sqlgrey-users

[Sqlgrey-users] Current TODO list

[Lionel B. <lio...@bo...>]

This is roughly organised by priority. Did I miss something ?

-- BEGIN
1.4.x
- fix EGID bug (done in CVS),
- allow distributing whitelists from a central point
 . reload whitelists on SIGUSR1 (done in CVS, not tested)
 . separate script which updates the whitelist and calls SIGUSR1
- send mails (adjustable rate) to postmaster when the database goes down 
and comes back
- make maint_delay configurable

1.5.x development releases
- use time units everywhere to make configuration easier (add safety 
barriers ?)
- experiment with SPF support
- consider optin/optout (is it easy to do with Postfix? Then provide an 
HOWTO
  else code it in SQLgrey and document it)
- support migrating from another greylister by calling it to learn its 
auto-whitelists
- external cleanup process/experiment with an adaptative cleanup algorithm

As soon as available...
- gather enough perf data to decide on indices to add

-- END

I thought that starting with 1.4.0 development would slow down :-)

People asking for whitelist reloads probably noticed that I don't use 
SIGHUP for whitelists reloading as initially planned. This is because 
when I implemented the reloading code in SQLgrey I discovered that 
SIGHUP handling was done by Net::Server. I tried to use the appropriate 
hooks to reload the whitelists but it seems Net::Server::Multiplex 
SIGHUP handling is buggy (seems there's a race condition related to the 
pidfile removal when it restarts the process that leads to a complete 
crash), so I went the USR1 way...

When the example script and the distribution server are both ready I'll 
release 1.4.1.

Lionel.

Re: [Sqlgrey-users] Current TODO list

[Farkas L. <lf...@bp...>]

Lionel Bouton wrote:
> This is roughly organised by priority. Did I miss something ?
 > ...
> 1.5.x development releases
> - use time units everywhere to make configuration easier (add safety 
> barriers ?)
> - experiment with SPF support

imho it'd be better to leave spf for another policy daemon (and there 
are exist many good one). a greylist server should have to be only a 
greylist server no more no less! i can repeat only two phrases:
- simplicity, generality, clarity!
- a program is not ready when there is no more think to add, it's ready 
when there is nothing to remove!

just my 2c:-)

-- 
   Levente                               "Si vis pacem para bellum!"

Re: [Sqlgrey-users] Current TODO list

[Lionel B. <lio...@bo...>]

Farkas Levente wrote the following on 12/15/04 10:39 :

>
> imho it'd be better to leave spf for another policy daemon (and there 
> are exist many good one). a greylist server should have to be only a 
> greylist server no more no less! i can repeat only two phrases:
> - simplicity, generality, clarity!
> - a program is not ready when there is no more think to add, it's 
> ready when there is nothing to remove!


I agree on the principle. But here's the idea : if a domain uses SPF in 
a way that makes a connection authorized or forbidden it can help the 
decision process :
- connection forbidded : don't try to greylist. This can be done at the 
Postfix level by chaining policy daemons,
- connection authorized : you have 2 options, trust the domain admins 
and don't greylist or add your verification level by greylisting. I 
wonder if it's easy to configure in Postfix or even doable.
- SPF can't help us (no record applying to the connection) : we want to 
greylist.

I'm not yet fluent enough in Postfix configuration to write an HOWTO 
detailing how to configure it properly when using a separate SPF policy 
daemon. This is why the word "experiment" is used and this is left to do 
in development versions...

>
> just my 2c:-)
>

Don't worry, if it's simple to separate SPF and greylisting by 
configuring Postfix properly, I'll probably develop a pure SPF policy 
daemon or reuse one that fits our needs and write an howto for combining 
them. The goal is to have *optional* SPF support.

Best regards,

Lionel.