Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Thread

How is SPF processed in absence of keywords in config?

How is SPF processed in absence of keywords in config?

2013-08-11 by Jim Klimov

How is SPF processed in absence of "spf" rules or "nospf" keyword
in config? The manual is not quite clear on this default processing.
http://hcpnet.free.fr/milter-greylist/greylist.conf.5.txt

Empirically I see that milter-greylist does by default quickly pass
those source addresses which fit their domain's published SPF rules,
but it does not for example block senders which are not in the range
defined by the MAIL FROM domain's SPF record (it does log "SPF return
code 4", and BTW a list of error codes translated into human-readable
text would be a nice addition to the docs, or textual output - to the
code).

So... what is the definition of the expected default behaviour? :)

Thanks,
//Jim

Re: [milter-greylist] How is SPF processed in absence of keywords in config?

2013-08-11 by manu@...

Jim Klimov <jimklimov@...> wrote:

> How is SPF processed in absence of "spf" rules or "nospf" keyword
> in config? The manual is not quite clear on this default processing.

IIRC, when you have SPF support compiled, SPF compliant message are
whitelisted by default, except if:
- you use the nospf keyword
OR
- you have any ACL with the spf clause

I agree the default is a dumb choice, but changing default seems even
dumber, as some people may rely on it.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Re: [milter-greylist] How is SPF processed in absence of keywords in config?

2013-08-11 by jimklimov@cos.ru

--Boundary_(ID_2Uo3JE0I2f/hhGsbL6hLFA)
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: base64

wqBPSywgc28gYnkgZGVmYXVsdCB3ZSB3aGl0ZWxpc3Qgc3BmIHN1Y2Nlc2VzLCwgYnV0IGRvIG5v
dGhpbmcgYWJvdXTCoAoKClR5cG9zIGNvdXJ0ZXN5IG9mIG15IFNhbXN1bmcgTW9iaWxlCgotLS0t
LS0tLSDQmNGB0YXQvtC00L3QvtC1INGB0L7QvtCx0YnQtdC90LjQtSAtLS0tLS0tLQrQntGCOiBt
YW51QG5ldGJzZC5vcmcgCtCU0LDRgtCwOiAyMDEzLjA4LjExICA2OjMyICAoR01UKzAxOjAwKSAK
0JrQvtC80YM6IG1pbHRlci1ncmV5bGlzdEB5YWhvb2dyb3Vwcy5jb20gCtCi0LXQvNCwOiBSZTog
W21pbHRlci1ncmV5bGlzdF0gSG93IGlzIFNQRiBwcm9jZXNzZWQgaW4gYWJzZW5jZSBvZiBrZXl3
b3JkcyBpbiBjb25maWc/IAogCkppbSBLbGltb3YgPGppbWtsaW1vdkBjb3MucnU+IHdyb3RlOgoK
PiBIb3cgaXMgU1BGIHByb2Nlc3NlZCBpbiBhYnNlbmNlIG9mICJzcGYiIHJ1bGVzIG9yICJub3Nw
ZiIga2V5d29yZAo+IGluIGNvbmZpZz8gVGhlIG1hbnVhbCBpcyBub3QgcXVpdGUgY2xlYXIgb24g
dGhpcyBkZWZhdWx0IHByb2Nlc3NpbmcuCgpJSVJDLCB3aGVuIHlvdSBoYXZlIFNQRiBzdXBwb3J0
IGNvbXBpbGVkLCBTUEYgY29tcGxpYW50IG1lc3NhZ2UgYXJlCndoaXRlbGlzdGVkIGJ5IGRlZmF1
bHQsIGV4Y2VwdCBpZjoKLSB5b3UgdXNlIHRoZSBub3NwZiBrZXl3b3JkCk9SCi0geW91IGhhdmUg
YW55IEFDTCB3aXRoIHRoZSBzcGYgY2xhdXNlCgpJIGFncmVlIHRoZSBkZWZhdWx0IGlzIGEgZHVt
YiBjaG9pY2UsIGJ1dCBjaGFuZ2luZyBkZWZhdWx0IHNlZW1zIGV2ZW4KZHVtYmVyLCBhcyBzb21l
IHBlb3BsZSBtYXkgcmVseSBvbiBpdC4KCi0tIApFbW1hbnVlbCBEcmV5ZnVzCmh0dHA6Ly9oY3Bu
ZXQuZnJlZS5mci9wdWJ6Cm1hbnVAbmV0YnNkLm9yZwo=


