maddy icon indicating copy to clipboard operation
maddy copied to clipboard
verified publisher icon foxcpp

require_matching_ehlo, dnsbl: Exclude 127.0.0.1/24 clients from the check

Open foxcpp opened this issue 6 years ago • 2 comments

foxcpp avatar Nov 11 '19 20:11 foxcpp

Same goes for dnsbl module. Also ::1 for IPv6.

foxcpp avatar Nov 11 '19 20:11 foxcpp

Status quo:

  • It is possible to define a separate endpoint for localhost clients and remote clients, possibly even using the same port.
  • Local clients should use Submission endpoint for delivery with proper authentication using SASL PLAIN or SASL EXTERNAL. If it is not possible, separate endpoint should be defined like mentioned above.
  • In both cases it is possible to define a more permissive set of checks for local clients.

Since there is a way to solve the original use-case, I have little to no desire to implement special cases for mentioned checks. If somebody wants to implement it - I will probably merge a PR with it, though. Removing from 0.1 milestone.

P.S. example configuration snippet (10.0.0.1 is external interface address):

hostname example.org
tls cert.pem key.pem

smtp tcp://127.0.0.1:25 {
    deliver_to dummy
}

smtp tcp://10.0.0.1:25 {
    check {
        require_matching_ehlo
    }
    deliver_to dummy
}

foxcpp avatar Dec 15 '19 17:12 foxcpp