Christoph Moench-Tegeder:
> Hi,
>
> for some admittedly special and braindead setup I needed to relay
> outgoing mail via another MTA running on localhost:25. In order to
> bypass some of the mail loop safety catches, I exteded inet_interfaces
> to accept "none".
> In case someone might find this useful, I'll publish the path (against
> 2.8.2) here, including a documentation note strongly discouraging the
> use of the new option.
Thanks, but no thanks. This patch is unsafe in its current form.
I would hate to see complaints on the mailing list because some
well-meaning Linux maintainer decides to adopt this and then
someone gets burned by it.
One does not make a patch safe with a "don't use this" note in the
manpage that no-one reads.
To make the patch safe, it should add code to the SMTP server that
refuses to receive mail when inet_interfaces is turned off.
Wietse
> diff -Nru postfix-2.8.2.orig//proto/postconf.proto
> postfix-2.8.2/proto/postconf.proto
> --- postfix-2.8.2.orig//proto/postconf.proto 2011-01-20 13:10:33.000000000
> +0100
> +++ postfix-2.8.2/proto/postconf.proto 2011-04-05 09:01:19.000000000
> +0200
> @@ -1837,8 +1837,10 @@
> <p> The network interface addresses that this mail system receives
> mail on. Specify "all" to receive mail on all network
> interfaces (default), and "loopback-only" to receive mail
> -on loopback network interfaces only (Postfix version 2.2 and later). The
> -parameter also controls delivery of mail to <tt>user@[ip.address]</tt>.
> +on loopback network interfaces only (Postfix version 2.2 and later). Setting
> +this parameter to "none" will disable all loop checks and is therefore
> +strongly discouraged. The parameter also controls delivery of mail to
> +<tt>user@[ip.address]</tt>.
> </p>
>
> <p>
> diff -Nru postfix-2.8.2.orig//src/global/mail_params.h
> postfix-2.8.2/src/global/mail_params.h
> --- postfix-2.8.2.orig//src/global/mail_params.h 2011-03-14
> 18:59:09.000000000 +0100
> +++ postfix-2.8.2/src/global/mail_params.h 2011-04-05 08:20:49.000000000
> +0200
> @@ -152,6 +152,7 @@
> #define VAR_INET_INTERFACES "inet_interfaces" /* listen addresses */
> #define INET_INTERFACES_ALL "all"
> #define INET_INTERFACES_LOCAL "loopback-only"
> +#define INET_INTERFACES_NONE "none"
> #define DEF_INET_INTERFACES INET_INTERFACES_ALL
> extern char *var_inet_interfaces;
>
> diff -Nru postfix-2.8.2.orig//src/global/own_inet_addr.c
> postfix-2.8.2/src/global/own_inet_addr.c
> --- postfix-2.8.2.orig//src/global/own_inet_addr.c 2006-06-15
> 20:07:15.000000000 +0200
> +++ postfix-2.8.2/src/global/own_inet_addr.c 2011-04-05 08:38:21.000000000
> +0200
> @@ -124,6 +124,14 @@
> }
>
> /*
> + * If we are configured to explicitely ignore all local interfaces,
> + * there's noting left to do
> + */
> + else if (strcmp(var_inet_interfaces, INET_INTERFACES_NONE) == 0) {
> + return;
> + }
> +
> + /*
> * If we are supposed to be listening only on specific interface
> * addresses (virtual hosting), look up the addresses of those
> * interfaces.
>
>
> Regards,
> Christoph
>
> --
> Spare Space
>
>
