From: Wietse Venema (wietseporcupine.org)
Date: Fri Dec 01 2006 - 15:41:19 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ronald F. Guilmette:
>
> I think that it would be Nice to be able to construct a Postfix
> policy server that would refer to files (e.g. whitelists, specialized
> settings, and so forth) that are specific to the relevant local
> recipient for each incoming message. For example, a given local
> user might have a file called ${HOME}/.whitelist.db which would be
> a data base file containing a whitelist of everybody that user has
> himself/herself sent e-mail to in the past. Or the user might have
> a file called ${HOME}/.mail-settings.txt which might indicate things
> like how agressive to be in filtering spam.
>
> But I see a potential problem that might perhaps get in the way of
> the policy server doing this sort of thing.
>
> The question is: Given the policy server protocol, as described in
> the SMTPD_POLICY_README document, what exactly is the meaning of
> the value that will be passed to the policy server as the value of
> the recipient= attribute? Is that the raw value, as parsed out of
> the RCPT TO: command, and before any local aliasing transformations
> have been applied? Assuming so, then there's a problem.

It is (Postfix appends a missing domain, so that you don't have to
have an insane number of rules in an access table). The SMTP server
doesn't apply canonical mapping, virtual aliasing or local aliasing.
In the original design it didn't even know what recipients exist;
nowadays it verifies if the recipient has an entry.

> For example, here at monkeys.com, I have both "root" and "postmaster"
> aliased to the local (actual) user account called "admin".

It's actually a lot worse than that. Aliases can expand to multiple
recipients. Whose policy would you use?

And if that is not bad enough, some aliases can expand to shell
commands or file pathnames. There is no way that these will be
recorded in Postfix queue files, because all Postfix processes
would have to be running with root privileges.

> The bottom line is that I think the policy server protocol might
> benefit from an enhancement which would cause _both_ the pre- and
> post-aliased recipient addresses for the current message to be passed
> to the policy server.
...
> If that (small?) change to the protocol were made, I think that it would
> greatly facilitate everyone's ability to construct Postfix policy servers

Small step for the protocol, a complete redesign of how incoming
mail is handled.

        Wietse

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]