From: Jim Seymour (no email)
Date: Thu Nov 13 2003 - 19:16:39 EST
wrote:
> Message-ID: <Pine dot GSO dot 4 dot 58 dot 200311131800340 dot 3387 at sasas1 dot ms dot com>
>
> On Thu, 13 Nov 2003, Jim Seymour wrote:
>
> > Thanks for the complement, Chateauneuf.
> >
>
> To balance things out here's another problem: The
> "reject_unauth_pipelining" is not effective in the recipient restrictions
> because Postfix supports ESMTP pipelining, and the RCPT TO command is in
> the middle of a pipelined command group.
>
> The "DATA" command however must be the final command in a pipelined group,
> so reject_unauth_pipelining is effective and useful in
> smtpd_data_restrictions, so it must go there.
Thanks for the correction, Victor.
So you're saying it should be:
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
reject_invalid_hostname,
...
reject_rbl_client cbl.abuseat.org,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
(As noted in the document, the "permit"s aren't actually necessary,
they're just there for clarification.)
When you say that reject_unauth_pipelining isn't "effective" in in
smtpd_recipient_restrictions, do you actually mean by that it would be
"too effective?" IOW: It'll result in "false positives," as
pipelining w/in the command group is perfectly acceptable?
Does all this also apply to Postfix 1.x? I had never heard of
smtpd_data_restrictions before that discussion we had a couple months
ago here.
--
Jim Seymour | PGP Public Key available at:
| http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com |
|
|
|