--Boundary_(ID_2Uo3JE0I2f/hhGsbL6hLFA)
Content-type: text/html; charset=utf-8
Content-transfer-encoding: base64

PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0
L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPjwvaGVhZD48Ym9keSA+PGRpdj4mbmJzcDtPSywgc28gYnkg
ZGVmYXVsdCB3ZSB3aGl0ZWxpc3Qgc3BmIHN1Y2Nlc2VzLCwgYnV0IGRvIG5vdGhpbmcgYWJvdXQm
bmJzcDs8L2Rpdj48ZGl2Pjxicj48L2Rpdj48ZGl2Pjxicj48L2Rpdj5UeXBvcyBjb3VydGVzeSBv
ZiBteSBTYW1zdW5nIE1vYmlsZTxicj48YnI+PGJyPi0tLS0tLS0tINCY0YHRhdC+0LTQvdC+0LUg
0YHQvtC+0LHRidC10L3QuNC1IC0tLS0tLS0tPGJyPtCe0YI6IG1hbnVAbmV0YnNkLm9yZyA8YnI+
0JTQsNGC0LA6IDIwMTMuMDguMTEgIDY6MzIgIChHTVQrMDE6MDApIDxicj7QmtC+0LzRgzogbWls
dGVyLWdyZXlsaXN0QHlhaG9vZ3JvdXBzLmNvbSA8YnI+0KLQtdC80LA6IFJlOiBbbWlsdGVyLWdy
ZXlsaXN0XSBIb3cgaXMgU1BGIHByb2Nlc3NlZCBpbiBhYnNlbmNlIG9mIGtleXdvcmRzIGluIGNv
bmZpZz8gPGJyPiA8YnI+PGJyPgo8c3BhbiBzdHlsZT0iZGlzcGxheTpub25lIj4mbmJzcDs8L3Nw
YW4+CgoKCiAgICA8ZGl2IGlkPSJ5Z3JwLXRleHQiPgogICAgICAKICAgICAgCiAgICAgIDxwPkpp
bSBLbGltb3YgJmx0OzxhIGhyZWY9Im1haWx0bzpqaW1rbGltb3YlNDBjb3MucnUiPmppbWtsaW1v
dkBjb3MucnU8L2E+Jmd0OyB3cm90ZTo8YnI+Cjxicj4KJmd0OyBIb3cgaXMgU1BGIHByb2Nlc3Nl
ZCBpbiBhYnNlbmNlIG9mICJzcGYiIHJ1bGVzIG9yICJub3NwZiIga2V5d29yZDxicj4KJmd0OyBp
biBjb25maWc/IFRoZSBtYW51YWwgaXMgbm90IHF1aXRlIGNsZWFyIG9uIHRoaXMgZGVmYXVsdCBw
cm9jZXNzaW5nLjxicj4KPGJyPgpJSVJDLCB3aGVuIHlvdSBoYXZlIFNQRiBzdXBwb3J0IGNvbXBp
bGVkLCBTUEYgY29tcGxpYW50IG1lc3NhZ2UgYXJlPGJyPgp3aGl0ZWxpc3RlZCBieSBkZWZhdWx0
LCBleGNlcHQgaWY6PGJyPgotIHlvdSB1c2UgdGhlIG5vc3BmIGtleXdvcmQ8YnI+Ck9SPGJyPgot
IHlvdSBoYXZlIGFueSBBQ0wgd2l0aCB0aGUgc3BmIGNsYXVzZTxicj4KPGJyPgpJIGFncmVlIHRo
ZSBkZWZhdWx0IGlzIGEgZHVtYiBjaG9pY2UsIGJ1dCBjaGFuZ2luZyBkZWZhdWx0IHNlZW1zIGV2
ZW48YnI+CmR1bWJlciwgYXMgc29tZSBwZW9wbGUgbWF5IHJlbHkgb24gaXQuPGJyPgo8YnI+Ci0t
IDxicj4KRW1tYW51ZWwgRHJleWZ1czxicj4KPGEgaHJlZj0iaHR0cDovL2hjcG5ldC5mcmVlLmZy
L3B1YnoiPmh0dHA6Ly9oY3BuZXQuZnJlZS5mci9wdWJ6PC9hPjxicj4KPGEgaHJlZj0ibWFpbHRv
Om1hbnUlNDBuZXRic2Qub3JnIj5tYW51QG5ldGJzZC5vcmc8L2E+PGJyPgo8L3A+CgogICAgPC9k
aXY+CiAgICAgCgogICAgCgoKCgoKPCEtLSBlbmQgZ3JvdXAgZW1haWwgLS0+Cgo8L2JvZHk+


