Re: Patched Postfix?
* /dev/rob0 postfix-users@postfix.org: On Thu, May 19, 2011 at 09:23:28PM +0200, Patrick Ben Koetter wrote: Today I've come across a Sophos PureMesssage server that puts ignore_policy_error as restriction option: smtpd_client_restrictions = ignore_policy_error, check_policy_service inet:localhost:4466 I've looked up the postconf man page, but couldn't find that option. Sophos OTOH has been quoted by my customer that they don't run a patched Postfix. So what is it? Given all of Wietses efforts to create great documentation I tend to believe Sophos does provide a patched Postfix. It could be a restriction class. It ain't. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): http://postfix.state-of-mind.de/patrick.koetter/saslfinger/
Re: Patched Postfix?
Today I've come across a Sophos PureMesssage server that puts ignore_policy_error as restriction option: smtpd_client_restrictions = ignore_policy_error, check_policy_service inet:localhost:4466 I've looked up the postconf man page, but couldn't find that option. Sophos OTOH has been quoted by my customer that they don't run a patched Postfix. So what is it? Given all of Wietses efforts to create great documentation I tend to believe Sophos does provide a patched Postfix. Well, the naming gives a hint: Sophos patched Postfix to have some sort of soft_fail the next restriction to secure against check_policy_service inet:localhost:4466 failing somehow. This is just speculation. But I wonder why they would do that: If the policy service FAILS, no mail goes through and the admins will have a look. With ignore_policy_error I would thing that Postfix will silently ignore the error and just deliver the mail. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Patched Postfix?
Zitat von Ralf Hildebrandt ralf.hildebra...@charite.de: Today I've come across a Sophos PureMesssage server that puts ignore_policy_error as restriction option: smtpd_client_restrictions = ignore_policy_error, check_policy_service inet:localhost:4466 I've looked up the postconf man page, but couldn't find that option. Sophos OTOH has been quoted by my customer that they don't run a patched Postfix. So what is it? Given all of Wietses efforts to create great documentation I tend to believe Sophos does provide a patched Postfix. Well, the naming gives a hint: Sophos patched Postfix to have some sort of soft_fail the next restriction to secure against check_policy_service inet:localhost:4466 failing somehow. This is just speculation. But I wonder why they would do that: If the policy service FAILS, no mail goes through and the admins will have a look. With ignore_policy_error I would thing that Postfix will silently ignore the error and just deliver the mail. Maybe it is a hint how reliable their content filters are ;-) Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Patched Postfix?
* lst_ho...@kwsoft.de lst_ho...@kwsoft.de: Maybe it is a hint how reliable their content filters are ;-) YOU said that :) -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Patched Postfix?
Patrick Ben Koetter: Today I've come across a Sophos PureMesssage server that puts ignore_policy_error as restriction option: smtpd_client_restrictions = ignore_policy_error, check_policy_service inet:localhost:4466 I've looked up the postconf man page, but couldn't find that option. Sophos OTOH has been quoted by my customer that they don't run a patched Postfix. So what is it? Given all of Wietses efforts to create great documentation I tend to believe Sophos does provide a patched Postfix. According to Google, all queries for ignore_policy_error come up with discussions about Sophos's Puremessage. Maybe someone can dig up a manpage that describes the feature. Wietse