[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug in policy checking - is it fixed?
> Matti,
>
> I think this is rather the coding issue. In your case, the fact that
> you make DNS verification saves you. If you have the entry of the form
>
> [your.ip.address.0]/24 fulltrustnet +
>
> DNS lookup is not performed and the "mail from" address of the form
> <somebody@[your.ip.address.anything]> apparently triggers fulltrustnet
> status while it obviously should not.
Quite, like you can see from my another answer.
The "fulltrustnet +" is IP address related tests, which
should only be used at the connect time tests, never at
MAIL FROM, or RCPT TO tests.
...
> mail from:<crosser@[194.67.3.135]>
> 250 2.1.0 Sender syntax Ok
> rcpt to:<a@aol.com>
> 250 2.1.5 Recipient address syntax Ok
> quit
> 221 2.0.0 chronos Out
>
> This is in my policy:
>
> online.ru = _full_rights
> [194.67.0.0]/18 = _full_rights
> _full_rights rejectnet - fulltrustnet + relaytarget +
>
> Note that despite _full_rights is assigned to both "online.ru" and
> IP address, mail from @online.ru does not trigger relaying.
Quite so, because domain test (@online.ru) does not look
for 'fulltestnet +', nor for 'rejectnet -' attributes.
> Eugene
/Matti Aarnio