[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug in policy checking - is it fixed?
> I think this is rather the coding issue. In your case, the fact that
> you make DNS verification saves you. If you have the entry of the form
> [your.ip.address.0]/24 fulltrustnet +
> DNS lookup is not performed and the "mail from" address of the form
> <somebody@[your.ip.address.anything]> apparently triggers fulltrustnet
> status while it obviously should not.
Quite, like you can see from my another answer.
The "fulltrustnet +" is IP address related tests, which
should only be used at the connect time tests, never at
MAIL FROM, or RCPT TO tests.
> mail from:<firstname.lastname@example.org>
> 250 2.1.0 Sender syntax Ok
> rcpt to:<email@example.com>
> 250 2.1.5 Recipient address syntax Ok
> 221 2.0.0 chronos Out
> This is in my policy:
> online.ru = _full_rights
> [188.8.131.52]/18 = _full_rights
> _full_rights rejectnet - fulltrustnet + relaytarget +
> Note that despite _full_rights is assigned to both "online.ru" and
> IP address, mail from @online.ru does not trigger relaying.
Quite so, because domain test (@online.ru) does not look
for 'fulltestnet +', nor for 'rejectnet -' attributes.