[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug in policy checking - is it fixed?
> I am still running 2.99.50-s11 on my production relay, and I wander if
> the problem that I discovered is fixed since then. Fighting with ORBS,
> I noticed that when they sent
> MAIL FROM:<sender@[my.ip.add.ress]>
> my Zmailer allowed relaying. Apparently, policy checker, having
> detected the domain in the dotted quad format, treats it as IP address,
> and quite naturally concludes that this is a trusted sender. Which
> is obviously wrong, because the sender may put anything there. The
> checker should not try to interpret domain names as dotted quad addrs.
I think this is configuration issue; the system does not contain
proper support those address literals in the policy searches anyway,
and when I try this at nic.funet.fi, I get:
553-5.4.3 Policy analysis reports DNS error with your
553-5.4.3 source domain. Please correct your source
553 5.4.3 address and/or the info at the DNS.
> My question is, was this problem addressed recently? If not, I will
> try to make necessary fixes these days.
Propably not -- well, depending on your configuration.
However, I seem to recall having touched policytest.c
for something like this a few months ago.
/Matti Aarnio <firstname.lastname@example.org>