sid-milter is my first try at using a milter, works great.

But users who authenticate with smtp-auth, I don't want them subjected
to the milter, and that seems to be happening, according to my tests.

I don't understand, at least not yet, the architecture of the milters
and callbacks and such, too see how to make this work.

I can do some things for myself, but I'm no sendmail guru.  Any hints
appreciated, I'm ready to hack my .cf and/or source.

[ Post a follow-up to this message ]

John Kelly wrote:
> sid-milter is my first try at using a milter, works great.
>
> But users who authenticate with smtp-auth, I don't want them subjected
> to the milter, and that seems to be happening, according to my tests.
...
> I can do some things for myself, but I'm no sendmail guru.  Any hints
> appreciated, I'm ready to hack my .cf and/or source.

What you want is usually managed by the milter itself. The milter can check 
the
content of some macros (mainly {auth_...}) to decide how to handle that
message/connection.

Contact sid-milter author, if not explained at its documentation.

[ Post a follow-up to this message ]

On Wed, 22 Feb 2006 11:17:33 +0100, Jose Marcio Martins da Cruz
<Jose-Marcio.Martins@ensmp.fr> wrote:

>John Kelly wrote:
 
[vbcol=seagreen]
>What you want is usually managed by the milter itself. The milter can check
 the
>content of some macros (mainly {auth_...}) to decide how to handle tha
t
>message/connection.

>Contact sid-milter author, if not explained at its documentation.

I imagined there was some way of using rulesets to make milter
execution conditional, but if I understand correctly, you are saying
every message is handed off to the active milters.

It would be nice if milter execution was conditional, on the basis of
rulesets, to avoid unnecessary handoffs to the milters.

Looks like I need to study the milter API and the sid-milter source so
I can hack it for my needs.

Thanks, Jose.

[ Post a follow-up to this message ]

On Wed, 22 Feb 2006 11:17:33 +0100, Jose Marcio Martins da Cruz
<Jose-Marcio.Martins@ensmp.fr> wrote:

>John Kelly wrote:
 
[vbcol=seagreen]
>What you want is usually managed by the milter itself. The milter can check
 the
>content of some macros (mainly {auth_...}) to decide how to handle tha
t
>message/connection.

Thanks for pointing me in the right direction.

I made a patch for sid-milter which exempts smpt-auth users from the
sid/spf checks.

I also patched it to fail on spf only.  There are too many problems
with sid/pra.  The results still show in the log, but any sid failure
is ignored.


--- sid-filter.c	2005-12-08 16:47:15.000000000 -0500
+++ sid-filter.c	2006-02-23 02:48:34.000000000 -0500
@@ -1569,6 +1569,7 @@
int err;
char *user;
char *domain;
+	char *auth_authen;
Context sic;

#ifndef DEBUG
@@ -1586,6 +1587,13 @@
sid_msgcleanup(ctx);

/*
+	**  Accept auth users.
+	*/
+
+	if (auth_authen = smfi_getsymval(ctx, "{auth_authen}"))
+		return SMFIS_ACCEPT;
+
+	/*
**  Don't fail on the RFC2821 bounce address.
*/

@@ -1969,7 +1977,7 @@
break;

case 2:					/* need both !FAIL */
-		if (sid_result == SM_MARID_FAIL || spf_result == SM_MARID_FAIL)
+		if (spf_result == SM_MARID_FAIL)
ret = SMFIS_REJECT;
break;

@@ -2004,7 +2012,7 @@

snprintf(errmsg, sizeof errmsg,
"Rejected due to %s policy for sender %s",
-		         (sid_result == SM_MARID_FAIL ? "Sender-ID" : "SPF"),
+		         (sid_result == SM_MARID_FAIL ? "SPF" : "SPF"),
badaddr);

if (smfi_setreply(ctx, "550", "5.7.1", errmsg) != MI_SUCCESS &&

[ Post a follow-up to this message ]

John Kelly wrote:
> On Wed, 22 Feb 2006 11:17:33 +0100, Jose Marcio Martins da Cruz
> <Jose-Marcio.Martins@ensmp.fr> wrote:

>
> I imagined there was some way of using rulesets to make milter
> execution conditional, but if I understand correctly, you are saying
> every message is handed off to the active milters.
>
> It would be nice if milter execution was conditional, on the basis of
> rulesets, to avoid unnecessary handoffs to the milters.

There is and it does.

milter-rrres

http://www.jmaimon.com/sendmail

[ Post a follow-up to this message ]