[Greylist-users] qmail implementation - correct this time, I hope

Eirik Oeverby ltning-greylist at anduin.net
Fri Jun 27 12:03:50 PDT 2003


I've implemented your patch and a envelope-scanner script successfully,
though it still won't apply cleanly to the freebsd port. I have tried
before and after the freebsd patches were applied.

There is one big disadvantage with the way you have implemented this,
though I don't see how you could have done it differently: It leaves no
room for delaying the check until *after* the DATA phase.

As described in the original greylisting document, this can be necessary
in some cases, for example when an exim (or other) MTA issues a callback
to verify the sender. This will fail if we issue a temporary failure
immediately following the RCPT TO command. As described in the document,
the MTAs doing this will simply await a positive response to the RCPT_TO
and then abort the SMTP connection. In the case of a spammer or whatever
trying to imitate this to get through, we need to be able to issue a
tempfail AFTER the DATA phase.

Do you have any ideas as to how to implement this? One way would be to
create another function in qmail-smtpd to be called after the DATA
phase, if the envelope scanner returns an exit code commanding this (The
envelope check will determine if another check after the DATA phase is
necessary, and return accordingly, letting qmail-smtpd know if it should
run the next check aswell - this would make sure the additional load is
not too high).


On Thu, 26 Jun 2003 17:03:06 -0600 (MDT)
Tony Arcieri <tarcieri at atmos.colostate.edu> wrote:

> Here's another patch with some more changes.  The (now)
> envelope_scanner() function call was in the wrong location.  It's now
> no longer called if the RELAYCLIENT environment variable is set.
> I also renamed the executed program from qmail-env-scanner to
> qmail-envelope-scanner as people suggested 'env' is traditionally
> used to represent 'environment' and thus it could be easily confused.
> Tony Arcieri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.puremagic.com/pipermail/greylist-users/attachments/20030627/d2f50232/attachment-0001.bin

More information about the Greylist-users mailing list