Open GoogleCodeExporter opened 9 years ago
GoogleCodeExporter
commented
9 years ago Is this really necessary? You could whitelist recipients on the MTA side,
before consulting gross. Anyway, I think
you can implement this by configuring a local rhsbl and giving it a negative
weight.Original comment by eino.tuominen@gmail.com on 2 Feb 2010 at 9:01
GoogleCodeExporter
commented
9 years ago I just realised that rhsbl is of no use here because it's for domains, not
addresses, obviously... But I still think
that recipient whitelisting should be done in the MTA.Original comment by eino.tuominen@gmail.com on 2 Feb 2010 at 9:05
GoogleCodeExporter
commented
9 years ago Hmmm... I'm not sure if my MTA (sendmail) can override the milters action via
the
standard access.db whitelist if grossd tells the milter that an IP-address
should be
blocked.Original comment by dietmar....@gmail.com on 2 Feb 2010 at 10:47
GoogleCodeExporter
commented
9 years ago BTW: great product I really like it (so far)Original comment by dietmar....@gmail.com on 2 Feb 2010 at 10:48
GoogleCodeExporter
commented
9 years ago Ok, I found a solution (borrowed from milter-greylist). The attached patch
allows
sendmail users to use the Spam: FRIEND notation from sendmail access db. See:
<http://www.sendmail.org/m4/anti_spam.html#delay_check>
So if an entry like the following exists in the sendmail access db, the gross
milter
will not perform any blocking or greylisting actions for the recipient
trashlover@my.domain
/etc/mail/access
Spam:trashlover@my.domain FRIEND
Besides the patch there is also need to adapt the sendmail configuration via
sendmail.mc. The following config lines should be added:
[...]
define(`confMILTER_MACROS_ENVRCPT', `{whitelist}')dnl
INPUT_MAIL_FILTER(`gross', `S=unix:/var/state/gross/socket,T=R:20s')dnl
[...]
LOCAL_CONFIG
Kstorage macro
[...]
LOCAL_RULESETS
SLocal_check_rcpt
dnl Spam FRIENDS no rbl no greylist
R$* $: $(storage {whitelist} $) $1
R$* $: $1 $| $>CanonAddr $1
R$* $| $+ < @ $+ . > $* $: $>E <$2@$3> <?> <! Spam> <$1>
R<$+> <$*> $: $(storage {whitelist} $@ $1 $) $2
--> Note that there must be tabs and no spaces before the "$:"
I hope this all makes sense and is also for use to someone else.
Original comment by dietmar....@gmail.com on 2 Feb 2010 at 4:54
Attachments:
GoogleCodeExporter
commented
9 years ago Thanks, I'll check this in the svn trunk.Original comment by eino.tuominen@gmail.com on 2 Feb 2010 at 5:17
GoogleCodeExporter
commented
9 years ago here is a sightly nicer version of the patch...Original comment by dietmar....@gmail.com on 2 Feb 2010 at 5:52
Attachments:
GoogleCodeExporter
commented
9 years ago Thanks :-) that was fastOriginal comment by dietmar....@gmail.com on 2 Feb 2010 at 5:53
GoogleCodeExporter
commented
9 years ago Here is an improved version of the sendmail.mc rules. This allows also
whitelisting
of IP-addresses via the access db:
[...]
define(`confMILTER_MACROS_ENVRCPT', `{whitelist}')dnl
INPUT_MAIL_FILTER(`gross', `S=unix:/var/state/gross/socket,T=R:20s')dnl
[...]
LOCAL_CONFIG
Kstorage macro
[...]
LOCAL_RULESETS
SLocal_check_rcpt
dnl Spam FRIENDS and Connect OK -> no rbl no greylist
R$* $: $(storage {whitelist} $) $1
R$* $: $1 $| $>CanonAddr $1
R$* $| $+ < @ $+ . > $* $: $>E <$2@$3> <?> <! Spam> <$1>
R<$+> <$*> $: $(storage {whitelist} $@ $1 $) $2
R$* $: $>A <$&{client_addr}> <$&{whitelist}> <!
Connect> <$1>
R<$+> <$*> $: $(storage {whitelist} $@ $1 $) $2
--> Note that there must be tabs and no spaces before the "$:"
/etc/mail/access
Spam:trashlover@my.domain FRIEND
Connect:192.168.1.2 OK
Connect:192.168.3 OK
Connect:10.1 OK
The above entries would whitelist messages to "trashlover@my.domain" and
connections
from 192.168.1.2 and 192.168.3.0/24 and 10.1.0.0/16
Original comment by dietmar....@gmail.com on 5 Feb 2010 at 11:29
Original issue reported on code.google.com by
dietmar....@gmail.comon 2 Feb 2010 at 8:51