Jim Klimov
2013-10-13 11:11:24 UTC
Hello all,
Our typical configuration involves a number of files (pieces of
greylist.conf which are compiled into the actual config file) which
include static whitelists of source hosts and domain names, and may
include RCPT and FROM rules for always-accepted emails. For cases
when there are several relays, these config pieces must be somehow
be distributed (i.e. via CVS and a crontabbed script which pulls
changes and perhaps restarts the MTA and milters).
I wonder if there is a less-clumsy solution, i.e. to always look
up these types of rules in LDAP (which might be easily replicated
to be a locally available service on each relay)? Of course, with
timestamp attributes, the LDAP information can be used to generate
config files upon change instead of CVS, but perhaps it can be used
directly from milter-greylist?
That is, I'd like to have text files for rarely (if ever) changing
keywords and rules in a given order, and keep in LDAP the following:
* snippets of "addr", "domain" and "from" lists of certain trusted
external sources, which can be enabled or disabled with an LDAP
attribute much like they can exist but be commented away in a
textual config file, perhaps one LDAP entry per trusted remote
organization with its domains and hosts;
* possibly a per-user activation (basically snippets for "rcpt" rule
based on a boolean flag) or even per-recipient trusted source lists.
From the few examples I saw in the Wiki(s) and list archives and
READMEs and manpages, I guess that this is possible - but I don't
really see a whole picture for this in one place (what changes should
be made to the LDAP schema, what urlcheck's would query the needed
attributes and make decisions, etc.)
Does anyone use setups like this? Would you please care to share? :)
Thanks,
//Jim Klimov
Our typical configuration involves a number of files (pieces of
greylist.conf which are compiled into the actual config file) which
include static whitelists of source hosts and domain names, and may
include RCPT and FROM rules for always-accepted emails. For cases
when there are several relays, these config pieces must be somehow
be distributed (i.e. via CVS and a crontabbed script which pulls
changes and perhaps restarts the MTA and milters).
I wonder if there is a less-clumsy solution, i.e. to always look
up these types of rules in LDAP (which might be easily replicated
to be a locally available service on each relay)? Of course, with
timestamp attributes, the LDAP information can be used to generate
config files upon change instead of CVS, but perhaps it can be used
directly from milter-greylist?
That is, I'd like to have text files for rarely (if ever) changing
keywords and rules in a given order, and keep in LDAP the following:
* snippets of "addr", "domain" and "from" lists of certain trusted
external sources, which can be enabled or disabled with an LDAP
attribute much like they can exist but be commented away in a
textual config file, perhaps one LDAP entry per trusted remote
organization with its domains and hosts;
* possibly a per-user activation (basically snippets for "rcpt" rule
based on a boolean flag) or even per-recipient trusted source lists.
From the few examples I saw in the Wiki(s) and list archives and
READMEs and manpages, I guess that this is possible - but I don't
really see a whole picture for this in one place (what changes should
be made to the LDAP schema, what urlcheck's would query the needed
attributes and make decisions, etc.)
Does anyone use setups like this? Would you please care to share? :)
Thanks,
//Jim Klimov