OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: "resubmission" feature
From: Wietse Venema (wietseporcupine.org)
Date: Tue Jul 04 2000 - 09:35:52 CDT

Lutz Vieweg:
> Wietse Venema wrote:
>
> > If you want this soon, it would have to be implemented external to
> > Postfix.
>
> Ok, seems reasonable...
>
> > This runs a script that
> > pipes the mail into an at job that eventually sends the mail back
> > to the forwarding user. The script would have to reject mail from
> > strangers.
>
> That's the point why I fear this feature could be impossible as an
> external program.

The problem of rejecting unauthorized mail exists with an internal
solution as well.

> The simple and sufficient criterion for me to decide whether the
> sender is allowed to place such a "resubmission" is the IP-address
> of the peer contacting the SMTP server. Only local ones would be
> allowed.

Eh? You are assuming that the entire mail infrastructure consists
of one server. Your firewall relay has a local IP address, too,
but that does not mean that all mail from the firewall comes from
a local sender.

> But how can an external pipe transport find out this peer address -
> is there any header postfix adds that I could rely on? Maybe because
> it is in a certain position?

The client IP address is not sufficient for finding out if a user
is local.

        Wietse