Discussion:
tarpit auto-whitelisting
Frank Doepper fd-sfFF5QgwKyo@public.gmane.org [milter-greylist]
2014-06-21 21:05:05 UTC
Permalink
Hi,

thank you for providing milter-greylist and tarpit.
acl whitelist tarpit 65s
This ACL means that clients that can wait a response in
65s are whitelisted. If the clients access again, they are
acceptted without lazy response because they are in
auto-whitelist.
It seems that this auto-whitelisting does not work. Assumed that the
sender is able to wait, messages are accepted after waiting, but
subsequent messages with identical host,from,rcpt tuples have to wait
again and again. No AUTO line (no line at all) is put into the DB.

With a test config snippet

racl whitelist rcpt /b/ tarpit 10s

debugging output is

Jun 19 15:58:23 host milter-greylist: created: x.x.x.x from <a> to <b> delayed for 00:30:00
Jun 19 15:58:33 host milter-greylist: removed: x.x.x.x from <a> to <b>
Jun 19 15:58:33 host sm-mta[26004]: s5JDwMg9026004: from=<a>, size=217, class=0, nrcpts=1, msgid=<***@host>, proto=ESMTP, daemon=MTA-v6, relay=relay [x.x.x.x]
Jun 19 15:58:33 host sm-mta[26004]: s5JDwMg9026004: Milter add: header: X-Greylist: Recipient e-mail whitelisted, Sender IP whitelisted by MX, Message whitelisted by tarpit 10s, ACL 127 matched, not delayed by milter-greylist-4.5.11 (host [y.y.y.y]); Thu, 19 Jun 2014 15:58:33 +0200 (CEST)

Do I miss something? All I need is the documented behaviour.
At first. ;-)

Best regards,
Frank.



------------------------------------
Posted by: Frank Doepper <fd-***@public.gmane.org>
------------------------------------
Frank Doepper fd-sfFF5QgwKyo@public.gmane.org [milter-greylist]
2014-06-23 10:28:24 UTC
Permalink
Hi,
Post by Frank Doepper fd-***@public.gmane.org [milter-greylist]
acl whitelist tarpit 65s
This ACL means that clients that can wait a response in
65s are whitelisted. If the clients access again, they are
acceptted without lazy response because they are in
auto-whitelist.
It seems that this auto-whitelisting does not work. Assumed that the
sender is able to wait, messages are accepted after waiting, but
subsequent messages with identical host,from,rcpt tuples have to wait
again and again. No AUTO line (no line at all) is put into the DB.
With a test config snippet
racl whitelist rcpt /b/ tarpit 10s
debugging output is
Jun 19 15:58:23 host milter-greylist: created: x.x.x.x from <a> to <b> delayed for 00:30:00
Jun 19 15:58:33 host milter-greylist: removed: x.x.x.x from <a> to <b>
Jun 19 15:58:33 host sm-mta[26004]: s5JDwMg9026004: Milter add: header: X-Greylist: Recipient e-mail whitelisted, Sender IP whitelisted by MX, Message whitelisted by tarpit 10s, ACL 127 matched, not delayed by milter-greylist-4.5.11 (host [y.y.y.y]); Thu, 19 Jun 2014 15:58:33 +0200 (CEST)
Do I miss something? All I need is the documented behaviour.
I had a look at milter-greylist.c, line 802ff:

if (sleep_duration > 0) {
if (sleep_duration > priv->priv_max_tarpitted)
priv->priv_max_tarpitted = sleep_duration;
priv->priv_total_tarpitted += sleep_duration;
sleep(sleep_duration);
} else {
if (priv->priv_sr.sr_whitelist & EXF_WHITELIST) {
tuple.updatetype = TU_AUTOWHITE;
mg_tuple_update(&tuple);
}
}

it seems to me, after the "sleep(sleep_duration)" the entry would have to
be autowhitelisted, just if the the sender continues to send the mail. How
to accomplish this? real_envrcpt() does not get called again in this
session, and the entry is never autowhitelisted.

May someone have a look at it? I hesitate to put my dirty fingers on this
code. ;-)

Best regards,
Frank.



------------------------------------
Posted by: Frank Doepper <fd-***@public.gmane.org>
------------------------------------
Emmanuel Dreyfus manu-S783fYmB3Ccdnm+yROfE0A@public.gmane.org [milter-greylist]
2014-06-23 12:19:44 UTC
Permalink
Post by Frank Doepper fd-***@public.gmane.org [milter-greylist]
May someone have a look at it? I hesitate to put my dirty fingers on this
code. ;-)
Well, I did not write that part. Anyone?
--
Emmanuel Dreyfus
manu-S783fYmB3Ccdnm+***@public.gmane.org


------------------------------------
Posted by: Emmanuel Dreyfus <manu-S783fYmB3Ccdnm+***@public.gmane.org>
------------------------------------
Frank Doepper fd-sfFF5QgwKyo@public.gmane.org [milter-greylist]
2014-06-23 15:41:41 UTC
Permalink
<*>[Attachment(s) from Frank Doepper included below]
Post by Emmanuel Dreyfus manu-S783fYmB3Ccdnm+***@public.gmane.org [milter-greylist]
Post by Frank Doepper fd-***@public.gmane.org [milter-greylist]
May someone have a look at it? I hesitate to put my dirty fingers on this
code. ;-)
Well, I did not write that part. Anyone?
I think I've got it. Patch attached.

