milter-greylist-4.5.1 is available

Here is milter-greylist-4.5.1
http://ftp.espci.fr/pub/milter-greylist/milter-greylist-4.5.1.tgz
MD5 (milter-greylist-4.5.1.tgz) = e0149825bd2912e20a57f70539b00427

Changes sinces 4.4.3:
        DNS update support
        make clean clears milter-greylist.spec
        Use ZZ for unknown GeoIP country
        Add IPv6 support for MX sync (Hajimu UMEMOTO)

A note for DNS update: it is automatically enabled at configure time if
your resolver supports it. configure tries to link a test progrem with
res_nupdate() for that. Here is an example configuration and usage to
create your own DNSRBL:

  sig "dns-update" "hmac-md5" "1B2M2Y8AsgTpgAmY7PhCfg=="
  nsupdate "bl.example.net" { rname  "%j.bl.example.net"  rvalue 
       "127.0.0.2" tsig "dns-update" }

  racl blacklist rcpt spamtrap@... nsupdate "bl.example.net"

NB: %j is the reversed sender IP address. e.g.: 192.0.2.1 becomes
1.2.0.192

On the DNS server side, iff you run BIND, you are going to have
something like this:

key "dns-update" {
        algorithm hmac-md5;
        secret "1B2M2Y8AsgTpgAmY7PhCfg==;

nsupdate support

Hi 

I am working on nsupdate support in milter-greylist, so that an action
clause in an ACL can trigger a DNS update, which enables milter-greylist
to feed a DNSRBL based on ACL conditions.

That first part works fine, but I thought about handling expiration of
added DNS record. It seems there is no way to tell the DNS that an added
entry should expire. That would suggest milter-greylist sould manage it,
which leads to a lot of complexity. 

What people think about it? Is expiration actually useful, and how to
implement it?

--

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/milter-greylist/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:

Determining how successful milter-greylist is?

Howdy -

I've just implemented milter-greylist again, and I was curious as to 
whether there is any reporting available. I'd like to know how many or 
what percentage of messages get dumped by milter-greylist.

Anyone got any tips or tricks for doing that?

Thanks!
TC

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/milter-greylist/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/milter-greylist/join
    (Yahoo! ID required)

<*> To change settings via email:
    milter-greylist-digest@... 
    milter-greylist-fullfeatured@...

<*> To unsubscribe from this group, send an email to:

how to activate geoip under debian

cleaning of milter-greylist.spec

Hello,

I think the "clean" or "realclean" target of the make
should remove the milter-greylist.spec since it is
generated from milter-greylist.spec.in.

Bests,
Attila

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/milter-greylist/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/milter-greylist/join
    (Yahoo! ID required)

<*> To change settings via email:
    milter-greylist-digest@... 
    milter-greylist-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    milter-greylist-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

[PATCH] fix a crash bug by chown socket without group [1 Attachment]

<*>[Attachment(s) from Kouhei Sutou included below]

Hi,

I attach a patch that fixes a crash.

The crash can reproduce with the following greylist.conf:

  ...
  socket "inet:30025"
  user "nobody"
  ...

Run milter-greylist as root user:

  % sudo milter-greylist

milter-greylist will be crashed.

Points:

  * "socket" is not file path. (e.g. inet:XXX, unix:XXX and so on)
  * "user" has only user. Group should not be included like
  * Run milter-greylist as root user.

Cause:

If we run milter-greylist as root user and "user"
parameter value is specified, "socket" parameter value
is chown-ed to "user" parameter value. If "socket"
parameter value is not path like "inet:30025", chown()
is always failed. And error message is logged by the
following code:

  mg_log(LOG_WARNING, "%s: cannot change \"%s\""
      " ownership to %s/%s: %s", argv[0], 
      conf.c_socket, pw->pw_name, gr->gr_name,
      strerror(errno));

"gr->gr_name" is a problem. "gr" is NULL when "user"
parameter value doesn't have group such as "nobody".

