sophos blocker compatibility about gross HOT 9 CLOSED

you can assign this to me

Maybe it would be best to redesign ip checking part of gross. I think that we 
should have a separate policer 
thread which would handle dnsbl and sophos blocker and possibly other checks as 
well. May be spf checks, too. 
A check plugin API of some sort. Policer then would make a decision if the ip 
address should be passed through 
or handled normally, or possibly to have gross to send a permanent error 
response. I think that some people 
would like to have a possibility to configure gross deny sending permanently, 
if e.g. three blacklists matched.

I think a check plugin API is a good idea.  We've already tripled the number of 
check
types that we want to build in, we can only assume that there will be more.

Perhaps we could assign each check a certain weight (e.g. spamcop=1, spamhaus=2,
sophos=3, spf_fail=5. etc), and then have configurable thresholds for each 
action
(e.g., grey=2 and block=5).  Would it be beneficial to pass in the thresholds 
as part
of the mapping callout so that different policies could be applied to different 
IP
ranges, domains or channels?

Did the 0.7.0 release include the proposed API redesign?  Is it appropriate for 
me to
start implementing the sophos capabilities, or do more changes need to be made 
before
that can happen?

Not yet. I have to implement policer thread pools and change worker processes 
to send work to them. The 
protocol for querying policer threads is still a work in progress. There will 
be a pool per policer type, e.g. 
dnsbl-pool, spf-pool and pmxblocker-pool. I think that the basic functionality 
should be as simple as 
possible, and the more complicated things can be enabled as configure options 
at compile time. These 
features would be weights and thresholds. 

After all, Gross stands for greylisting of suspicious sources, and I'd like to 
keep the default as so. So, default 
behaviour would be that test_tuple() send the query to each policer pool and 
starts to wait for a response via a 
message queue. Policers then process the queries and send responses to the 
message queue. If test_tuple() 
sees a message stating the triplet to be greylisted, it short cuts and returns 
STATUS_GRAY right away. 

Then, one can implement more complicated systems, and alter the way how those 
responses from policers are 
treated. I have to think about the design a little bit further, as how to make 
these configurable features as 
easy as possible to implement. 

Grossd now has preliminary sophos blocker compatibility. Relevant config 
options are:

check = blocker
blocker_host = pmxhost
blocker_port = 4466

Needs testing, and perhaps code for reusing the connections, if pmx allows it. 

Waiting for feedback.