From: Wietse Venema (wietseporcupine.org)
Date: Fri Feb 01 2008 - 15:23:42 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andre Huebner:
> hmm...
> i wrote now my own policy-server in php. it is already working,
> but still ander development. Using check_policy_service i can
> compare data provided by postfix with my own legal combination of
> etrn-domain, client-ip and client name. after checking postfix
> gets back action=permit or action=reject. so it is possible to
> say client x with IP y can only get mails for domain z Should be
> enough comparison to make it bulletproof?

Either the client IP adress or client hostname would do the job.
If someone subverts the DNS (or IP) then they can do much worse
things that asking Postfix to schedule mail delivery.

> If you understand the concept and know a little bit about php/perl etc. is
> pretty easy.
> But i think modern software should provide more own controlmethods for
> problems like this...

Postfix provides basic features, the rest goes with plugins.

With PHP it should be possible to write a multi-threaded policy
server. With simple queries like yours, one process should be able
to service a lot of smtpd processes.

        Wietse

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]