Leandro Santi
lesanti@uolsinectis.com.ar
Mon Mar 7 16:51:27 UTC 2005
Vernon Schryver, 03-07-2005: > > > > > From: Leandro Santi > > > > Would it be useful if dccifd could use a small subset of SMTP > > > consisting of the MAIL_FROM, RCPT_TO, and DATA commands to > > > reject or accept and pass on mail messages? The idea is that > > > might make it easy (or easier) to wire dccifd into postfix. > > > > How would you do the wiring? > > as implied in > http://www.postfix.org/SMTPD_PROXY_README.html Cool. With this, the DCC could be used both as a real-time and after-queue content_filter. On general purpose sites with several users and mailboxes I cannot permanently refuse mail at border SMTP level, so I'd prefer the after-queue setup. Other sites would prefer to use the real-time filter. IMO this is a perfectly legitimate design approach, because the DCC isn't a heavyweight-class filter at all... > > Perhaps a better solution would make use of dccifd on the DCC side, and > > SMTP/LMTP on the other, for both real time and content_filter message > > inspection. For DCC greylisting, Postfix's policy delegation protocol > > seems okay. > > I get the impression from > http://www.postfix.org/lmtp.8.html > that Postfix uses LTMP only for "After-Queue" filters. > If that is correct, then its use would preclude greylisting. Yes, current Postfix doesn't include an inbound LMTP server, but a client only. > Besides the difficulties of parsing Rcpt_To commands enough to recognize > local users including recognizing all of the SMTP server's aliases for > its own name, > I'm concerned about the dialect of SMTP that Postfix uses for > "Before-Queue" filters. I've found references to "XCLIENT" as well > as "XFORWARD" commands for what I understand to be the same function. For real-time proxy filtering, I guess that the XFORWARD feature (override logging information) should be used, because the XCLIENT extension is intended for access control and logging. If I understood well, the DCC pass-through proxy would sit in between the before-filter (i.e., at the front line) and the after-filter smtpd's, so the ACL stuff would be done by the before-filter smtpd. Thus, my guess is that no XCLIENT would be needed... Leandro.
More information about the DCC
mailing list
