From: Marco d'Itri (mdLinux.IT)
Date: Wed Dec 27 2006 - 13:43:40 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Dec 27, Noel Jones <njonesmegan.vbhcs.org> wrote:

> >As was previously discussed on this list, permit_mx_backup does not
> >interact well with reject_unverified_recipient (because it returns OK or
> >DUNNO),
> I must have missed that discussion, please provide a link.
The problem is that if permit_mx_backup is used before
reject_unverified_recipient then recipients will not be verified when
the first restriction returns OK.
If the order is reversed then everybody on the Internet will be able to
make your server generate probes to random domains.

> [1] It seems to me that a main.cf flag that extends $mydestination to
> include domains that list {$inet_interfaces, $proxy_interfaces} as an
> MX would do the trick. This would extend "reject_unauth_destination"
> to MX backup domains. Coming up with a parameter name and
> documentation that make sense is the real challenge.
I suppose you meant $relay_domains.
I was thinking about implementing a new restriction like
permit_mx_backup which would return DUNNO when a MX is in
$permit_mx_backup_networks and REJECT otherwise.
It would solve my problem since these servers do not need to receive
mail for other domains, but I suppose that it would not be general
enough to be merged...

A policy daemon would solve this, but it seems silly to write one just
for this since postfix already has almost all the code needed.

--
ciao,
Marco

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]