|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: "resubmission" feature
From: Wietse Venema (wietse
porcupine.org)Date: Mon Jul 10 2000 - 11:49:49 CDT
- Next message: Ralf Hildebrandt: "Re: amavis, postfix and cyrus"
- Previous message: Chip Christian: "Re: Off-topic: "Building Internet Firewalls", 2nd Ed."
- In reply to: Lutz Vieweg: "Re: "resubmission" feature"
- Next in thread: James H. Cloos Jr.: "Re: "resubmission" feature"
- Reply: Wietse Venema: "Re: "resubmission" feature"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lutz Vieweg:
> Wietse Venema wrote:
>
> > > The simple and sufficient criterion for me to decide whether the
> > > sender is allowed to place such a "resubmission" is the IP-address
> > > of the peer contacting the SMTP server. Only local ones would be
> > > allowed.
> >
> > Eh? You are assuming that the entire mail infrastructure consists
> > of one server.
>
> It currently does and probably will for quite some time.
Forgive me, as the author of a mail system I have to think a few
steps ahead of the immediate problem.
> > Your firewall relay has a local IP address, too,
> > but that does not mean that all mail from the firewall comes from
> > a local sender.
>
> But that's a known address. I could restrict the possibility to
> issue resubmissions to local addresses _excepting_ of course any other
> relay that might exist.
And such gotcha's immediately make a feature much less useful.
> > > But how can an external pipe transport find out this peer address -
> > > is there any header postfix adds that I could rely on? Maybe because
> > > it is in a certain position?
> >
> > The client IP address is not sufficient for finding out if a user
> > is local.
>
> Of course there would be better solutions - such as using a x509 client
> certificate to authenticate the sender. If there's enough time one day
> to implement that, I'll happily do that.
>
> But assuming that currently checking the IP of the SMTP partner is sufficient
> for us - is there a way for an external pipe transport to get it?
Not currently, although I intend to ship source attributes along with
a queue file so they can be used in $name expansions. More opportunity
for data-driven security holes.
On the other hand, this feature could very well be implemented
outside the MTA, for example in the mail delivery agent (cyrus does
a lot of stuff already) or even on the mail user agent side.
Wietse
- Next message: Ralf Hildebrandt: "Re: amavis, postfix and cyrus"
- Previous message: Chip Christian: "Re: Off-topic: "Building Internet Firewalls", 2nd Ed."
- In reply to: Lutz Vieweg: "Re: "resubmission" feature"
- Next in thread: James H. Cloos Jr.: "Re: "resubmission" feature"
- Reply: Wietse Venema: "Re: "resubmission" feature"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]