Andre H?bner:
> Hello,
>
> i try to set up safe etrn.
> i use in main.cf
>
> smtpd_etrn_restrictions = check_etrn_access hash:/etc/postfix/etrn-domains
> reject
>
> if etrn-domain is found /etc/postfix/etrn-domains returns name of 2nd
> restriction which checks by check_client_access other file for clientip and
> returns ok if found.
> setup works but there is still security-problem that a client ip which is
> allowed for etrn is requesting mails for other domain.
This is incorrect. The client can SPECIFY a different domain but
the client cannot RECEIVE mail for that domain. With ETRN, the
server delivers mail by making new SMTP connections.
> is there a combination of restrictions to make it safe or is an own
> policy-service better solution?
>
> 2nd question:
>
> atrn/odmr
> In contrast to expactation atrn/odmr works pretty different. Is there a
> official Readme how to deal with this the best way?
> All i found are really old discussions with no clear answers.
Postfix documentation describes all implemented features, and
atrn/odmr support is not described there.
Wietse
