From: Bill Landry (no email)
Date: Mon Apr 01 2002 - 13:48:27 EST
Victor Duchovni:
> Unless "check_sender_access" follows "reject_unauth_destination"
>it must not return OK if used in smtpd_recipient_restrictions (sorry about
>the multiple conditionals).
Thanks for the clarification.
> Returning OK in "check_sender_access" prior to checking relay
>access makes your host an open relay, because the envelope sender is
>easily forged.
Yep, makes sense now.
> I am contemplating a patch to Postfix that would ignore OK results
>based on forgeable information (helo or sender) in the recipient
>restrictions unless it occurs after reject_unauth_destination.
>This would need to work correctly for recursive restrictions, it may take
>some time to come up with the right specification.
That would certainly be a welcome addition since it would help prevent
Postfix newbies from inadvertently making themselves a open relay.
Bill
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|