On Wed, Jul 27, 2016 at 8:00 AM, Paul Fariello <p...@fariello.eu> wrote: > Ok. I didn't notice that relayd had a security filtering focus. If so, > enforcing presence/absence of body is legit.
Perhaps the security.html page on the openbsd site would interest you? Did you know, for example, that openbsd has a "Secure by Default" policy? Also, it is probably a good idea to read the man page for software you are working on. For example, relayd has a man page which says: "Various application level filtering ... options are available for relays." I could go on, with this kind of reasoning, but I probably should give you the chance to do some thinking, yourself? -- Raul