[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: policy debugging

To: Matti Aarnio <mea@nic.funet.fi>
Subject: Re: policy debugging
From: Eugene Crosser <crosser@online.ru>
Date: Thu, 10 Jul 1997 19:41:01 +0400 (MSD)
cc: zmailer@nic.funet.fi
In-Reply-To: <19970709212444Z15685-29911+8@nic.funet.fi>
Reply-To: Eugene Crosser <crosser@online.ru>
Sender: crosser@ariel.sovam.com

I made some investigation on the policy.  It happens to work in the
most wierd way.  Let me explain.  I have a "rejectnet +" attribte
in the "world" ("." entry and 0.0.0.0/0 entry).  Now I come in from
an arbitrary host and type in "debug", the "helo ...", then "mail from...".

It seems that after connect, policy is not checked at all.  When
policytest() function is entered to check helo parameter, *no*
attributes are set at all.  After processing of helo command,
"rejectnet" attribute appears to be set, *and* always_reject too.
But despite that, helo command is accepted with 250 code! Then,
things go even worse.  Following "mail from" command is rejected
because always_reject is set.  I get 553 code "The source address
is in a reject list" which is confusing at first, and then, session
should have been closed much earlier.

OK, some calls to policytest may be missing somewhere, but what
I do not understand is why on earth one should need these states,
like "always_reject"?  If you've already hushed the client, why
bother to remember that? ;-)  I do understand why you *may* need
"always_accept" but I think this may be avoided too.

Eugene

Follow-Ups:
- Re: policy debugging
  - From: Arnt Gulbrandsen <agulbra@troll.no> (Thu, 10 Jul 1997 21:07:32 +0300)

References:
- policy debugging
  - From: Matti Aarnio <mea@nic.funet.fi>

Prev by Date: error installing zmailer.2.99.p2
Next by Date: Re: policy debugging
Prev by thread: Re: policy debugging
Next by thread: Re: policy debugging
Index(es):
- Date
- Thread