Non English Spam
norgaard at locolomo.org
Sun Oct 15 13:55:09 PDT 2006
Gerard Seibert wrote:
> On Sunday October 15, 2006 at 03:21:37 (PM) Erik Norgaard wrote:
>> Ian Smith wrote:
>> Maybe I didn't make clear how the filtering in Postfix works? Each
>> header line is unwrapped and then filtered independent of the others.
>> There is no info as to if that is the first or last Received line.
>> I can make a rule to reject the mail. And I can make a rule that accept
>> a given header line, but the remaining header will still be filtered and
>> possibly rejected.
>> I can't make a header check for Received cause checks for content-type
>> to be skipped.
>> Nor can I make incoming mail from white listed servers skip the header
>> checks. The two things are independent: The first applies when
>> establishing the connection: HELO, MAIL FROM, RCPT TO etc. The header
>> checks are invoked if the initial delivery request was accepted.
>> Yes, that sucks, but that's how Postfix works.
> Are you sure about that? I use Postfix myself and that does not appear
> to be correct, although it might be. Have you ever posted this question
> on the postfix forum? <postfix-users at postfix.org> There are some pretty
> sharp individuals there who might be able to give you some advice.
I am certain that:
1) header/body checks are independent of the smtpd_restrictions - I can
send a mail that is rejected even though I have authenticated and permit
2) OK when a header line is matched does not affect the parsing of other
header lines, and if you think about it you wouldn't want that: Then it
would be possible to include a secret keyword or forged header line in
the top of the header to get by the other rules.
Basically, the only line that you can trust is the first Received which
our server inserted - which as mentioned is waste to check. So, no
header check in itself should allow an entire mail.
There is a FILTER keyword which you can use to "tag" a mail for further
content filtering. That action is taken after all the header checks have
Ph: +34.666334818 web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
More information about the freebsd-questions