--Boundary_(ID_2Uo3JE0I2f/hhGsbL6hLFA)--

Re: [milter-greylist] How is SPF processed in absence of keywords in config?

2013-08-11 by jimklimov@cos.ru

--Boundary_(ID_PYJBP2zzNzpds87wPEsBbw)
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: base64

U28gYnkgZGVmYXVsdCB3ZSB3aGl0ZWxpc3Qgc3BmIHBhc3MnZXMgYW5kIGRvIG5vdGhpbmcgYWJv
dXQgYm90aCB1bmNlcnRhaW50aWVzIGFuZCBvdXRyaWdodCBmYWlsdXJlcywgcmlnaHQ/IEFueSBu
b24tc3VjY2VzcyByZXN1bHRzIGp1c3QgZmFsbCB0aHJvdWdoIHRvIG90aGVyIHJ1bGVzIGFuZCBt
YXliZSB0byB0aGUgbGFzdCBsaW5lIGxpa2UgJ2dyZXlsaXN0IGRlZmF1bHQnPwoKQ2FuIHlvdSBw
bGVhc2Ugc3VnZ2VzdCBhbiBleGFtcGxlIG9mIGNvbmZpZyB3aGljaCBleHBsaWNpdGx5IHdoaXRl
bGlzdHMgcGFzc2VzIGFuZCBibGFja2xpc3RzIGZhaWx1cmVzICh3aGVyZSBhbiBzcGYgcnVsZSBp
cyBkZWZpbmVkIGluIGRucywgYW5kIHRoZSBzZW5kZXIgaXMgbm90IGFtb25nIHBlcm1pdHRlZCBh
ZGRyZXNzZXMpPwoKLy9KaW0KClR5cG9zIChhbmQgdGhhdCBlYXJseSBzZW5kKSBhcmUgY291cnRl
c3kgb2YgbXkgU2Ftc3VuZyBNb2JpbGUKCi0tLS0tLS0tINCY0YHRhdC+0LTQvdC+0LUg0YHQvtC+
0LHRidC10L3QuNC1IC0tLS0tLS0tCtCe0YI6IG1hbnVAbmV0YnNkLm9yZyAK0JTQsNGC0LA6IDIw
MTMuMDguMTEgIDY6MzIgIChHTVQrMDE6MDApIArQmtC+0LzRgzogbWlsdGVyLWdyZXlsaXN0QHlh
aG9vZ3JvdXBzLmNvbSAK0KLQtdC80LA6IFJlOiBbbWlsdGVyLWdyZXlsaXN0XSBIb3cgaXMgU1BG
IHByb2Nlc3NlZCBpbiBhYnNlbmNlIG9mIGtleXdvcmRzIGluIGNvbmZpZz8gCiAKSmltIEtsaW1v
diA8amlta2xpbW92QGNvcy5ydT4gd3JvdGU6Cgo+IEhvdyBpcyBTUEYgcHJvY2Vzc2VkIGluIGFi
c2VuY2Ugb2YgInNwZiIgcnVsZXMgb3IgIm5vc3BmIiBrZXl3b3JkCj4gaW4gY29uZmlnPyBUaGUg
bWFudWFsIGlzIG5vdCBxdWl0ZSBjbGVhciBvbiB0aGlzIGRlZmF1bHQgcHJvY2Vzc2luZy4KCklJ
UkMsIHdoZW4geW91IGhhdmUgU1BGIHN1cHBvcnQgY29tcGlsZWQsIFNQRiBjb21wbGlhbnQgbWVz
c2FnZSBhcmUKd2hpdGVsaXN0ZWQgYnkgZGVmYXVsdCwgZXhjZXB0IGlmOgotIHlvdSB1c2UgdGhl
IG5vc3BmIGtleXdvcmQKT1IKLSB5b3UgaGF2ZSBhbnkgQUNMIHdpdGggdGhlIHNwZiBjbGF1c2UK
CkkgYWdyZWUgdGhlIGRlZmF1bHQgaXMgYSBkdW1iIGNob2ljZSwgYnV0IGNoYW5naW5nIGRlZmF1
bHQgc2VlbXMgZXZlbgpkdW1iZXIsIGFzIHNvbWUgcGVvcGxlIG1heSByZWx5IG9uIGl0LgoKLS0g
CkVtbWFudWVsIERyZXlmdXMKaHR0cDovL2hjcG5ldC5mcmVlLmZyL3B1YnoKbWFudUBuZXRic2Qu
b3JnCg==


