[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: policy debugging

I made some investigation on the policy.  It happens to work in the
most wierd way.  Let me explain.  I have a "rejectnet +" attribte
in the "world" ("." entry and entry).  Now I come in from
an arbitrary host and type in "debug", the "helo ...", then "mail from...".

It seems that after connect, policy is not checked at all.  When
policytest() function is entered to check helo parameter, *no*
attributes are set at all.  After processing of helo command,
"rejectnet" attribute appears to be set, *and* always_reject too.
But despite that, helo command is accepted with 250 code! Then,
things go even worse.  Following "mail from" command is rejected
because always_reject is set.  I get 553 code "The source address
is in a reject list" which is confusing at first, and then, session
should have been closed much earlier.

OK, some calls to policytest may be missing somewhere, but what
I do not understand is why on earth one should need these states,
like "always_reject"?  If you've already hushed the client, why
bother to remember that? ;-)  I do understand why you *may* need
"always_accept" but I think this may be avoided too.