Milter-greylist

Hello all,

   I wonder if there is a simple way that I missed to have an ACL
rule hit if the specified criteria are NOT met?

   For example, a mail server mostly interacts with counterparts
from its own country (say, we favor ".ru", ".su" and ".com").
We thus believe that messages from .de, .tr, .br, .fr, .bg, .pl
and the other two hundred TLDs are most likely spam - for this
server at least. So we want them delayed until a MUCH later retry
(8 hours? 24?) and if by then they are not in a DNS RBL - accept.

   With new milter-greylist features regarding assignable variables
and math, I can count scores for "spam suspicion", so I want to
add a few points to sources (from, domain) which are not among
the implicitly more trusted domains. Later, based on accumulated
score, I will delay some sources more, some less, in the greylist.

   Logically, one way would be with conditionals (if source is trusted;
then racl ... ; ELSE racl continue set spam_score+=1; fi), or with
negations (racl continue NOT list "good_source" set spam_score+=1).

   Is there anything to do this today, or "patches are welcome"? ;)

Thanks,
//Jim

Le 02/10/2013 12:45, Jim Klimov a \ufffdcrit :
>     I wonder if there is a simple way that I missed to have an ACL
> rule hit if the specified criteria are NOT met?

Of course, using the "not" keyword.
This is a rather old feature, however I remember some versions of 
milter-greylist had it broken.
I can confirm it works with milter-greylist v4.2.7.

Example:
racl greylist not domain .ru delay 8h

Or you may just invert your test condition, by whitelisting first the 
peers you want to favor :

racl whitelist domain .ru
racl whitelist domain .su
racl greylist domain .com delay 5m
racl greylist default delay 8h


But I would advise againts using the above examples as-is: you may 
better use some fine-grained conditions. For exemple, all .ru IPs are 
likely not trustworthy mailservers (it may include some residential 
client IPs, which you likely don't want to trust the same way as 
corporate or ISP SMTP servers); and there may exist some trustworthy 
russian SMTP servers whose DNS entry do not match the .ru suffix (some 
may not have any PTR at all !).
A full-featured greylist.conf setup should include a combination of 
basic DNS tests, SPF tests, DNSRBL, DNS whitelists, and locally-defined 
whitelisted IPs or domains.

-- 
Benoit BRANCIARD
Service InfraStructures (SIS) - Direction du Syst\ufffdme d'Information (DSI)
Universit\ufffd Paris 1 Panth\ufffdon-Sorbonne
Centre Pierre Mend\ufffds France
B 406 - 90, rue de Tolbiac - 75634 Paris cedex 13 - France
T\ufffdl : +33 1 44 07 89 68 - Fax : +33 1 44 07 89 66
Accueil t\ufffdl. : +33 1 44 07 89 65
Assistance : assistance-dsi@...
Web : http://dsi.univ-paris1.fr

-- 
Ce message a ete verifie par MailScanner
pour des virus ou des polluriels et rien de
suspect n'a ete trouve.

Hi Jim


A few years ago I patched milter-greylist to support spamassassin. But because
I had similar requirements like the ones you just posted I finally replaced
milter-greylist with my own milter called mopher.


> from its own country (say, we favor ".ru", ".su" and ".com").
> We thus believe that messages from .de, .tr, .br, .fr, .bg, .pl
> and the other two hundred TLDs are most likely spam - for this
> server at least. So we want them delayed until a MUCH later retry
> (8 hours? 24?) and if by then they are not in a DNS RBL - accept.

Good Idea. It should be very easy to implement this with mopher.


Mopher also supports relay and sender/recipient accounting for automatic
long-term whitelisting. This is especially useful if you apply harsh
greylisting in a business environment.


> Logically, one way would be with conditionals (if source is trusted;
> then racl ... ; ELSE racl continue set spam_score+=1; fi), or with
> negations (racl continue NOT list "good_source" set spam_score+=1).

Mopher has firewall like filter expressions and supports logical operators
(and, or, not). Have a look at dynamic greylisting here:

http://badblog.ch/2012/11/11/filter-email-with-mopher/


The user base is still quite small and there is probably a lot of documentation
missing. But if you want to give it a shot I gladly assist you to get your
installation up and running.


More resources:

  - Configuration examples: http://badblog.ch/2012/11/13/my-mail.acl-explained/

  - Source Code: https://github.com/badzong/mopher


Cheers, Manuel


p.s.

It's off topic - I know