Hi Wietse, Yeap, another very valid point. I do agree that the risks of using the hostnames to exclude features are not insignificant, in which case I'd ask if the use of hostnames to include features (whitelisting rather than blacklisting) would be more acceptable in terms of risk?
If the resolution of a hostname fails or is not the expected one (for whatever reason) the client will not be offered some of the features, which can lead to transmission failures (failure to accept the messages) rather than mail loss. I also think that it's a good idea to add these examples against using the hostnames in the documentation, as it makes the reasons of this decision clearer. Many thanks, Nik -----Original Message----- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema Sent: 11 September 2017 21:51 To: Postfix users <postfix-users@postfix.org> Subject: Re: smtpd_discard_ehlo_keyword_address_maps support for hostnames Oh, and what should happen when the host has multiple PTR records that properly satisfy the reverse/forward name check? Postfix picks only one, and it may not pick the same one every time.. Writing code is easy, what about writing first the documentation how this is supposed to behave? If a feature needs more text for its limitations than for its functionality, then perhaps that is a sign of a problematic feature? Wietse Nik Kostaras: > Hi Wietse, > > Very good question! > >From my point of view I'd like to have the ability to chose whether > >to enable this filtering option (separately from the existing IP > >filtering), > acknowledging the risks of mail loss (with a "Here be dragons" warning in the > documentation). > > If you are interested I can send a patch with a new config option. > > Many thanks, > Nik Kostaras > > -----Original Message----- > From: owner-postfix-us...@postfix.org > [mailto:owner-postfix-us...@postfix.org] On Behalf Of Wietse Venema > Sent: 11 September 2017 16:57 > To: Postfix users <postfix-users@postfix.org> > Subject: Re: smtpd_discard_ehlo_keyword_address_maps support for > hostnames > > Nik Kostaras: > > Hi all, > > > > Postfix documentation mentions (for > > smtpd_discard_ehlo_keyword_address_maps): > > > > ?The tables are not searched by hostname for robustness reasons.? > > > > Is it possible to describe what these reasons are? (performance > > related?) > > Ask the question: if DNS lookup does not work, even if only for a brief time, > would that result in the loss of mail? > > The purpose of this feature is to prevent a server from announcing a feature > to an SMTP client, for example because it would result in the loss of mail (a > client has a problem with that feature). > > What should happen: > > a) Don't suppress keywords based on hostname, and risk losing mail. > > b) Don't accept mail, to avoid loss of mail. > > c) Something else? > > Wietse > > ---------------------------------------------------------------------- > ------------------------ Message Processed by the Clearswift R&D > Dogfood Secure Email Gateway V4.7.0 > > This e-mail and any files transmitted with it are strictly confidential, may > be privileged and are intended only for use by the addressee unless otherwise > indicated. If you are not the intended recipient any use, dissemination, > printing or copying is strictly prohibited and may be unlawful. If you have > received this e-mail in error, please delete it immediately and contact the > sender as soon as possible. Clearswift cannot be held liable for delays in > receipt of an email or any errors in its content. Clearswift accepts no > responsibility once an e-mail and any attachments leave us. Unless expressly > stated, opinions in this message are those of the individual sender and not > of Clearswift. > > This email message has been inspected by Clearswift for inappropriate content > and security threats. > > To find out more about Clearswift?s solutions please visit > www.clearswift.com > >
