-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hanno Hecker wrote:
> On Sat, 15 Nov 2008 14:08:21 -0500 Vincas C(iz(iu-nas
> <[EMAIL PROTECTED]> wrote:
>
>> I've modified the dns_whitelist_soft plugin to read something
>> similar to a postgrey style list of whitelist hosts. My plugins
>> file mentions it right before the greylisting
> You should not return OK from a rcpt hook unless you want to accept
> this recipient. Your current code accepts every local recipient
> and does not check if it exists. It also means that no plugin will
> run after this plugin for the "rcpt" hook. If you want to go on
> with plugin processing, just return DECLINED.
>
> Hanno
>
> P.S.: you probably also want to use
> $self->qp->connection->remote_host instead of doing the
> gethostbyname call yourself, which may return undef...
>
The problem that I was describing was in the newwhitelist plugin. I
returned OK from the hosts that were matched on the whitelist and it
still went on to the greylist plugin. The reason I am not checking if
every local recipient exists is that many of my local recipients are
ldap users, and I have an odd situation where I am using postfix as a
local delivery agent with virtual hosts that have virtual users that
qpsmtpd declines if I check each recipient. My primary concern is
this bit of code in newwhitelist:
# is $h a hostname ?
if($h =~ /[a-zA-Z]+/) {
# is $h a regex ?
if($h =~ m|/|) {
my $h2 = $h;
$h2 =~ s/\///g;
if($ptr =~ /$h2/) {
$self->qp->connection->notes('whitelisthost', 1);
$self->log(2,"GOWHITELIST $h");
return OK;
}
}
# not a regex? simply compare
else{
if($ptr eq $h) {
$self->qp->connection->notes('whitelisthost', 1);
return OK;
}
}
}
# okay, $h is an ip-type
elsif($h =~ /[\d.]+/) {
# is $h a regex ?
if($h =~ m|/|) {
my $h2 = $h;
$h2 =~ s/\///g;
if ($ip =~ /$h2/) {
$self->qp->connection->notes('whitelisthost', 1);
return OK;
}
}
else {
if ($ip eq $h) {
$self->qp->connection->notes('whitelisthost', 1);
return OK;
}
}
}
}
return DECLINED;
I could be gravely mistaken in my understanding of the whitelist
plugins, but shouldn't the connection notes carry over to the greylist
plugin? Or should the greylist plugin not even get involved when I
return OK, because it appears to be. In that case, I suspect I have
another problem.
Thank you for your help,
Vincas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkgNmIACgkQJgIQoNu92Fx7PQCbB0ORpOqP6bctOmnIA/QQyWVH
Ui0AnijAftEfnqo822oTgxNTzRALg+4J
=hoZ1
-----END PGP SIGNATURE-----
