- Previous message: David Landgren: "Re: Rejecting naked_ip_address"
- Maybe in reply to: Wietse Venema: "pre-smtpd (was: policy server for mail bombing control)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Wietse Venema (no email)
Date: Wed Feb 02 2005 - 10:09:43 EST
Mark Martinec:
> From Wietse Venema:
> ...
> > The more elegant solution uses a to-be-developed hook to pass an
> > already accepted connection into a running smtpd process. This
> > would be a third connection management method for Postfix daemons.
> ...
> > 3) New: receive open connection via descriptor inherited from master
> > with a master entry like this:
>
> That would presumably also solve the feature request on passing full
> TCP socket information (src+dst IP. src+dst port) to an auxiliary server
> for the purpose of passive client fingerprinting, as discussed on the
> last days of December 2004, in:
> "feature req: more info on TCP session for content filter and/or
> policy delegation server"
Local/remote endpoint info can easily be added to the policy server
hooks.
It would be less practical to keep adding more and more information
to queue files and exposing it via delivery agents, carrying it
along in xforward attributes, and so on.
Meanwhile, I have a preliminary implementation for receiving
descriptors via Postfix master.cf services.
A skeleton front daemon could be written in a few lines of code.
However, any non-trivial processing should be delegated to code
that does not run with postfix privileges.
This may have to wait until Postfix 2.2 is released. I don't want
to maintain parallel code bases when I am preparing an official
release.
Wietse
|
|
|