From: Jim Seymour (no email)
Date: Thu Nov 13 2003 - 22:46:00 EST
(Wietse Venema) wrote:
>
> Jim Seymour:
> > (Wietse Venema) wrote:
> > >
> > > As the name says, reject_unauth_pipelining triggers when the client
> > > sends stuff before it is allowed to.
> > >
> > > - If the client sends no EHLO, pipelining is illegal everywhere in
> > > the SMTP dialog, because Postfix has not announced pipelining
> > > support to the client.
> >
> > That implies to me that reject_unauth_pipelining *is* valid in
> > smtpd_recipient_restrictions. And if it's not in there, and the
> > client *does* attempt to pipeline w/o EHLO'ing, it would be allowed?
>
> Valid, but not useful when the client did send EHLO.
But useful if they send HELO and then try to pipeline, no? Or is
the thinking that when they do that, they'll also try to pipeline
right through DATA, as well, anyway?
I get regular rejects with reject_unauth_pipelining in
smtpd_recipient_restrictions, btw.
>
> > > - If the client does send EHLO, then it is still illegal to send
> > > stuff before the server has replied to the DATA command.
> >
> > So it needs to be in both smtpd_recipient_restrictions *and*
> > smtpd_data_restrictions?
>
> This would catch the unlikely case that the client pipelines the
> EHLO+sender+recipients, but not the rest of the SMTP dialog.
>
> Not useful, in my opinion.
I'm unclear as to which part you're saying is not useful, but I *think*
you're agreeing with Victor. Victor's telling me it's sufficient to
put reject_unauth_pipelining in smtpd_data_restrictions. In fact, if I
understand him correctly: He's saying it's not useful in
smtpd_recipient_restrictions at all. Do you concur, Wietse?
(Looks like more content for the "Understanding Restrictions" section
coming up ;).
--
Jim Seymour | PGP Public Key available at:
| http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com |
|
|
|