On Tue, 2004-07-13 at 14:36 +0300, Matti Aarnio wrote: > > with your today's change, senderokwithdns check in pt_mailfrom is the > > very last, and it is not done if the sender is "authorized". Is it what > > was your intention? I think that if one wants to disallow unroutable > > "mail from", he wants to do that for all, authorized and non-authorized > > senders. And therefore the check should be done very early, maybe even > > before "if (state->full_trust) return 0;" around the line 1704. > > It is a wee bit complicated thing indeed.. > > When the matter is about remote SPF publisher, who want to be > protected, then things are as you say, but when it is about > _local_ SPF set, then e.g. users must be able to send out > from where-ever they are, as long as they have authenticated.. Wait, wait! I am not talking about SPF. SPF is at the right place now. My note was about senderokwithdns, i.e. validity of "mail from" provided by the client. I think that this check should be done regardless of all others, should it? Eugene
This is a digitally signed message part