--Boundary_(ID_PYJBP2zzNzpds87wPEsBbw)
Content-type: text/html; charset=utf-8
Content-transfer-encoding: base64

PGh0bWw+PGhlYWQ+PG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0
L2h0bWw7IGNoYXJzZXQ9VVRGLTgiPjwvaGVhZD48Ym9keSA+PGRpdj5TbyBieSBkZWZhdWx0IHdl
IHdoaXRlbGlzdCBzcGYgcGFzcydlcyBhbmQgZG8gbm90aGluZyBhYm91dCBib3RoIHVuY2VydGFp
bnRpZXMgYW5kIG91dHJpZ2h0IGZhaWx1cmVzLCByaWdodD8gQW55IG5vbi1zdWNjZXNzIHJlc3Vs
dHMganVzdCBmYWxsIHRocm91Z2ggdG8gb3RoZXIgcnVsZXMgYW5kIG1heWJlIHRvIHRoZSBsYXN0
IGxpbmUgbGlrZSAnZ3JleWxpc3QgZGVmYXVsdCc/PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj5D
YW4geW91IHBsZWFzZSBzdWdnZXN0IGFuIGV4YW1wbGUgb2YgY29uZmlnIHdoaWNoIGV4cGxpY2l0
bHkgd2hpdGVsaXN0cyBwYXNzZXMgYW5kIGJsYWNrbGlzdHMgZmFpbHVyZXMgKHdoZXJlIGFuIHNw
ZiBydWxlIGlzIGRlZmluZWQgaW4gZG5zLCBhbmQgdGhlIHNlbmRlciBpcyBub3QgYW1vbmcgcGVy
bWl0dGVkIGFkZHJlc3Nlcyk/PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdj4vL0ppbTwvZGl2Pjxk
aXY+PGJyPjwvZGl2PlR5cG9zIChhbmQgdGhhdCBlYXJseSBzZW5kKSBhcmUgY291cnRlc3kgb2Yg
bXkgU2Ftc3VuZyBNb2JpbGU8YnI+PGJyPjxicj4tLS0tLS0tLSDQmNGB0YXQvtC00L3QvtC1INGB
0L7QvtCx0YnQtdC90LjQtSAtLS0tLS0tLTxicj7QntGCOiBtYW51QG5ldGJzZC5vcmcgPGJyPtCU
0LDRgtCwOiAyMDEzLjA4LjExICA2OjMyICAoR01UKzAxOjAwKSA8YnI+0JrQvtC80YM6IG1pbHRl
ci1ncmV5bGlzdEB5YWhvb2dyb3Vwcy5jb20gPGJyPtCi0LXQvNCwOiBSZTogW21pbHRlci1ncmV5
bGlzdF0gSG93IGlzIFNQRiBwcm9jZXNzZWQgaW4gYWJzZW5jZSBvZiBrZXl3b3JkcyBpbiBjb25m
aWc/IDxicj4gPGJyPjxicj4KPHNwYW4gc3R5bGU9ImRpc3BsYXk6bm9uZSI+Jm5ic3A7PC9zcGFu
PgoKCgogICAgPGRpdiBpZD0ieWdycC10ZXh0Ij4KICAgICAgCiAgICAgIAogICAgICA8cD5KaW0g
S2xpbW92ICZsdDs8YSBocmVmPSJtYWlsdG86amlta2xpbW92JTQwY29zLnJ1Ij5qaW1rbGltb3ZA
Y29zLnJ1PC9hPiZndDsgd3JvdGU6PGJyPgo8YnI+CiZndDsgSG93IGlzIFNQRiBwcm9jZXNzZWQg
