On 1/12/2010 3:05 PM, Frank Cusack wrote:
On January 12, 2010 2:49:32 PM -0600 "/dev/rob0" <r...@gmx.co.uk> wrote:
reject_unauth_pipelining won't work here, only in
smtpd_data_restrictions
reject_unauth_pipelining
Reject the request when the client sends SMTP commands ahead of time
where it is not allowed, or when the client sends SMTP commands ahead
of time without knowing that Postfix actually supports ESMTP command
pipelining. This stops mail from bulk mail software that improperly
uses ESMTP command pipelining in order to speed up deliveries.
With Postfix 2.6 and later, the SMTP server sets a per-session flag
whenever it detects illegal pipelining, including pipelined EHLO or
HELO commands. The reject_unauth_pipelining feature simply tests
whether the flag was set at any point in time during the session.
With older Postfix versions, reject_unauth_pipelining checks
the current status of the input read queue, and its usage is not
recommended in contexts other than smtpd_data_restrictions.
I especially point you to the last paragraph.
The reference to EHLO/HELO, and the reference to support in older versions
hints to me it should be in the helo section? Not correct?
With postfix 2.6 and newer, reject_unauth_piplining works fine
in any smtpd_*_restrictions stage.
And like the last sentence says, with versions earlier than
2.6, that restriction is only effective in
smtpd_data_restrictions.
So if you have postfix 2.6 or newer, it's fine to put it in
the helo section.
-- Noel Jones