Menu
▾
▴
Re: [Sqlgrey-users] prevent multiple headers prepended for each RCPT
|
From: Lionel B. <lio...@bo...> - 2005-08-12 17:47:40
|
Sascha Lucas wrote the following on 12.08.2005 17:13 : >> There's a problem with that: nothing prevents two recipients for the >> same message from being treated differently (one can match a connect >> entry and the following matches the AWL entry just created: two >> different headers). The problem is that we don't add the header on >> delivery but way before that. We have no way of adding a header per >> RCPT TO: this is a limitation of the policy protocol. We could have >> more meaningful headers with the "RCPT TO" listed for each header but >> I'm afraid it's the best we can do. > > > I dont understand. If the 1st RCPT matches the connect entry and it is > an "reconnect ok", then you add the X-Greylist: delayed ... header. > The other RCPTs would result in a match of the from_awl table which > would result in a X-Greylist: from auto-whitelisted ... header. But > you know this instance=... allready gots it's header so sqlgrey don't > say action=PREPEND.... Ok, adding only the first header would indeed being meaningful in the example above. I was thinking of the future evolutions of SQLgrey and didn't explained myself well. The above works only because we don't use AWLs based on recipients... *yet*. In the future, SQLgrey will have an intermediate connect_awl table (with src, sender and recipient) and a rcpt_awl (with only src, recipients) in addition to the current from_awl and domain_awl (this will solve some problems - false positive and negatives that could be avoided - seen in the wild and discussed earlier on this list). They will both introduce more complex cases that won't be resolvable by allowing only a single prepend to the same instance (simply because a single mail to different recipients would be accepted for totally different reasons in some cases). Even if awls using "rcpt to"s wouldn't be used, maintaining a backlog of past instances is not that simple (nothing tells us that an instance is gone, so we will have to use heuristics to clean this backlog). There is the case of optin/optout too: the prepended header for one "optout" address has nothing to do with the awl match of another. Currently the multiple X-Greylist headers looks like a bug at first glance (I've already had reports on this). I believe adding the "rcpt to" matching each header to make them less confusing is the right thing to do. In a mail sent to 3 recipients, one of which happens to get a match in connect (another unrelated mail created the connect entry for example), another already being auto-whitelisted for this source (future rcpt_awl) and a last one which doesn't want to use greylisting at all (current optout mechanism): X-Greylist: delayed 01:21:26.853989 by SQLgrey-1.6.5 for ad...@ex... X-Greylist: recipient auto-whitelisted by SQLgrey-1.6.5 for for...@ex... X-Greylist: greylisting inactive for cri...@ex... in SQLgrey-1.6.5 On a purely theoritical level, this doesn't really make sense to try to consolidate all headers in a single one. All decisions are currently completely independent from each other and only happen to be losely related because of some choices in the current AWLs design that *will* evolve. Lionel. |
