Robert wrote: > On Sat, Aug 26, 2006 at 11:58:22AM -0600, Gary V wrote: >> Robert wrote: >> >> > - (new) inet/daemon mode support added, default port 12525 >> >> Should this not be limited to 127.0.0.1 (or other configurable) address?
> You're right. I have totally forgotten that option when I tried to restrict > access to that port. After I realized that I first have to accept() a request > before I can reject (i.e. parse and close()) it I have dropped that ACL idea, > and with that any thinking of the option to bind only to a specific address. > I'm not certain whether it would be worth the trouble to support a set of > IPs > to bind to. Suggestions? We would have to create for each IP an own > listener > and to select over those and to maintain those. Thanks for getting that done so quickly. Personally I'm happy as far as only having one (or all) listening address(s) goes. After I installed 0.1.13 beta over the top of 0.1.13 beta 1, I got: Aug 26 14:25:29 sfa postfix/policydweight[6299]: warning: cache: syntax error in file /etc/policyd-weight.conf: Global symbol "$BIND_ADDRESS" requires explicit package name at (eval 15) line 15. This is after I stopped policyd-weight and the cache. Looks like I should have also deleted the cache file after doing so. A reboot must have done it for me. I assume /tmp/policyd-weight is the cache file I should have deleted (after stopping the processes). ######################################## I am confused about something. You say: $DEFER_ACTION = "450"; # possible values: DEFER_IF_PERMIT, # DEFER_IFREJECT, # 4xx response codes. See also access(5) $DEFER_LEVEL = 5; # DEFER mail only up to this level # scores greater than DEFER_LEVEL will be # rejected So I would think at a score of 1.5, policyd-weight would send a 450 code, but I see a 550 code: Aug 26 14:31:54 sfa postfix/policydweight[2543]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 NOT_IN_SPAMCOP=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .example. - helo: .gary.) FROM_NOT_FAILED_HELO=3 <client=192.168.1.41> <helo=gary> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>, rate: 1.5 Aug 26 14:31:54 sfa postfix/policydweight[2543]: decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: gary, MTA hostname: unknown[192.168.1.41] (helo/hostname mismatch) Aug 26 14:31:54 sfa postfix/smtpd[2539]: NOQUEUE: reject: RCPT from unknown[192.168.1.41]: 550 <[EMAIL PROTECTED]>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: gary, MTA hostname: unknown[192.168.1.41] (helo/hostname mismatch); from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<gary> Maybe I don't understand. Personally, I would rather see the 5xx code as happened here. If mail is going to get rejected in the end, the sooner the better. Otherwise it may take days for the sender of legitimate mail to be notified their message was not delivered. Unless you want to constantly monitor when policyd-weight sends 450 codes, and then manually whitelist chosen clients, I don't see why a mechanism like policyd-weight would ever want to say there has been a temporary failure. Gary V ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/