aW4gYWJzZW5jZSBvZiAic3BmIiBydWxlcyBvciAibm9zcGYiIGtleXdvcmQ8YnI+CiZndDsgaW4g
Y29uZmlnPyBUaGUgbWFudWFsIGlzIG5vdCBxdWl0ZSBjbGVhciBvbiB0aGlzIGRlZmF1bHQgcHJv
Y2Vzc2luZy48YnI+Cjxicj4KSUlSQywgd2hlbiB5b3UgaGF2ZSBTUEYgc3VwcG9ydCBjb21waWxl
ZCwgU1BGIGNvbXBsaWFudCBtZXNzYWdlIGFyZTxicj4Kd2hpdGVsaXN0ZWQgYnkgZGVmYXVsdCwg
ZXhjZXB0IGlmOjxicj4KLSB5b3UgdXNlIHRoZSBub3NwZiBrZXl3b3JkPGJyPgpPUjxicj4KLSB5
b3UgaGF2ZSBhbnkgQUNMIHdpdGggdGhlIHNwZiBjbGF1c2U8YnI+Cjxicj4KSSBhZ3JlZSB0aGUg
ZGVmYXVsdCBpcyBhIGR1bWIgY2hvaWNlLCBidXQgY2hhbmdpbmcgZGVmYXVsdCBzZWVtcyBldmVu
PGJyPgpkdW1iZXIsIGFzIHNvbWUgcGVvcGxlIG1heSByZWx5IG9uIGl0Ljxicj4KPGJyPgotLSA8
YnI+CkVtbWFudWVsIERyZXlmdXM8YnI+CjxhIGhyZWY9Imh0dHA6Ly9oY3BuZXQuZnJlZS5mci9w
dWJ6Ij5odHRwOi8vaGNwbmV0LmZyZWUuZnIvcHViejwvYT48YnI+CjxhIGhyZWY9Im1haWx0bzpt
YW51JTQwbmV0YnNkLm9yZyI+bWFudUBuZXRic2Qub3JnPC9hPjxicj4KPC9wPgoKICAgIDwvZGl2
PgogICAgIAoKICAgIAoKCgoKCjwhLS0gZW5kIGdyb3VwIGVtYWlsIC0tPgoKPC9ib2R5Pg==


--Boundary_(ID_PYJBP2zzNzpds87wPEsBbw)--

Re: [milter-greylist] How is SPF processed in absence of keywords in config?

2013-08-11 by manu@...

jimklimov@... <jimklimov@...> wrote:

> So by default we whitelist spf pass'es and do nothing about both
> uncertainties and outright failures, right?

Right.

> Any non-success results just fall through to other rules and maybe to the
> last line like 'greylist default'?



Correct.

>Can you please suggest an example of config which explicitly whitelists
> passes and blacklists failures (where an spf rule is defined in dns, and
> the sender is not among permitted addresses)?



racl whitelist spf pass
racl blacklist spf error
racl blacklist spf fail
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Re: [milter-greylist] How is SPF processed in absence of keywords in config?

