[Greylist-users] script setup

Allan E Johannesen aej at WPI.EDU
Mon Dec 15 12:32:45 PST 2003 

When I ran the script "out of the box", I found that my mx host was saying
"Mail delivery is not using an smtp-like mailer.  Skipping checks.", rather
than processing the spam (both messages below look like they are spam).

I looked at the source and changed:

  if (($mail_mailer !~ /smtp\Z/i) and ($mail_mailer !~ /\Alocal\Z/i)) {

to

  if (($mail_mailer !~ /smtp\Z/i) and ($mail_mailer !~ /\Arelay\Z/i) and ($mail_mailer !~ /\Alocal\Z/i)) {

This is being run on the mx backup host; it relays all email to the main smtp
server.  The backup is running to gather email while the main server might be
down.  I find that many spammers seek out the MX (or they have a broken search
for the highest priority MX and find the lowest instead), and they connect to
the backup rather than the primary...

Anyway, does I don't want this system to skip the checks.  If it does, the mail
will appear to be whitelisted by the main smtp server (since the backup is in
my domain, and I have whitelisted my domain as a source) and the mail will pass
on unchallenged.

By the way, the main smtp server is a relay, too, it passes email through a
virus scanner before delivery, so I if I need to check "relay" type mail here,
then I will need to check "relay" type mail there, too.

Does this seem to be a reasonable change to the script?

Thanks for any advice anyone has.

These are run without the addition of "relay" in the if statement.  i.e. the
"out of the box" version 0.04 condition:

utility3:~# /usr/local/sbin/relaydelay.sh start
Loading Config File: /etc/mail/relaydelay.conf
Using connection 'local:/var/run/relaydelay.sock' for filter relaydelay
Attempting to unlink local UNIX socket '/var/run/relaydelay.sock' ... successful.
DBI Connecting to DBI:mysql:database=relaydelay:host=webdb.wpi.edu:port=3306
Starting Sendmail::Milter 0.18 engine.

=== 2003-12-15 15:13:08 ===
Stored Sender: <041242 at alum.wpi.edu>
Passed Recipient: <paul.s.wolf at alum.wpi.edu>
  Relay: 218-163-144-24.HINET-IP.hinet.net [218.163.144.24] - If_Addr: 130.215.36.202
  RelayIP: 218.163.144.24 - RelayName: 218-163-144-24.HINET-IP.hinet.net - RelayIdent:  - PossiblyForged: 0
  From: 041242 at alum.wpi.edu - To: paul.s.wolf at alum.wpi.edu
  InMailer: relay - OutMailer: relay - QueueID: hBFKD2lK017545
  Mail delivery is not using an smtp-like mailer.  Skipping checks.
  IN ABORT CALLBACK - PrivData: 0 <jaeger at colima.com> 
  IN ABORT CALLBACK - PrivData: 0 <spidb at freeproblem.com> 

=== 2003-12-15 15:13:35 ===
Stored Sender: <fgaaadiscountcomputer at yahoo.com>
Passed Recipient: <lhberka at wpi.edu>
  Relay: ool-44c6dc1c.dyn.optonline.net [68.198.220.28] - If_Addr: 130.215.36.202
  RelayIP: 68.198.220.28 - RelayName: ool-44c6dc1c.dyn.optonline.net - RelayIdent:  - PossiblyForged: 0
  From: fgaaadiscountcomputer at yahoo.com - To: lhberka at wpi.edu
  InMailer: relay - OutMailer: relay - QueueID: hBFKDZlK017568
  Mail delivery is not using an smtp-like mailer.  Skipping checks.
  IN EOM CALLBACK - PrivData: 0 <fgaaadiscountcomputer at yahoo.com> <lhberka at wpi.edu>
  IN ABORT CALLBACK - PrivData: 0 <onvdaaadiscountcomputer at yahoo.com> 
Successful exit from the Sendmail::Milter engine.
Closing DB connection.

More information about the Greylist-users mailing list