[BlueOnyx:20260] Re: AV-Spam 6 - removing domain from greylisting (solved)

Colin Jack colin at mainline.co.uk
Thu Nov 17 08:32:02 -05 2016 

Ignore this - I have just re-read the milter docs:

domain This  clause  selects  source  machines based on their DNS name,
              performing a suffix search.  For instance, this  will  whitelist
              any machine in the example.net domain:

This whitelists the SOURCE domain not the RECIPIENT domain.
The GUI says " Whitelisted Recipient Domains" ... hence the confusion.

Colin

________________________

Hi Michael,

> Please take a look at "Whitelisted Senders". The helptext reads as:
> 
> -----------------
> IP addresses (and IP address ranges) specified here will never be subjected to
> delays by Greylist-Milter. Their emails are accepted without delay. Please
> specify single IP addresses with a /32 at the end.
> Example: The whitelist entry for 192.168.10.1 should read:
> 192.168.10.1/32. You can also whitelist entire network address ranges.
> Example: 192.168.0.0/16
> -----------------
> 
> It's network addresses and it only affects Greylisting. Whitelisted IP's and IP
> address ranges aren't subjected to the Greylisting delay.
> 
> > Instead you must enter each specific email address
> 
> Whitelisted Email Recipients" takes email addresses (with wildcard) and that boxes under 'Milter Greylisting Configuration'
> will whitelist emails from being marked as SPAM by SpamAssassin.
> 
> I see that there are versions of the AV-SPAM that (incorrectly) say you can
> whitelist by domain name for Greylisting, but this is not correct.
> The Whitelist and Blacklist settings that accept email addresses are for
> SpamAssassin, not Greylisting.

I am a bit confused on this too. I think you have misread the problem.

The GUI shows three boxes under 'Milter Greylist Configuration':
Whitelisted Senders
Whitelisted Email Recipients
Whitelisted Recipient Domains

Entries in the first two work fine but putting domains in the last doesn't. The mail still gets greylisted.
I am just putting in the domain name as per the help (so domain.com - not @domain.com etc.)

All three boxes write correctly to the greylist.conf milter configuration file:

# List of domains that DO NOT want greylisting:
list "nongrey domains" domain { \
       domain.co.uk \
       bbc.co.uk \
       domain.com \
}

# And here is the access list:
racl whitelist list "my_network"
racl whitelist list "broken_mta"
racl whitelist list "greylist_extra"
racl whitelist list "nongrey users"
racl whitelist list "nongrey domains"

So the milter is not using the access list for domains.

>From the greylist milter docs:

domain This  clause  selects  source  machines based on their DNS name,
              performing a suffix search.  For instance, this  will  whitelist
              any machine in the example.net domain:

                racl whitelist domain example.net

              Suffix  search  matching   means, for example, that gle.com will
              match google.com. If you want domain names to match on subdomain
              boundaries  (e.g.   gle.com  will match mail.gle.com and gle.com
              but not google.com) then enable domainexact

So why is this not working? 

Regards

Colin

More information about the Blueonyx mailing list