have this clause. You can filter on the headers (note it's dacl:
> DATA stage):
> dacl whitelist header /^Subject: <>$/

Also, you'd want to drop the <> part.. that won't appear in a normal subject line.

Something like this might work better:
/^Subject:( )*$/

Which will match subject lines that are empty, or those containing spaces.

> 
> I don't recall if we can greylist at data stage, thought. I suspect we
> can't

I think you can, but you get restricted to greylisting all recipients of the
email. ie: no whitelists.
However, even if it is possibl, greylisting at the data stage is unwise as it
could be hazardous to your bandwidth. You're essentially tempfail'ing the
message after the whole message has been transmitted. If the sending server
retries often, and the message is large, you'll consume a lot of bandwidth.

(And for reference, it is IMPOSSIBLE to greylist after the subject, or any other
header, but before the body. There's no pause in the SMTP protocol there, so the
server can't return a 4xx error code until it is all done. To the SMTP protocol,
the headers and body are all one piece, they are just the DATA.)