Milter-greylist

In our current production milter-greylist config (a 20080319 snapshot - 
basically a 4.0 version plus SPF status selection), we have several 
"compound" ACLs with positive and/or negative tests, like these examples:

acl blacklist from aw-fraud@... not domain /paypal/ msg "Phishing 
fraud refused"
acl blacklist dnsrbl "SBL+XBL" spf pass spf self msg "Unauthorized 
client (XBL,badSPF), please use an official mail relay"


These days I downloaded and built the 4.2.2 version, installed it, 
restarted, and got syntax errors on my (unmodified and previously 
accepted) greylist.conf:

config error at line 203: syntax error

Digging somewhat further, it appears that the new milter-greylist is 
choking on the "not" keyword of an ACL statement, excepted when it is 
applied to the first clause. So

acl blacklist not clause1 clause2

is accepted, whereas

acl blacklist clause2 not clause1

is considered invalid.

I compiled and verified this behaviour is still present in today's CVS 
(4.3.2+).

Did some of the new features broke the ACL parser ?

-- 
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.

Benoit Branciard <benoit.branciard@...> wrote:

> Digging somewhat further, it appears that the new milter-greylist is 
> choking on the "not" keyword of an ACL statement, excepted when it is
> applied to the first clause. 

Definitively a bug. We'll have to dig the sources...
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

manu@... a \ufffdcrit :
> Benoit Branciard <benoit.branciard@...> wrote:
> 
>> Digging somewhat further, it appears that the new milter-greylist is 
>> choking on the "not" keyword of an ACL statement, excepted when it is
>> applied to the first clause. 
> 
> Definitively a bug. We'll have to dig the sources...


At first glance, it looks like this is caused by introduction of 
<INITIAL> for the "not" (and like) keywords in conf_lex.l.

The patch below seems to restore the expected behaviour of accepting 
"not" for middle clauses in compound statements. This patch applies to 
stable 4.2.3.

I didn't look very further than testing this patch with my existing 
greylist.conf; I don't know what impact it may have on new features.



--- conf_lex.l.0	2009-09-10 17:03:10.000000000 +0200
+++ conf_lex.l	2009-09-10 17:03:45.000000000 +0200
@@ -190,9 +190,9 @@
  {gt}		{	yylval.op = OP_GT; return OP; }
  {le}		{	yylval.op = OP_LE; return OP; }
  {ge}		{	yylval.op = OP_GE; return OP; }
-<INITIAL>{no}	{ return NO; }
-<INITIAL>{not}	{ return NO; }
-<INITIAL>{neg}	{ return NO; }
+{no}		{ return NO; }
+{not}		{ return NO; }
+{neg}		{ return NO; }
  {prop}		{
  			BEGIN(S_REGEX);
  			strncpy(yylval.prop, yytext, QSTRLEN);



-- 
Benoit BRANCIARD
P\ufffdle Infrastructures
Centre de ressources informatiques et du r\ufffdseau (CRIR)
Universit\ufffd Paris 1 Panth\ufffdon-Sorbonne
http://crir.univ-paris1.fr
Tel. 01 44 07 89 68

-- 
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.