[Kolab-devel] delete policy server in smtpd_sender_restrictions

Richard Bos radoeka at xs4all.nl
Tue Feb 14 22:41:00 CET 2006

Resent to get Sandy on the Cc (the original sender).  Please keep Sandy on the 

Op maandag 13 februari 2006 03:16, schreef Martin Konold:
> > > smtpd_sender_restrictions = permit_mynetworks, check_policy_service
> > > unix:private/kolabpolicy
> smtpd_sender_restrictions is evaluated in the context of the MAIL FROM
> command. Basically we use it to enforce a policy which prevents traditional
> faking of the MAIL FROM.
> A Kolab user is only allowed to use MAIL FROM which matches either its own
> address, one of its aliases or the mail address/alias of another Kolab user
> which granted the "delegation" permission.
> > It would be sufficient to check the policy server either in
> > smtpd_sender_restriction OR in smtpd_recipient_restrictions.
> On the other hand smtpd_recipient_restrictions are evaluated in the context
> of the RCPT TO command.
> > I suggest you
> > keep the setting in smtpd_recipient_restrictions and delete the call to
> > the policy server in smtpd_sender_restrictions.
> IMHO the correct solution would be to have to different policy servers for
> smtpd_recipient_restrictions and smtpd_sender_restrictions.
> The current code of kolab_smtpdpolicy is overly complex and hard to
> maintain.

Richard Bos
Without a home the journey is endless

More information about the devel mailing list