[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: policy debugging

Eugene Crosser <crosser@online.ru>
> I made some investigation on the policy.  It happens to work in the
> most wierd way.  Let me explain.  I have a "rejectnet +" attribte
> in the "world" ("." entry and entry).  Now I come in from
> an arbitrary host and type in "debug", the "helo ...", then "mail from...".
> It seems that after connect, policy is not checked at all.

That's the right thing to do - there's no way to reject a TCP
connection but accept the next one in the listen queue.

>  When
> policytest() function is entered to check helo parameter, *no*
> attributes are set at all.  After processing of helo command,
> "rejectnet" attribute appears to be set, *and* always_reject too.
> But despite that, helo command is accepted with 250 code!

I believe 250 is the only legal result code for helo.  The smtpserver
could use a different message, of course:

	250 Mail from ppgsoft.com will be rejected.

Or something to the effect.

> Then,
> things go even worse.  Following "mail from" command is rejected
> because always_reject is set.  I get 553 code "The source address
> is in a reject list" which is confusing at first, and then, session
> should have been closed much earlier.

A fraction of a second earlier, in practice.  Not worth inventing a
new result code for, IMHO.