Christoph Moench-Tegeder:
> ## Wietse Venema ([email protected]):
>
> > > for some admittedly special and braindead setup I needed to relay
> > > outgoing mail via another MTA running on localhost:25. In order to
> > > bypass some of the mail loop safety catches, I exteded inet_interfaces
> > > to accept "none".
> > > In case someone might find this useful, I'll publish the path (against
> > > 2.8.2) here, including a documentation note strongly discouraging the
> > > use of the new option.
> >
> > Thanks, but no thanks. This patch is unsafe in its current form.
> > I would hate to see complaints on the mailing list because some
> > well-meaning Linux maintainer decides to adopt this and then
> > someone gets burned by it.
>
> Well, postfix still doesn't relay mail to hosts with it's own
> host name in the server greeting ("host ... greeted me with my own
> hostname ..." and "host ... replied to HELO/EHLO with my own hostname ..."),
> so it's not that easy to shoot one's own foot.
Loops can happen between Postfix MTAs and non-Postfix MTAs. It's
a mistake to assume that all non-Postfix MTAs will implement all
the Postfix safety mechanisms.
For this reason, Postfix must implement safety on both the
Postfix RECEIVING end and on the Postfix SENDING end.
Your patch disables a safety mechanism without providing a replacement
safety mechanism. Instead, it replaces the safety mechanism by a
"don't use this" note in the documentation.
"inet_interfaces = none" means the system does not receive SMTP
mail on any IP address. This needs to be enforced in the SMTP
server.
> > To make the patch safe, it should add code to the SMTP server that
> > refuses to receive mail when inet_interfaces is turned off.
>
> Thanks for the suggestion, I'll look into that (but propably not today).
The beauty of open source. We "solve" a problem by removing a safety
mechanism.
Wietse
