[Kolab-devel] delete policy server in smtpd_sender_restrictions
Richard Bos
radoeka at xs4all.nl
Tue Feb 14 22:41:00 CET 2006
Resent to get Sandy on the Cc (the original sender). Please keep Sandy on the
Cc.
Op maandag 13 februari 2006 03:16, schreef Martin Konold:
> > > smtpd_sender_restrictions = permit_mynetworks, check_policy_service
> > > unix:private/kolabpolicy
>
> smtpd_sender_restrictions is evaluated in the context of the MAIL FROM
> command. Basically we use it to enforce a policy which prevents traditional
> faking of the MAIL FROM.
>
> A Kolab user is only allowed to use MAIL FROM which matches either its own
> address, one of its aliases or the mail address/alias of another Kolab user
> which granted the "delegation" permission.
>
> > It would be sufficient to check the policy server either in
> > smtpd_sender_restriction OR in smtpd_recipient_restrictions.
>
> On the other hand smtpd_recipient_restrictions are evaluated in the context
> of the RCPT TO command.
>
> > I suggest you
> > keep the setting in smtpd_recipient_restrictions and delete the call to
> > the policy server in smtpd_sender_restrictions.
>
> IMHO the correct solution would be to have to different policy servers for
> smtpd_recipient_restrictions and smtpd_sender_restrictions.
>
> The current code of kolab_smtpdpolicy is overly complex and hard to
> maintain.
--
Richard Bos
Without a home the journey is endless
More information about the devel
mailing list