Solutions:

  (a) Don't chown() when "socket" parameter value has scheme
      such as "inet", "inet6", "unix" and "local".
  (b) Set "gr" even if "user" parameter value doesn't have
      group. (The attached patch uses this solution.)

I think that we should apply both solutions but I attach
only (b) solution. Because (b) solves more effected
problem. "gr" is used other location too. (See
code around chown(conf.c_pidfile, ...).) (a) doesn't solve
the problem.

So I think that (b) should be fixed at first. I will send a
patch for (a) after this patch is applied.

Thanks,
--
kou

<*>Attachment(s) from Kouhei Sutou:

<*> 1 of 1 File(s)
http://groups.yahoo.com/group/milter-greylist/attachments/folder/1126162638/item/list 
  <*> milter-greylist-4.4.3-fix-crash-by-chown-without-group.diff

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/milter-greylist/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/milter-greylist/join
    (Yahoo! ID required)

<*> To change settings via email:
    milter-greylist-digest@... 
    milter-greylist-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    milter-greylist-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

syncsrcaddr for IPv6 [1 Attachment]

<*>[Attachment(s) from Hajimu UMEMOTO included below]

Hi,

The syncsrcaddr does not work for IPv6.  So, I made a patch.

Sincerely,

<*>Attachment(s) from Hajimu UMEMOTO:

<*> 1 of 1 File(s)
http://groups.yahoo.com/group/milter-greylist/attachments/folder/74068139/item/list 
  <*> patch-sync.c

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/milter-greylist/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/milter-greylist/join
    (Yahoo! ID required)

<*> To change settings via email:
    milter-greylist-digest@... 
    milter-greylist-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    milter-greylist-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

--
Hajimu UMEMOTO
ume@...  ume <at> {,jp.}FreeBSD.org
http://www.mahoroba.org/~ume/

milter-greylist 4.4.3 is available

Here is milter-greylist 4.4.3
http://ftp.espci.fr/pub/milter-greylist/milter-greylist-4.4.3.tgz
MD5 (milter-greylist-4.4.3.tgz) = 19cf27dc8077a01d103fcf2f367e9509

Changes sinces 4.4.2:
        More Solaris build fixes (Jim Klimov)
        Use ZZ for unknown GeoIP country
        Fix swapped %f and %r for stat example in default greylist.conf
        Support p0f v3.06 and up with --with-p0f-src or --enable-p0f306

I will update the web page later today, so if you are paranoid, consider 
this as a phishing since the main is not in sync with the web site 

-- 
Emmanuel Dreyfus
manu@...

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/milter-greylist/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/milter-greylist/join
    (Yahoo! ID required)

<*> To change settings via email:
    milter-greylist-digest@... 
    milter-greylist-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    milter-greylist-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/

Graylisting failing in some cases

ratelimit feature mx sync

Re: GeoIP failed to lookup ip 'PRIVATE_IP'

Emmanuel Dreyfus wrote:
>> Using (nonexisting) "ZZ" country code as alias for "IP isn't" in
>> GeoIP DB"? It is IMO good solution and maybe should be taken as
>> documented official new value for testing. And maybe when there
>> would be another pseudocode for private address space, then we got
>> two additional country values for testing.
> 
> Well, if  GeoIP fail reports ZZ, then you can have acl to test local
> network without acl to test country code, no need to hardcode the logic.
> 
> Z1 and Z2 are invalid ISO 3166-1 country code, by the way.

Of course invalid, I was thinking when it should be used only for
milter internal purposes, then it is suitable - it will not interfere
with real country codes.
But I'll leave it up to Your deliberation.

Thanks, Franta Hanzlik

------------------------------------

Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/milter-greylist/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/milter-greylist/join
    (Yahoo! ID required)

<*> To change settings via email:
    milter-greylist-digest@... 
    milter-greylist-fullfeatured@...

<*> To unsubscribe from this group, send an email to:
    milter-greylist-unsubscribe@...

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/