|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Manuel Mely (mmelyp
gmail.com)
Date: Sun Aug 08 2010 - 14:57:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Wietse,
My server is acting as relay for my network, so my internal clients
are MTAs that uses ESMTP. The problem is when other servers in
internet are delivering messages to my server, some of them are SMTP.
If i place my policy server in smtpd_end_of_data_restrictions i must
wait for the entire message and then check, and my internet bandwidth
is really poor. That's why I'm checking in other place rather than
end_of_data.
Thanks in advance!
On 8/6/10, Wietse Venema <wietseporcupine.org> wrote:
> Manuel Mely:
>> Hi,
>>
>> I've programmed one script for checking the allowed message size for
>> every user on my network. I started programming this script based on
>> the greylist perl example script that it's in the postfix
>> documentation[1] (very nice start point).
>> The script is working well but i'm having one problem, there are some
>> messages that are bypassing my filter because the incoming server is
>> using a SMTP session and not ESMTP, the script is expecting the latter
>> for checking.
>
> There are a few things to consider.
>
> 1) The client does not have to send the SIZE command. There is
> nothing in the RFCs that says it must use this feature.
>
> 2) The client can send the wrong size information. If you base
> your access policy on the SIZE information from the client,
> malicious clients can use this to work around your policy.
>
> You can get the true message size from Postfix after the client
> has sent the complete email message.
>
> smtpd_end_of_data_restrictions = ....your policy server here...
>
> Wietse
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]