postfix' blacklistd patch

Reply: Juraj Lutter : "Re: postfix' blacklistd patch"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Michael Grimm <trashcan_at_ellael.org>
Date: Mon, 16 Jan 2023 15:49:17 UTC

Hi,

I wonder if the following condition for triggering blacklistd is appropriate:

   if (status != XSASL_AUTH_DONE) {
        msg_warn("%s: SASL %s authentication failed: %s",
                 state->namaddr, sasl_method,
                 STR(state->sasl_reply));
        /* RFC 4954 Section 6. */
        if (status == XSASL_AUTH_TEMP)
            smtpd_chat_reply(state, "454 4.7.0 Temporary authentication failure: %s",
                             STR(state->sasl_reply));
        else
            smtpd_chat_reply(state, "535 5.7.8 Error: authentication failed: %s",
                             STR(state->sasl_reply));


        /* notify blacklistd of SASL authentication failure */
        pfilter_notify(1, vstream_fileno(state->client));
        return (-1);
    }

If I am not mistaken blacklistd will become notified even after a 'Temporary authentication failure'. 

Has this been intended?


Regards,
Michael