Johan Almqvist wrote:
[...]
I'll think about it once more, I think I should probably turn the logic
around both in check_badrcptto_patterns and in my plugin, so that
check_badrcptto_patterns becomes check_goodrcptto_patterns (a list of
patterns that describes all legit addresses)
I built check_badrcptto_patterns to deal with the standard relay hacks -
%, @@ and ! - and it seemed sensible to weed those on the first pass.
I find it useful for testing to be able to display a different message
for the rule which failed, and I think we'd lose that if the logic were
inverted.
In SME Server land, we perform checks with this list of plugins, so
we've weeded out most of the crud before we start looking at valid users
on the system:
check_badmailfrom
check_badrcptto_patterns
check_badrcptto
check_spamhelo
check_goodrcptto extn -
and denybounce would then
be an extra list of addresses that are legit, but don't accept bounces
(such as the address that is subscribed to this list, which has
-qpsmtpd added to my username)
I think there's room for both "good" and "bad" rulesets, but maybe we
should be doing something along the lines of mailfront's mailrules:
http://untroubled.org/mailfront/mailrules.html
http://untroubled.org/mailfront/mailrulesx.html
(except using Perl patterns and a somewhat more readable config).
Thanks,
Gordon
