[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smtp-policy q-s and wishes

about relaying policy:

>   The more I think of it, I think it really begins to need a script
>   facility for this use, not only simple attributes + hardcoded logic
>   about the order of things.

I always felt that attribute model is not very convenient.
I would prefer something like this:

PHASE initial
	* unset relay
PHASE connection
	[]/8 deny "Connections from private networks not accepted"
	[]/24 set customernet
	(checkdb custnetworks) set customernet
	[]/16 set hostile
PHASE helo
	# nothing
PHASE mailfrom
	(! resolvable) deny "From domain must resolve"
PHASE rcptto
	(checkdb localnames) set islocal
	(/^postmaster@/ & ?islocal) accept
	?hostile deny "Your netblock is barred"
	?islocal accept
	(checkdb mxrelay) accept
	?customernet accept
	* deny "Relaying denied"

(just to get an idea) - you would see which checks are performed at which
time.  Every check can either terminate session with error response or
set/unset named flag.  At later stages, these flags can be checked.

Each check could match variable available at this phase against regexp,
look it up in a database, or just see if a particular flag is set or unset.