Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Thread

dacl rules never match

dacl rules never match

2016-09-01 by Christian Pélissier

Hi,

I am using the following rules.
...
racl greylist spf self delay 1h
dacl greylist dkim pass delay 2m
racl greylist spf fail delay 45m
other spf rules
...


The first one (racl) works and log as ACL 1017.
The second one (dacl) do not work (no log with ACL 1018)

My opendkim milter log a lot of lines like

opendkim[6470]: u81BuV9k030509: DKIM verification successful

So what is wrong with dacl greylist dkim pass delay 2m ?



PS.
dkim is here.

# ldd /usr/local/bin/milter-greylist
	linux-vdso.so.1 =>  (0x00007ffe162e6000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003584800000)
	libspf2.so.2 => /usr/local/lib/libspf2.so.2 (0x00007f8596a64000)
	libopendkim.so.10 => /usr/local/lib/libopendkim.so.10   <<<<<
(0x00007f8596841000)
	libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x000000358e800000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003586800000)
	libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003595000000)
	libmilter.so.1.0 => /usr/lib64/libmilter.so.1.0 (0x00000033ea000000)
	libc.so.6 => /lib64/libc.so.6 (0x0000003584c00000)
	/lib64/ld-linux-x86-64.so.2 (0x0000003584400000)
	libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003593000000)
	libstrl.so.1 => /usr/local/lib/libstrl.so.1 (0x00007f859663e000)
	libdl.so.2 => /lib64/libdl.so.2 (0x0000003585000000)
	libz.so.1 => /lib64/libz.so.1 (0x0000003585c00000)
	libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x0000003591400000)
	libkrb5.so.3 => /lib64/libkrb5.so.3 (0x000000358f400000)
	libcom_err.so.2 => /lib64/libcom_err.so.2 (0x000000358ec00000)
	libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x0000003591c00000)
	libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x0000003590800000)
	libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003590400000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003586400000)


-- 
Christian P�lissier / 34419
ONERA DRI/RSC
BP72 92322 Chatillon CEDEX

Re: [milter-greylist] dacl rules never match

2016-09-01 by Shane Williams

I might be misunderstanding your questions, but I think the relavant
part of the greylist.conf man page is the first paragraph under the
DATA-STAGE ACL section, which includes this sentence:

"Note that you canot use the greylist action at DATA-stage if the
RCPT-stage ACL that matched had a greylist action itself."

So, if your first rule matches, the second rule cannot take effect.
My impression is that if you changed the dacl rule to be a whitelist
it would fire (assuming of course that you're willing to let go of
that 2 minute delay).


On Thu, 1 Sep 2016, Christian Pélissier Christian.Pelissier@... [milter-greylist] wrote:

> Hi,
> 
> I am using the following rules.
> ...
> racl greylist spf self delay 1h
> dacl greylist dkim pass delay 2m
> racl greylist spf fail delay 45m
> other spf rules
> ...
> 
> The first one (racl) works and log as ACL 1017.
> The second one (dacl) do not work (no log with ACL 1018)
> 
> My opendkim milter log a lot of lines like
> 
> opendkim[6470]: u81BuV9k030509: DKIM verification successful
> 
> So what is wrong with dacl greylist dkim pass delay 2m ?
> 
> PS.
> dkim is here.
> 
> # ldd /usr/local/bin/milter-greylist
> linux-vdso.so.1 => (0x00007ffe162e6000)
> libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003584800000)
> libspf2.so.2 => /usr/local/lib/libspf2.so.2 (0x00007f8596a64000)
> libopendkim.so.10 => /usr/local/lib/libopendkim.so.10 <<<<<
> (0x00007f8596841000)
> libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x000000358e800000)
> libresolv.so.2 => /lib64/libresolv.so.2 (0x0000003586800000)
> libnsl.so.1 => /lib64/libnsl.so.1 (0x0000003595000000)
> libmilter.so.1.0 => /usr/lib64/libmilter.so.1.0 (0x00000033ea000000)
> libc.so.6 => /lib64/libc.so.6 (0x0000003584c00000)
> /lib64/ld-linux-x86-64.so.2 (0x0000003584400000)
> libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003593000000)
> libstrl.so.1 => /usr/local/lib/libstrl.so.1 (0x00007f859663e000)
> libdl.so.2 => /lib64/libdl.so.2 (0x0000003585000000)
> libz.so.1 => /lib64/libz.so.1 (0x0000003585c00000)
> libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x0000003591400000)
> libkrb5.so.3 => /lib64/libkrb5.so.3 (0x000000358f400000)
> libcom_err.so.2 => /lib64/libcom_err.so.2 (0x000000358ec00000)
> libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x0000003591c00000)
> libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x0000003590800000)
> libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x0000003590400000)
> libselinux.so.1 => /lib64/libselinux.so.1 (0x0000003586400000)
> 
> --
> Christian Pélissier / 34419
> ONERA DRI/RSC
> BP72 92322 Chatillon CEDEX
> 
> 
> 
>

-- 
Shane Williams
Senior System Administrator
Dept. of Computer Science, University of Texas at Austin
shanew@... - 512-471-0026

Re: [milter-greylist] dacl rules never match

2016-09-14 by manu@...

Shane Williams shanew@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> I might be misunderstanding your questions, but I think the relavant
> part of the greylist.conf man page is the first paragraph under the
> DATA-STAGE ACL section, which includes this sentence:
> 
> "Note that you canot use the greylist action at DATA-stage if the
> RCPT-stage ACL that matched had a greylist action itself."

That is correct: if the RCPT_stage ACL result is greylist, then the SMTP
transaction ends at RCPT and never proceeds to the DATA command, hence
the DATA-stage ACL is irrelevant.
 
-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.