Hi,
In <20090525095136.gb24...@piper.oerlikon.madduck.net>
"Re: how to bypass milters, whitelist hosts" on Mon, 25 May 2009 11:51:36
+0200,
martin f krafft <madd...@madduck.net> wrote:
> also sprach Kouhei Sutou <k...@clear-code.com> [2009.05.25.0148 +0200]:
>> milter manager is placed at between Postfix and milters:
>>
>> Postfix <-milter protocol-> milter manager <-milter protocol->
>> milters
>>
>> milter manager can bypass your milter if connected host is
>> whitelisted host.
>
> While this is definitely helpful, it does mean that I have to
> maintain the list of exempted hosts outside inside and outside of
> postfix, which is redundancy I'd rather avoid.
What format are you using for whitelist?
If you are using simple access(5) format, you can reuse it
easily because milter manager has embedded Ruby interpreter.
access(5) format can be parsed easily with Ruby.
milter-manager.conf:
...
# Parse simple access(5) format:
# good.example.com OK
# bad.example.com REJECT
whitelist = {}
File.read("/.../whitelist").each_line do |line|
next if /^#/ =~ line
host, action = line.split(/s+/, 2)
if action == "OK"
whitelist[host] = true
end
end
# Check host name with whitelist.
define_applicable_condition("Whitelist") do |condition|
condition.description = "Whitelist"
condition.define_connect_stopper do |context, host, address|
whitelist[host]
end
end
# Apply whitelist to all defined milters.
defined_milters.each do |name|
define_milter(name) do |milter|
milter.add_applicable_condition("Whitelist")
end
end
It seems that access(5) format support is useful.
I'll add access(5) support to milter manager in the next
stable release.
Thanks for your comment.
I got a good idea to improve milter manager. :-)
Thanks,
--
kou
