[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dns tests in policytest

> > 	I'm trying to setup policy tests, but unfortunately I found
> > unwanted DNS tests both in mail_from and rcpt_to while
> > connecting from net listed in smtp-policy.relay (_full_rights).
> > 	It's strange calls to sender_dns_verify and client_dns_verify
> > after always_accept checks. (rcpt_nocheck == 0 ?)
> > 
> > 2.99.50-s6 with default smtp-policy boilerplate
> > 
> > any comments ?
> A lengthy background history:
> 	Originally I designed the facility to allow messages from
> 	trusted sources to be accepted without further analysis
> 	work on the MAIL FROM/RCPT TO addresses.
> 	After having seen how much junk our clients are pushing
> 	in -- misconfigured MAIL FROM, mistakes in recipient
> 	addresses...  -- we modified the system to have a new
> 	attribute for allowing absolutely trusted sources
> 	(or sources that can not be verified in time to be able to
> 	 allow flows of timely email: vger.rutgers.edu->nic.funet.fi)
> 	AND doing "accept but verify" in place of old behaviour of
> 	"accept without checks".

If I define our clients as relaycustnet our helpdesk will be
flooded by calls like "My Internet Explorer can't send message" ;)
or "Mail delivers too long" when target DNS server is slow or down.
IMHO checking such errors in router (with relative error message form)
will be more suitable, but it will be problem with "soft" DNS errors.
Or may be by ta/smtp with fast expire.... 
Ohh, no easy solutions.....

> Within the lattest    policy-builder.sh   script there is a way
> to add arbitary attributes to the defaults added by the builder
> script:
> -----  smtp-policy.relay ----
> []/24	fulltrustnet +
> -----------------------------

It's worked, thanks! 

Sergei Fomin
Velton.link ltd. Internet Service Provider Kharkov, Ukraine
phone/fax: +380(572)149941      http://www.vlink.kharkov.ua