|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "Local whitelist" for the next restriction possible?
Victor.Duchovni
MorganStanley.com
Date: Tue Jun 15 2004 - 15:47:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 15 Jun 2004, Noel Jones wrote:
> At 03:07 PM 6/15/04, Victor.DuchovniMorganStanley.com wrote:
> >On Tue, 15 Jun 2004, Noel Jones wrote:
> >
> > > The only catch I can think of is the feature would, of course, have to
> > > distinguish between a DUNNO result and a real "not found" and only return
> > > the default result when the key is really not found.
> > >
> >
> >This already works. DUNNO is internally implemented separately from "not
> >found" so it is possible to have a "found" DUNNO in addition to a not
> >found "DUNNO".
>
> Cool. I'll take a stab at docs if someone else can do the code.
> Maybe a better question is if Wietse would be inclined to include such a
> feature.
>
Should a default key always be looked up or cached for the lifetime of the
process doing the lookup? With the default "*" key in the transport table
the default value is cached by trivial-rewrite. Should the same be true of
"smtpd"?
Should default values be defined as magic keys inside the map or
as separate main.cf configuration parameters?
default_map_values =
hash:/etc/postfix/transport smtp
btree:/etc/postfix/access DUNNO
...
For example I don't want to yield control over a potentially dangerous
feature to the LDAP administrators... So it may not be enough to agree on
a default key, perhaps there should be a way to enable/disable the key on
a per-map basis. Which brings us full circle to Liviu's map chaining work.
I hate to spoil the party, but we have some difficult issues here and
someone needs to think them through carefully before launching into an
implementation. Also if the access language is generalized default keys
might become obsoleted by:
if_notfound check_client_access hash:/etc/postfix/table
check_client_access static:{554 Go away}
There are many ways to skin this cat. I am not sure that a default key is
the right answer. Is it?
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]