Frank.

<*>Attachment(s) from Frank Doepper:


<*> 1 of 1 File(s) https://groups.yahoo.com/neo/groups/milter-greylist/attachments/1872750082;_ylc=X3oDMTJyZnAwZzI5BF9TAzk3MzU5NzE0BGdycElkAzEyNzYzNTQ2BGdycHNwSWQDMTcwNzI4MTk0MgRzZWMDYXR0YWNobWVudARzbGsDdmlld09uV2ViBHN0aW1lAzE0MDM1MzgxMjM-
<*> tarpit.patch

------------------------------------
Posted by: Frank Doepper <fd-***@public.gmane.org>
------------------------------------
manu-S783fYmB3Ccdnm+yROfE0A@public.gmane.org [milter-greylist]
2014-06-24 00:32:26 UTC
Permalink
Post by Frank Doepper fd-***@public.gmane.org [milter-greylist]
Post by Emmanuel Dreyfus manu-S783fYmB3Ccdnm+***@public.gmane.org [milter-greylist]
Well, I did not write that part. Anyone?
I think I've got it. Patch attached.
Patch does not apply. What milter-greylist version are you using?
Please redo with diff -U16 so that I can be sure where it belongs in the
file.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu-S783fYmB3Ccdnm+***@public.gmane.org


------------------------------------
Posted by: manu-S783fYmB3Ccdnm+***@public.gmane.org (Emmanuel Dreyfus)
------------------------------------
Frank Doepper fd-sfFF5QgwKyo@public.gmane.org [milter-greylist]
2014-06-24 11:20:44 UTC
Permalink
Post by Frank Doepper fd-***@public.gmane.org [milter-greylist]
Post by Emmanuel Dreyfus manu-S783fYmB3Ccdnm+***@public.gmane.org [milter-greylist]
Well, I did not write that part. Anyone?
I think I've got it. Patch attached.
Patch does not apply. What milter-greylist version are you using? Please
redo with diff -U16 so that I can be sure where it belongs in the file.
Sure? I use 4.3.9, but the patch applies to 4.4.3 and 4.5.11, too.

I redo it with -U16 and put it there: http://taz.de/~fd/stuff/tarpit.patch

Best regards,
Frank.



------------------------------------
Posted by: Frank Doepper <fd-***@public.gmane.org>
------------------------------------
Kouhei Sutou kou-47bBu47LQD2lQ9BUahrlcQ@public.gmane.org [milter-greylist]
2014-06-24 02:31:33 UTC
Permalink
Hi,

In <alpine.LNX.2.02.1406212302210.1949-bi+AKbBUZKY6gyzm1THtWbp2dZbC/***@public.gmane.org>
"[milter-greylist] tarpit auto-whitelisting" on Sat, 21 Jun 2014 23:05:05 +0200,
Post by Frank Doepper fd-***@public.gmane.org [milter-greylist]
acl whitelist tarpit 65s
This ACL means that clients that can wait a response in
65s are whitelisted. If the clients access again, they are
acceptted without lazy response because they are in
auto-whitelist.
It seems that this auto-whitelisting does not work. Assumed that the
sender is able to wait, messages are accepted after waiting, but
subsequent messages with identical host,from,rcpt tuples have to wait
again and again. No AUTO line (no line at all) is put into the DB.
With a test config snippet
racl whitelist rcpt /b/ tarpit 10s
debugging output is
Jun 19 15:58:23 host milter-greylist: created: x.x.x.x from <a> to <b> delayed for 00:30:00
Jun 19 15:58:33 host milter-greylist: removed: x.x.x.x from <a> to <b>
Jun 19 15:58:33 host sm-mta[26004]: s5JDwMg9026004: Milter add: header: X-Greylist: Recipient e-mail whitelisted, Sender IP whitelisted by MX, Message whitelisted by tarpit 10s, ACL 127 matched, not delayed by milter-greylist-4.5.11 (host [y.y.y.y]); Thu, 19 Jun 2014 15:58:33 +0200 (CEST)
Do I miss something? All I need is the documented behaviour.
Could you also provide expected debugging output?
I can't understand about the expected behavior yet.


Thanks,
--
kou


------------------------------------
Posted by: Kouhei Sutou <kou-***@public.gmane.org>
------------------------------------
Frank Doepper fd-sfFF5QgwKyo@public.gmane.org [milter-greylist]
2014-06-24 11:28:57 UTC
Permalink
Post by Kouhei Sutou kou-***@public.gmane.org [milter-greylist]
Could you also provide expected debugging output?
I can't understand about the expected behavior yet.
I would expect something like:

Jun 24 13:17:19 host milter-greylist: s5OBHIxX025868: skipping greylist because tarpit is requested, (from=<from-***@public.gmane.org>, rcpt=<to-***@public.gmane.org>, addr=host.example.com[8.8.8.8]) ACL 237
Jun 24 13:17:19 host milter-greylist: s5OBHIxX025868: addr 8.8.8.8 from <from-***@public.gmane.org> rcpt <to-***@public.gmane.org>: autowhitelisted for another 36:00:00

Maybe this was not intended by your code, but I interpreted the docs ("If
the clients access again, they are accepted without lazy response because
they are in auto-whitelist." this way.

Best regards,
Frank.



------------------------------------
Posted by: Frank Doepper <fd-***@public.gmane.org>
------------------------------------

Loading...