[Kolab-devel] delete policy server in smtpd_sender_restrictions

Martin Konold martin.konold at erfrakon.de
Mon Feb 13 03:16:59 CET 2006

Am Donnerstag, 9. Februar 2006 22:55 schrieb Richard Bos:


> > smtpd_sender_restrictions = permit_mynetworks, check_policy_service
> > unix:private/kolabpolicy 

smtpd_sender_restrictions is evaluated in the context of the MAIL FROM 
command. Basically we use it to enforce a policy which prevents traditional 
faking of the MAIL FROM.

A Kolab user is only allowed to use MAIL FROM which matches either its own 
address, one of its aliases or the mail address/alias of another Kolab user 
which granted the "delegation" permission.

> It would be sufficient to check the policy server either in
> smtpd_sender_restriction OR in smtpd_recipient_restrictions. 

On the other hand smtpd_recipient_restrictions are evaluated in the context of 
the RCPT TO command.

> I suggest you 
> keep the setting in smtpd_recipient_restrictions and delete the call to
> the policy server in smtpd_sender_restrictions.

IMHO the correct solution would be to have to different policy servers for 
smtpd_recipient_restrictions and smtpd_sender_restrictions.

The current code of kolab_smtpdpolicy is overly complex and hard to maintain.

-- martin

Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker

More information about the devel mailing list