From: Michael E. <el...@ma...> - 2004-10-27 00:03:21
|
On Mon, Oct 25, 2004 at 03:36:15PM -0700 or thereabouts, Murray S. Kucherawy wrote: > Getting caught up on this list. Sorry for falling behind but other > priorities prevailed... > > On Thu, 21 Oct 2004, Michael Elliott wrote: > > Well, from my evaluation viewpoint there are a few more fundementals > > that need to be dealt with before sid-filter can be used in a production > > environment. > > > > 1) It does not deal with authorized clients easily. There is > > -a peerlist and -d domains,to,ignore as a static listing > > of clients. But there is no dynamic processing of authorized clients. > > a) SMTP-AUTH is the what clients are supposed to move to for roaming > > access. Except, there is no provision for checking it in sid-filter. > > Looking at the {auth_type} and other {auth_*} records should make > > this easy. > > I did add this to the dk-milter package. It's easy to clone the same > feature in sid-milter. Can you open an RFE on Sourceforge to remind me? Done. > > d) /etc/mail/access should be read and processed. This info should > > not have to be duplicated in the -a peerlist and -d domains. > > Why? 3 Cases: A) Some idiot users will/can not use one of the other authentification methods so I occasionally have to use From:id...@my... RELAY in my access.db file. Luckily I am down to about 0.1% of my userbase that needs this. They just cannot seem to hit receive before send and refuse to upgrade from Window 95. We enforce responsibility for this poorly chosen option with $100+ fines for abuse by them or others. So, we don't see as much trouble as expected. B) Milter-sid-To:ab...@my... OK Milter-sid-To:pos...@my... OK or the more general case To:ab...@my... OK To:use...@my... OK I need to be able override the default filtering check (which would be reject to be effective) for an individual user. Some customers have spa...@do..., some just do not trust any filtering and want to see every message. C) My client for email and web has a static IP DSL line from someone else AND badly published spf records. (otherwise, could be done inside spf) Milter-sid-Connect:a.b.c.d OK If you say, well add it to the peer list, I would counter with "I don't want to stop and restart the milter every time I have to add an address." My sendmail process has been running for 4 months, why can't my milter? See http://www.milter.info/milter-gris/index.shtml as a better explantion and good implementation of what I am asking for. I currently run that milter modified to also accept popauth/DRACd. Case B is the only one with a strong argument for it, but as an ISP, I need to deal with cases in the three sigma range. Case and point, I still have !path uucp customers. Until the ISPs can handle all cases, they won't install the software. Until the ISPs install the software, this is a hobby project. -Mike Elliott |