2013-08-11 by Jim Klimov

On 2013-08-11 12:38, manu@... wrote:
>  >Can you please suggest an example of config which explicitly whitelists
>  > passes and blacklists failures (where an spf rule is defined in dns, and
>  > the sender is not among permitted addresses)?
>
> racl whitelist spf pass
> racl blacklist spf error
> racl blacklist spf fail


Thanks, in the absence of any documented examples I tried to quote the
statuses which gave syntax errors... vague indications in the mailing
list archives got me on track though; but thanks for your reply to
confirm my guesses :)

Then I dug into libspf* headers to decipher the numeric result codes
(since milter-greylist does log the return, but only as numeric value),
and it seems that every library has its own numbering :(

So, here is the ruleset I came up with, and in experiments it seems
reasonably working - in my tests.... is there anything glaringly wrong
in the snippet below, or would you say it is okay for production use?



# cat milter-greylist.conf-70-SPF
### See http://www.openspf.org/SPF_Record_Syntax for values
### See also http://vamsoft.com/support/tools/spf-policy-tester
### $Id: $

### Logged libspf result code numbers, according to "spf.h"
### enum SPF_RESULT:
### 0   SPF_PASS
### 1   SPF_NONE
### 2   SPF_S_FAIL
### 3   SPF_H_FAIL
### 4   SPF_ERROR
### 5   SPF_NEUTRAL
### 6   SPF_UNKNOWN
### 7   SPF_UNMECH

### Logged libspf2 result code numbers, according to "spf_response.h"
### enum SPF_result_enum:
### 0   SPF_RESULT_INVALID = 0    /**< We should never return this. */
### 1   SPF_RESULT_NEUTRAL
### 2   SPF_RESULT_PASS
### 3   SPF_RESULT_FAIL
### 4   SPF_RESULT_SOFTFAIL
### 5   SPF_RESULT_NONE
### 6   SPF_RESULT_TEMPERROR
### 7   SPF_RESULT_PERMERROR

######## Interpretations:
### PASS        The SPF record designates the host to be allowed to send
### SOFTFAIL    The SPF record has designated the host as NOT being
###             allowed to send, but is "in transition" (accept & mark)
### FAIL        The SPF record has designated the host as NOT being
###             allowed to send (reject)
### NONE        The domain does not have an SPF record or
###             the SPF record does not evaluate to a result
### NEUTRAL     The SPF record specifies explicitly that nothing can be
###             said about validity (process as if no SPF record was
###		published)
### ERROR       A transient error has occured (like DNS timeout)
### UNKNOWN     A permanent error has occured (eg. badly formatted SPF
###		record)

### Possible values are pass, softfail, fail, unknown, error, none,
### and self. The first six values are plain SPF validation status.
### The self value is a special test that checks the server's local
### IP address against the sender's SPF record. If that test validates,
### odds are good that the sender SPF record is wide open, and this
### is a hint that SPF should not be trusted.

racl blacklist spf fail msg \
     "SPF verification failure: sender host '%d'[%i] not among 
explicitly allowed origin hosts for domain '%sf', and misses are 
forbidden; REJECT"

racl greylist spf softfail delay 120m msg \
     "SPF verification soft failure: sender host '%d'[%i] not among 
explicitly allowed origin hosts for domain '%sf', but misses are 
permitted; delay by %R"

racl greylist spf self delay 120m msg \
     "SPF verification soft failure: sender domain SPF ruleset is so 
permissive that our relay can impersonate it; delay by %R"

racl whitelist spf pass

### To debug
#racl greylist spf none delay 2m msg "SPF: none"
#racl greylist spf error delay 2m msg "SPF: error"
#racl greylist spf unknown delay 2m msg "SPF: unknown"
#racl greylist spf neutral delay 2m msg "SPF: neutral"

### Unknown/Neutral, Error and None fall through to other greylist rules




Now, for the last debug lines - it might be nice to have a "noop"
keyword which does not make a white/grey/black-list decision but
allows to output a message into logs or SMTP dialog, and goes on
to other processing to decide the ultimate *-listing result :)

Also, I have no idea yet if "SPF self" works for Messaging Server
without the if_addr macro... and that "localaddr" keyword is so
far only defined for Postfix at compile-time...

On a side note, I found that even though I've set lengthy timeouts
here, if the remote host tries to post FROM: another domain, chances
are that it will hit another greylisting rule with a much shorter
timeout and will overall be accepted faster. I guess this is where
the difference of delays for IP only vs IP-from-rcpt tuples shows :)

HTH,
//Jim Klimov

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.