Milter-greylist

After some discussions behind the scene with Remy Card, I repost my last
proposal about an ACL mecanism for milter-greylist, so that he can reply
on this topic and move forward to another proposal. 

I insist on the point that I don't push the syntax presented in this
document rather than another one, but IMO another proposal with another
syntax should propose the equivalent functionnality.


===== My last unanswered proposal about ACL in milter-greylist =====

We would have a first match list of greylist/whitelist keywords, each
using an ACL using a last match basis. Here is a complete proposal, I'd
appreciate if people could comment:

First, a few examples...

# first config, Dan's setup:
acl grandma {
        rcpt grandma@...
        not from friend@...
        not from another.friend@...
}
greylist grandma
whitelist default



# Second config, Remy's setup:
acl foo {
        rcpt .*@...
        not rcpt postmaster@...
}
greylist foo 
whitelist default



# And finaly, Manu's setup:
acl user1 {
        rcpt user1@...
}
acl user2 (
        rcpt user2@...
}
acl user3 {
        rcpt user3@...
}
acl mywhitelist {
        addr 193.54.0.0/16
        domain friendly.com
}
whitelist mywhitelist
greylist user1
greylist user2
greylist user3
whitelist default




default is an internally defined ACL that match anything.

It seems to me that it matches all the needs that have been described
here so far. Now, let's try to be more formal:

For each {greylist|whitelist} keyword {
        for each entry in its ACL {
                if it's addr and the IP doesn't match
                        break out of the ACL loop
                if it's domain and the domain doesn't match
                        break out of  the ACL loop
                if it's from and the sender doesn't match
                        break out of  the ACL loop
                if it's rcpt and the recipient doesn't match
                        break out of  the ACL loop
        }
        if all entries in the ACL matched or if it was void {
                retain the {greylist|whitelist} decision 
                exit the keyword loop
        }
}



The last problem is to convert the older keyword to the new framework so
that we can retain backward compatibility in the config file.

"rcpt X" in test mode will be interpreted as
acl X {
        rcpt X
}
greylist X


"rcpt X" in "normal" mode will be interpreted as
acl X {
        rcpt X
}
whitelist X
 

"{addr|from|domain} X" turns into
acl X {
        {addr|from|domain} X
}
whitelist X


Test mode turns into adding "whitelist default" at the end of the config
Normal mode turns into adding "greylist default" at the end of the
config.


We would tag as obsolete all the old syntax, but we will keep it working
for the sake of backward compatibility (did I ever explained I hated
software that broke my config files? :-) 


-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...