Patched Postfix?
Today I've come across a Sophos PureMesssage server that puts "ignore_policy_error" as restriction option: smtpd_client_restrictions = ignore_policy_error, check_policy_service inet:localhost:4466 I've looked up the postconf man page, but couldn't find that option. Sophos OTOH has been quoted by my customer that they don't run a patched Postfix. So what is it? Given all of Wietses efforts to create great documentation I tend to believe Sophos does provide a patched Postfix. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Re: Patched Postfix?
Patrick Ben Koetter: > Today I've come across a Sophos PureMesssage server that puts > "ignore_policy_error" as restriction option: > > smtpd_client_restrictions = > ignore_policy_error, > check_policy_service inet:localhost:4466 > > I've looked up the postconf man page, but couldn't find that option. Sophos > OTOH has been quoted by my customer that they don't run a patched Postfix. > > So what is it? Given all of Wietses efforts to create great documentation I > tend to believe Sophos does provide a patched Postfix. According to Google, all queries for ignore_policy_error come up with discussions about Sophos's Puremessage. Maybe someone can dig up a manpage that describes the feature. Wietse
Re: Patched Postfix?
On Thu, May 19, 2011 at 09:23:28PM +0200, Patrick Ben Koetter wrote: > Today I've come across a Sophos PureMesssage server that puts > "ignore_policy_error" as restriction option: > > smtpd_client_restrictions = > ignore_policy_error, > check_policy_service inet:localhost:4466 > > I've looked up the postconf man page, but couldn't find that > option. Sophos OTOH has been quoted by my customer that they don't > run a patched Postfix. > > So what is it? Given all of Wietses efforts to create great > documentation I tend to believe Sophos does provide a patched > Postfix. It could be a restriction class. -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
Re: Patched Postfix?
* /dev/rob0 : > On Thu, May 19, 2011 at 09:23:28PM +0200, Patrick Ben Koetter wrote: > > Today I've come across a Sophos PureMesssage server that puts > > "ignore_policy_error" as restriction option: > > > > smtpd_client_restrictions = > > ignore_policy_error, > > check_policy_service inet:localhost:4466 > > > > I've looked up the postconf man page, but couldn't find that > > option. Sophos OTOH has been quoted by my customer that they don't > > run a patched Postfix. > > > > So what is it? Given all of Wietses efforts to create great > > documentation I tend to believe Sophos does provide a patched > > Postfix. > > It could be a restriction class. It ain't. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
Re: Patched Postfix?
> Today I've come across a Sophos PureMesssage server that puts > "ignore_policy_error" as restriction option: > > smtpd_client_restrictions = > ignore_policy_error, > check_policy_service inet:localhost:4466 > > I've looked up the postconf man page, but couldn't find that option. Sophos > OTOH has been quoted by my customer that they don't run a patched Postfix. > > So what is it? Given all of Wietses efforts to create great documentation I > tend to believe Sophos does provide a patched Postfix. Well, the naming gives a hint: Sophos patched Postfix to have some sort of "soft_fail the next restriction" to secure against "check_policy_service inet:localhost:4466" failing somehow. This is just speculation. But I wonder why they would do that: If the policy service FAILS, no mail goes through and the admins will have a look. With ignore_policy_error I would thing that Postfix will silently ignore the error and just deliver the mail. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Patched Postfix?
Zitat von Ralf Hildebrandt : Today I've come across a Sophos PureMesssage server that puts "ignore_policy_error" as restriction option: smtpd_client_restrictions = ignore_policy_error, check_policy_service inet:localhost:4466 I've looked up the postconf man page, but couldn't find that option. Sophos OTOH has been quoted by my customer that they don't run a patched Postfix. So what is it? Given all of Wietses efforts to create great documentation I tend to believe Sophos does provide a patched Postfix. Well, the naming gives a hint: Sophos patched Postfix to have some sort of "soft_fail the next restriction" to secure against "check_policy_service inet:localhost:4466" failing somehow. This is just speculation. But I wonder why they would do that: If the policy service FAILS, no mail goes through and the admins will have a look. With ignore_policy_error I would thing that Postfix will silently ignore the error and just deliver the mail. Maybe it is a hint how reliable their content filters are ;-) Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Patched Postfix?
* lst_ho...@kwsoft.de : > Maybe it is a hint how reliable their content filters are ;-) YOU said that :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
