Re: policy server for mail bombing control?

• Previous message: Wolfgang Zeikat: "Re: PATCH: warning: stdin: illegal length 2181, record type 78"
• Maybe in reply to: Forrest Aldrich: "Re: policy server for mail bombing control?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Victor Duchovni:
> On Tue, Feb 01, 2005 at 10:14:26AM -0500, Wietse Venema wrote:
>
> > Postfix smtpd_check.c patch:
> >
> > *** /var/tmp/postfix-2.2-20050131/src/smtpd/smtpd_check.c Sun Jan 30 19:57:35 2005
> > --- ./smtpd_check.c Tue Feb 1 10:11:15 2005
> > ***************
> > *** 1285,1291 ****
> >
> > if (state->client != 0
> > && SMTPD_STAND_ALONE(state) == 0
> > ! && vstream_peek(state->client) > 0
> > && (strcasecmp(state->protocol, MAIL_PROTO_ESMTP) != 0
> > || strcasecmp(state->where, "DATA") == 0)) {
> > return (smtpd_check_reject(state, MAIL_ERROR_PROTOCOL,
> > --- 1285,1292 ----
> >
> > if (state->client != 0
> > && SMTPD_STAND_ALONE(state) == 0
> > ! && (vstream_peek(state->client) > 0
> > ! || peekfd(vstream_fileno(state->client)) > 0)
> > && (strcasecmp(state->protocol, MAIL_PROTO_ESMTP) != 0
> > || strcasecmp(state->where, "DATA") == 0)) {
> > return (smtpd_check_reject(state, MAIL_ERROR_PROTOCOL,
> >
>
> With smtpd(8) now able to discard EHLO keywords, it could also reject
> ESMTP pipelining when "PIPELINING" was not advertised to the client
> in question. Is this worth the trouble???

First, the above patch fixes a real shortcoming in the
reject_unauth_pipelining feature.

Second, when Postfix makes decisions based on whether the server
announced PIPELINING support, then Postfix should remember whether
PIPELINING was suppressed from the server's EHLO reply. The present
code fails on the safe side so fixing this is a lower priority.

Meanwhile, I have already added the few lines of code needed for
"sleep 1", so that you can specify:

/etc/postfix/main.cf:
    smtpd_delay_reject = no
    smtpd_client_restrictions = sleep 1, reject_unauth_pipelining

Without forcing people to jump hoops. The downside of course is
that you will never find out what the sender and recipients were,
but I guess you get the same with Sendmail's implementation.

A more flexible Postfix implementation would do the lookahead checks
at any protocol stage and raise a global flag that can be queried
at a later stage during the protocol, for example, in
smtpd_data_restrictions. While I'm fixing this I might just as
well do it right.

        Wietse

• Previous message: Wolfgang Zeikat: "Re: PATCH: warning: stdin: illegal length 2181, record type 78"
• Maybe in reply to: Forrest Aldrich: "Re: policy server for mail bombing control?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]