From: Ean Kingston (no email)
Date: Wed Dec 01 2004 - 11:15:19 EST
> -----Original Message-----
> From: Paul Gardiner [mailto:]
> Sent: Wednesday, December 01, 2004 10:56 AM
> To: Ean Kingston
> Subject: Re: Finer control of header_checks
>
> > From: "Ean Kingston" <>
> > > From: Paul Gardiner [mailto:]
> > > Sent: Wednesday, December 01, 2004 8:51 AM
> > > To: Postfix users
> > > Subject: Re: Finer control of header_checks
> > >
> > [cut]
> > > Is it possible to have the detection of one header force
> > > acceptance of others that you would normally reject?
> >
> > Yes, the first 'OK' (as opposed to 'DUNNO', 'REJECT', ...) will be
> > obeyed and no further checks (in that section) are done. If you have
> > more than one of the smtpd_*_restrictions in your main.cf I think
you
> > need to include the override at the top of each.
>
> That would be great, but I worry its not true, since I found this
> in the docs:
>
> "For backwards compatibility reasons, Postfix also
> accepts OK but it is (and always has been) treated
> as DUNNO."
>
> Have you ever tried using OK in that way?
You're right. I don't have any filters that work that way but I did make
a quick test and it looks like the OK didn't work the way I thought it
did.
I have found that you can do some short-circuiting of filtering, though.
For instance, I've got:
My_networks = 192.168....
Smtp_*_restrictions = permit_mynetworks, ..., \
check_sender_access dbm:sender_access
and I found that if I send from within my network I can send from any
address including those prevented in sender_access.
This isn't what you wanted but there is some limited ability to bypass
restrictions.
Out of curiosity, what exactly are you trying to use to bypass on? Since
all headers can be faked by a sender, there isn't much left in the
headers to trust.
Also, please post follow-ups to the mailing-list. Others may be
interested.
|
|
|