[Greylist-users] mail from internal domains not delayed?

Eric S ejs at bfd.com
Tue Jul 15 23:10:16 PDT 2003


On Tue, 15 Jul 2003, Evan Harris wrote:

> > Interesting.  Actually, I like the way I handle it in my alternate
> > greylisting implementation
>
> Your way is similar to the solution that I'm using now, except that mine
> isn't hardcoded, and will match any local interface.  You might want to
> change yours the same way.

Well, I'd still have to hardcode something, or put it in a database,
because while I want the external ethernet interface to be considered
local, the rest of the addresses on that subnet belong to a cable-modem
provider with a very bad reputation.  On the other hand, the other address
blocks on the various interfaces are under my control, so any addresses on
those subnets should be considered local.

> So, where is your code?  Got a url for us, so we can look it over?  If you
> like, I can give you a space in the cvs server here as another
> implementation.

Once I hammer out the instability and clean up the code enough that I'm
not embarrassed by it, I'll put it up.  As is, it's a jumble of unplanned
code that just grew to the point that it did what I wanted it to.  It's no
wonder it's unstable.

I don't know why it's crashing at 3:03, but I know what triggers it: any
message that comes in locally and doesn't go anywhere.  It's the nightly
security reports that are crashing the mail server, and I've been able to
recreate the crash just by running the mail command and sending email to
myself.  Now that I can recreate it, all I need is some free time to debug
it.

> > $dataRef (where I keep all data, and even gather all the headers) gets
> > pickled at the end of each callback, and restored when the next callback
> > is called, so I always have that flag available, and that's how I
> > determine if I should do a greylist test (or autowhitelist in the near
> > future).
>
> Yeah, early on, I tried to use a hash to pass between the callbacks, and
> Sendmail::Milter didn't like it, so I went to the null delimited string I'm
> using now.

I'm not storing the reference itself.  The pickling process turns the ref
into a plain string, and unpickling recreates a reference with similar
contents.  Worked fine until my latest changes, so I doubt the new
instability has anything to do with this process, though I might
base64-encode the pickle just to be sure.  I might also play around with
the pmilter module, which is an alternate implementation of
Sendmail::milter that doesn't require threaded perl.  That way I should be
able to have global data.

> > The various IP addresses that the regex matches are the machines that that
> > server will relay for.
>
> Why aren't you just putting those in the db instead of hardcoding them?

I'll probably get there, especially since my data format allows for CIDR
blocks, though not gracefully.  At first, I was having problems with
authenticating to mysql, I couldn't even get in as myself on the command
line, my last MySQL upgrade had botched something, so I did what I could
without a database, just to get my feet wet in Milter programming.



More information about the Greylist-users mailing list