Milter-greylist

Just wondering if there are any known bugs with milter-greylist 1.4
using the "subnetmatch" and "attr" greylist.conf keywords?

I have tried "subnetmatch /24" and "subnetmatch 24" in greylist.conf, and
"-L 24" from the command-line, and none of them seem to be working. Even
after one machine gets through the waiting period, is autowhitelisted,
and can send without being greylisted... another machine in the same
class C still get greylisted for the exact same sender and recip. The
IP addresses in greylist.db are complete (they don't end in .0) --
not sure if that's as it should be.

Also, I have added "attr 192.168.0.0/16" to my greylist.conf, but machines
in that class B are all still forced through greylisting anyway.

Is there any way other than "verbose" on greylist.conf to get it to log
more -- show details while it's parsing greylist.conf, display errors,
etc.? Anything more I can do to troubleshoot? Thanks.

-- 
Brent J. Nordquist <b-nordquist@...> N0BJN
Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html

Brent J. Nordquist <b-nordquist@...> wrote:

> Just wondering if there are any known bugs with milter-greylist 1.4
> using the "subnetmatch" and "attr" greylist.conf keywords?

Do you have the same problem with the latest version?

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...

On Tue, Nov 02, 2004 at 11:13:21PM +0100, manu@... wrote:
> Brent J. Nordquist <b-nordquist@...> wrote:
> 
> > Just wondering if there are any known bugs with milter-greylist 1.4
> > using the "subnetmatch" and "attr" greylist.conf keywords?

Sorry, I meant "addr" as one person pointed out. I do have the correct
keyword in my greylist.conf file ("addr") and I know it's picking those
up because it doesn't greylist from 127.0.0.1, and it's the same format:

$ grep '^subnetmatch ' /etc/mail/greylist.conf
subnetmatch /24
$ grep '^addr ' /etc/mail/greylist.conf
addr 127.0.0.0/8
addr 192.168.0.0/16
addr 12.5.136.141/32    # Southwest Airlines (unique sender, no retry)
[...]

Plus other settings in greylist.conf ("greylist 2m" for testing) are
getting picked up.

> Do you have the same problem with the latest version?

So, I went ahead and compiled 1.5.11, and I'm getting the same result.
The "subnetmatch" in greylist.conf appears to be ignored; even after
one host is autowhitelisted, another in the same subnet is still
greylisted. And the "addr" for my local subnet appears to be ignored;
hosts in that subnet still get greylisted the first time.

Any more thoughts on how I can troubleshoot this? Thanks much.

-- 
Brent J. Nordquist <b-nordquist@...> N0BJN
Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html

On Wed, Nov 03, 2004 at 07:31:31AM -0600, Brent J. Nordquist wrote:
> So, I went ahead and compiled 1.5.11, and I'm getting the same result.
> The "subnetmatch" in greylist.conf appears to be ignored; even after
> one host is autowhitelisted, another in the same subnet is still
> greylisted. And the "addr" for my local subnet appears to be ignored;
> hosts in that subnet still get greylisted the first time.

Does it occurs if you remove the subnetmask keyword?

-- 
Emmanuel Dreyfus
manu@...

On Wed, Nov 03, 2004 at 01:53:43PM +0000, Emmanuel Dreyfus wrote:
> Does it occurs if you remove the subnetmask keyword?

- Removed the subnetmask keyword
- Stopped milter-greylist
- Removed greylist.db
- Started milter-greylist, saw "starting with an empty list" in logfile
- Tried again

It still greylists a client from the subnet in my "addr" exclusion.
I can see the client's address in the logfile, it's within the subnet
I've excluded.

-- 
Brent J. Nordquist <b-nordquist@...> N0BJN
Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html

Brent J. Nordquist <b-nordquist@...> wrote:

> It still greylists a client from the subnet in my "addr" exclusion.
> I can see the client's address in the logfile, it's within the subnet
> I've excluded.

Run milter-greylist -Dv and report the output during initialization.

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...

On Wed, Nov 03, 2004 at 08:38:34PM +0100, manu@... wrote:
> Run milter-greylist -Dv and report the output during initialization.

AHA. That's what I needed. The line right above subnetmask and the addr
lines had a syntax error. Apparently even with "verbose" in the .conf
file, it doesn't print anything to the log when that happens, it aborts
processing the rest of the .conf file, but it goes ahead and starts the
milter anyway with the options it did get. I'm not sure that's the best
strategy. :-)

But anyway, "-Dv" revealed the error for me and I've fixed it. Now
it's working. Thanks very much for that tip!

-- 
Brent J. Nordquist <b-nordquist@...> N0BJN
Other contact information: http://kepler.its.bethel.edu/~bjn/contact.html

Brent J. Nordquist <b-nordquist@...> wrote:

> AHA. That's what I needed. The line right above subnetmask and the addr
> lines had a syntax error. Apparently even with "verbose" in the .conf
> file, it doesn't print anything to the log when that happens, it aborts
> processing the rest of the .conf file, but it goes ahead and starts the
> milter anyway with the options it did get. I'm not sure that's the best
> strategy. :-)

No, it's probably not. On an error we should keep the previous config
(or abort if it's at startup), and issue an error message. Do you want
to submit a patch that fixes that? 

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...