Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Thread

Question about whitelist, greylist and dnsrbl

Question about whitelist, greylist and dnsrbl

2013-10-13 by Jim Klimov

Hello all,

   Currently my MTAs call various filtering routines in such an order
that DNS RBL lookup is performed by the MTA, and hosts which are not
instantly blacklisted, go on to more complicated filters - such as
milter-greylist.

   Sometimes this is a bad thing, i.e. hosts that are configured as
explicitly trusted (static whitelist) in the milter are shot down
due to DNS RBL before the milter is even invoked.

   On the other hand, auto-whited sources (past greylist timeout)
which might indeed be spammers, should be shot down by DNS RBL even
if they wiggled through our filters on their earlier attempts.

   At what moment are auto-whited hosts accepted - at the start of
rule processing, or at the appropriate "greylist" ACL which finds
that the timeout reached zero, or at some other moment?

   Namely, I wonder if I can utilize the "dnsrbl" rules within the
milter-greylist in such a way that static whitelisted ip-addresses,
domains, RCPTs and FROMs are honoured and always accepted, but the
auto-whited hosts might still be rejected due to their newly found
presence in DNS RBLs.

   Is this as simple as defining racl's in the order of "whitelist,
dnsrbl, greylist", or are there some more complicated considerations?

Thanks,
//Jim Klimov

Re: [milter-greylist] Question about whitelist, greylist and dnsrbl

2013-10-15 by Jonathan Siegle

On 2013-10-13 at 12:59, Jim Klimov wrote:

> Namely, I wonder if I can utilize the "dnsrbl" rules within the
> milter-greylist in such a way that static whitelisted ip-addresses,
> domains, RCPTs and FROMs are honoured and always accepted, but the
> auto-whited hosts might still be rejected due to their newly found
> presence in DNS RBLs.

I've been looking at flushaddr to solve this problem. The notation would 
look like:
acl blacklist dnsrbl "PSU BLACKLIST" msg "You are on the PSU blacklist. 
Please  go away" flushaddr

Here is some info from the man page found in the 4.4.3 source:

  flushaddr
                If a message matches the rule, any entry in the
                greylist or autowhite databases matching the sender IP
                is removed. Used with a DNSRBL blacklist ACL, it is
                useful for freeing the database from entries set up by
                a machine which is known to be a spammer. Example:

   racl blacklist dnsrbl "known-spammer" flushaddr


> 
> Is this as simple as defining racl's in the order of "whitelist,
> dnsrbl, greylist", or are there some more complicated considerations?
>

I am testing:
whitelist
dnsrbl black
greylist
default whitelist

-Jonathan

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.