[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: policy debugging
Eugene Crosser <crosser@online.ru>
> I made some investigation on the policy. It happens to work in the
> most wierd way. Let me explain. I have a "rejectnet +" attribte
> in the "world" ("." entry and 0.0.0.0/0 entry). Now I come in from
> an arbitrary host and type in "debug", the "helo ...", then "mail from...".
>
> It seems that after connect, policy is not checked at all.
That's the right thing to do - there's no way to reject a TCP
connection but accept the next one in the listen queue.
> When
> policytest() function is entered to check helo parameter, *no*
> attributes are set at all. After processing of helo command,
> "rejectnet" attribute appears to be set, *and* always_reject too.
> But despite that, helo command is accepted with 250 code!
I believe 250 is the only legal result code for helo. The smtpserver
could use a different message, of course:
250 Mail from ppgsoft.com will be rejected.
Or something to the effect.
> Then,
> things go even worse. Following "mail from" command is rejected
> because always_reject is set. I get 553 code "The source address
> is in a reject list" which is confusing at first, and then, session
> should have been closed much earlier.
A fraction of a second earlier, in practice. Not worth inventing a
new result code for, IMHO.
--Arnt