[Kolab-devel] delete policy server in smtpd_sender_restrictions
Martin Konold
martin.konold at erfrakon.de
Mon Feb 13 03:16:59 CET 2006
Am Donnerstag, 9. Februar 2006 22:55 schrieb Richard Bos:
Hi,
> > smtpd_sender_restrictions = permit_mynetworks, check_policy_service
> > unix:private/kolabpolicy
smtpd_sender_restrictions is evaluated in the context of the MAIL FROM
command. Basically we use it to enforce a policy which prevents traditional
faking of the MAIL FROM.
A Kolab user is only allowed to use MAIL FROM which matches either its own
address, one of its aliases or the mail address/alias of another Kolab user
which granted the "delegation" permission.
> It would be sufficient to check the policy server either in
> smtpd_sender_restriction OR in smtpd_recipient_restrictions.
On the other hand smtpd_recipient_restrictions are evaluated in the context of
the RCPT TO command.
> I suggest you
> keep the setting in smtpd_recipient_restrictions and delete the call to
> the policy server in smtpd_sender_restrictions.
IMHO the correct solution would be to have to different policy servers for
smtpd_recipient_restrictions and smtpd_sender_restrictions.
The current code of kolab_smtpdpolicy is overly complex and hard to maintain.
Regards,
-- martin
--
http://www.erfrakon.com/
Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker
More information about the devel
mailing list