Re: milter-greylist not blacklisting

On Fri, Sep 19, 2025 at 01:47:34PM -0600, Gary Aitken wrote:
> On 9/18/25 21:21, Steve Rikli wrote:
> > On Thu, Sep 18, 2025 at 08:46:26PM -0600, Gary Aitken wrote:
> > > I have the following set in /usr/local/etc/greylist.conf:
> > > 
> > > racl blacklist domain /.*\.cn$/
> > > 
> > > but I am still seeing messages delivered after greylisting:
> ...
> > Looking at some greylist.conf(5) examples, I usually see "@"
> > included, presumably for a less wide match, e.g. a couple regex cut-
> > pastes:
> > 
> > racl whitelist rcpt /@.*otherdomain\.org$/
> > racl greylist rcpt /@.*mydomain\.org$/
> > 
> > It's kind of a longshot, but I might suggest trying your racl with
> > something like this:
> > 
> > racl blacklist domain /@.*\.cn$/
> 
> I think the @ is there because it's a "rcpt" racl, not a "domain" racl.
> Seems like a long shot since .* should still match the @.
> Thanks, I'll also try some combinations using "from" instead of "domain"
>   racl blacklist from /@.*\.cn$/

Right, yes, sorry -- I wasn't really paying attention to domain vs. rcpt
and such. I expect you're correct.

Fwiw I've tried similar domain regex as yours in the past and never
really got them to work the way I wanted either. Fortunately I was able
to deal with most of my needs using complete domain names without regex.

> > Also, do you have "domainexact" set?
> 
> No.
> But given the regular expression I'm using, it shouldn't matter?

That's my understanding from greylist.conf(5). I believe it's likely
more meaningful e.g. with partial text matches, subdomains, etc.