dccifd vs. postfix

Leandro Santi lesanti@uolsinectis.com.ar
Mon Mar 7 16:51:27 UTC 2005


Vernon Schryver, 03-07-2005:
> 
> 
> 
> > From: Leandro Santi 
> 
> > > Would it be useful if dccifd could use a small subset of SMTP
> > > consisting of the MAIL_FROM, RCPT_TO, and DATA commands to
> > > reject or accept and pass on mail messages?  The idea is that
> > > might make it easy (or easier) to wire dccifd into postfix.
> >
> > How would you do the wiring?
> 
> as implied in
> http://www.postfix.org/SMTPD_PROXY_README.html

Cool. With this, the DCC could be used both as a real-time and 
after-queue content_filter. On general purpose sites with several 
users and mailboxes I cannot permanently refuse mail at border SMTP 
level, so I'd prefer the after-queue setup. 

Other sites would prefer to use the real-time filter. IMO this is a
perfectly legitimate design approach, because the DCC isn't a 
heavyweight-class filter at all...

> > Perhaps a better solution would make use of dccifd on the DCC side, and
> > SMTP/LMTP on the other, for both real time and content_filter message
> > inspection. For DCC greylisting, Postfix's policy delegation protocol
> > seems okay.
> 
> I get the impression from
> http://www.postfix.org/lmtp.8.html
> that Postfix uses LTMP only for "After-Queue" filters.
> If that is correct, then its use would preclude greylisting.

Yes, current Postfix doesn't include an inbound LMTP server, but a client 
only.

> Besides the difficulties of parsing Rcpt_To commands enough to recognize
> local users including recognizing all of the SMTP server's aliases for
> its own name, 
> I'm concerned about the dialect of SMTP that Postfix uses for
> "Before-Queue" filters.  I've found references to "XCLIENT" as well
> as "XFORWARD" commands for what I understand to be the same function.

For real-time proxy filtering, I guess that the XFORWARD feature 
(override logging information) should be used, because the XCLIENT 
extension is intended for access control and logging. If I understood
well, the DCC pass-through proxy would sit in between the before-filter
(i.e., at the front line) and the after-filter smtpd's, so the ACL stuff
would be done by the before-filter smtpd. Thus, my guess is that no 
XCLIENT would be needed...

Leandro.



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.