Milter-greylist

Hi,

I've whitelisted the following domain:

au.pwc.com

with the following in the greylist.conf file:

acl whitelist domain au.pwc.com

as they're valid senders to one of my clients.

However greylisting still delays emails coming from them and doesn't whitelist
them. So I'm wondering, does the milter-greylist whitelist use the "from"
domain or the domain of the smtp server?

Their smtp server is:

aapmpx02.pwc.com [203.11.226.6]

So should my whitelist entry actually read:

acl whitelist domain aapmpx02.pwc.com

?

Thanks.

Michael.

Michael Mansour wrote on Sat, 6 Oct 2007 23:53:44 +1000:

> owever greylisting still delays emails coming from them and doesn't whitelist
> them. So I'm wondering, does the milter-greylist whitelist use the "from"
> domain or the domain of the smtp server?

It uses the server. The point of the whitelist is to exclude servers that are
not RFC-compliant (= not retrying). If you know the IP number use that instead
of domain.

Kai

-- 
Kai Sch\ufffdtzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Michael Mansour wrote:
> Hi,
> 
> I've whitelisted the following domain:
> 
> au.pwc.com
> 
> with the following in the greylist.conf file:
> 
> acl whitelist domain au.pwc.com
> 
> as they're valid senders to one of my clients.
> 
> However greylisting still delays emails coming from them and doesn't whitelist
> them. So I'm wondering, does the milter-greylist whitelist use the "from"
> domain or the domain of the smtp server?

That depends.. if you specify:

acl whitelist rcpt

You use the "from" domain, as seen by the message envelope (ie: MAIL FROM: 
command, which may not match the From: header in the message text, particularly 
for things like mailing lists.).

If you specify:

acl whitelist domain

Then you use the domain of the SMTP server.


This is all documented in man greylist.conf:

-------------
        domain This clause selects source machines based  on  their  DNS  name,
               performing  a  suffix search.  For instance, this will whitelist
               any machine in the example.net domain:
-------------

and:
-------------
        from   This  is  used to select sender e-mail addresses. You should not
               use that feature, because sender e-mail addresses can  be  triv-
               ially forged.  Example:
--------------

Although I would argue it is perfectly reasonable to use from for some things, 
but you can't trust it so only use it for whitelists as a last resort. (ie: 
forcing a blacklist or a longer-duration greylist based on from is perfectly 
reasonable.)

Hi Matt,

> Michael Mansour wrote:
> > Hi,
> > 
> > I've whitelisted the following domain:
> > 
> > au.pwc.com
> > 
> > with the following in the greylist.conf file:
> > 
> > acl whitelist domain au.pwc.com
> > 
> > as they're valid senders to one of my clients.
> > 
> > However greylisting still delays emails coming from them and doesn't whitelist
> > them. So I'm wondering, does the milter-greylist whitelist use the "from"
> > domain or the domain of the smtp server?
> 
> That depends.. if you specify:
> 
> acl whitelist rcpt
> 
> You use the "from" domain, as seen by the message envelope (ie: MAIL 
> FROM: command, which may not match the From: header in the message 
> text, particularly for things like mailing lists.).
> 
> If you specify:
> 
> acl whitelist domain
> 
> Then you use the domain of the SMTP server.

Thanks for the confirmation here, this makes things a little clearer for me.

> This is all documented in man greylist.conf:
> 
> -------------
>         domain This clause selects source machines based  on  their  
> DNS  name,               performing  a  suffix search.  For instance,
>  this will whitelist               any machine in the example.net domain:
> -------------
> 
> and:
> -------------
>         from   This  is  used to select sender e-mail addresses. You 
> should not               use that feature, because sender e-mail 
> addresses can  be  triv-               ially forged.  Example:
> --------------

I've reveiwed the man page over and over now to make sure I understand it
correctly.

> Although I would argue it is perfectly reasonable to use from for 
> some things, but you can't trust it so only use it for whitelists as 
> a last resort. (ie: forcing a blacklist or a longer-duration 
> greylist based on from is perfectly reasonable.)
------- End of Original Message -------

As an example, please recommend what you would do in this case.

Email coming from "facebook.com" is:

Received: from fallbackmx-out.facebook.com (out016.sctm.tfbnw.net [204.15.20.143])

with the "from" address being:

eventmaster+ohphpgp1@...

This was delayed for 4 hours my end. I want to whitelist it to that recipient,
how would you recommend I do it?

Simply:

acl whitelist from eventmaster+ohphpgp1@... rcpt <toemailaddress>

or:

acl whitelist domain out016.sctm.tfbnw.net

or:

acl whitelist addr 204.15.20.143

?

Thanks.

Michael.

Michael Mansour <mic@...> wrote:

> Received: from fallbackmx-out.facebook.com (out016.sctm.tfbnw.net
[204.15.20.143])
> with the "from" address being:
> eventmaster+ohphpgp1@...
(snip) 
> acl whitelist domain out016.sctm.tfbnw.net

I'd use something such as the line below, to catch other SMTP server in
the pool: out16 suggests there are other outX...

acl whitelist domain /out.*\.sctm\.tfbnw\.net$/

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Hi Emmanuel,

> Michael Mansour <mic@...> wrote:
> 
> > Received: from fallbackmx-out.facebook.com (out016.sctm.tfbnw.net
> [204.15.20.143])
> > with the "from" address being:
> > eventmaster+ohphpgp1@...
> (snip) 
> > acl whitelist domain out016.sctm.tfbnw.net
> 
> I'd use something such as the line below, to catch other SMTP server 
> in the pool: out16 suggests there are other outX...
> 
> acl whitelist domain /out.*\.sctm\.tfbnw\.net$/

Thanks for this, you are right the out* does the trick as looking at more of
these emails today they have multiple out servers.

Thanks.

Michael.

> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
------- End of Original Message -------