Milter-greylist and LDAP
2013-10-13 by Jim Klimov
Hello all, Our typical configuration involves a number of files (pieces of greylist.conf which are compiled into the actual config file) which include static whitelists of source hosts and domain names, and may include RCPT and FROM rules for always-accepted emails. For cases when there are several relays, these config pieces must be somehow be distributed (i.e. via CVS and a crontabbed script which pulls changes and perhaps restarts the MTA and milters). I wonder if there is a less-clumsy solution, i.e. to always look up these types of rules in LDAP (which might be easily replicated to be a locally available service on each relay)? Of course, with timestamp attributes, the LDAP information can be used to generate config files upon change instead of CVS, but perhaps it can be used directly from milter-greylist? That is, I'd like to have text files for rarely (if ever) changing keywords and rules in a given order, and keep in LDAP the following: * snippets of "addr", "domain" and "from" lists of certain trusted external sources, which can be enabled or disabled with an LDAP attribute much like they can exist but be commented away in a textual config file, perhaps one LDAP entry per trusted remote organization with its domains and hosts; * possibly a per-user activation (basically snippets for "rcpt" rule based on a boolean flag) or even per-recipient trusted source lists. From the few examples I saw in the Wiki(s) and list archives and READMEs and manpages, I guess that this is possible - but I don't really see a whole picture for this in one place (what changes should be made to the LDAP schema, what urlcheck's would query the needed attributes and make decisions, etc.) Does anyone use setups like this? Would you please care to share? :) Thanks, //Jim Klimov