[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: policy debugging

To: Eugene Crosser <crosser@online.ru>
Subject: Re: policy debugging
From: Arnt Gulbrandsen <agulbra@troll.no>
Date: 10 Jul 1997 20:07:20 +0200
Cc: Matti Aarnio <mea@nic.funet.fi>, zmailer@nic.funet.fi
In-Reply-To: Eugene Crosser's message of Thu, 10 Jul 1997 19:41:01 +0400 (MSD)
References: <ML-3.3.868549261.7515.crosser@ariel>
Sender: agulbra@lupinella.troll.no

Eugene Crosser <crosser@online.ru>
> I made some investigation on the policy.  It happens to work in the
> most wierd way.  Let me explain.  I have a "rejectnet +" attribte
> in the "world" ("." entry and 0.0.0.0/0 entry).  Now I come in from
> an arbitrary host and type in "debug", the "helo ...", then "mail from...".
> 
> It seems that after connect, policy is not checked at all.

That's the right thing to do - there's no way to reject a TCP
connection but accept the next one in the listen queue.

>  When
> policytest() function is entered to check helo parameter, *no*
> attributes are set at all.  After processing of helo command,
> "rejectnet" attribute appears to be set, *and* always_reject too.
> But despite that, helo command is accepted with 250 code!

I believe 250 is the only legal result code for helo.  The smtpserver
could use a different message, of course:

	250 Mail from ppgsoft.com will be rejected.

Or something to the effect.

> Then,
> things go even worse.  Following "mail from" command is rejected
> because always_reject is set.  I get 553 code "The source address
> is in a reject list" which is confusing at first, and then, session
> should have been closed much earlier.

A fraction of a second earlier, in practice.  Not worth inventing a
new result code for, IMHO.

--Arnt

References:
- Re: policy debugging
  - From: Eugene Crosser <crosser@online.ru>

Prev by Date: Re: policy debugging
Next by Date: Re: Long lists
Prev by thread: Re: policy debugging
Next by thread: Re: policy debugging
Index(es):
- Date
- Thread