On Sat, Jun 13, 2009 at 01:09:49AM +0200, mouss wrote:
by default:
mime_header_checks = $header_checks
nested_header_checks = $header_checks
so header_checks apply to more than 822 headers.
I'm
not sure if this is a bug/'feature' - but to have to keep commenting out
certain rules
Victor Duchovni:
On Sat, Jun 13, 2009 at 01:09:49AM +0200, mouss wrote:
by default:
mime_header_checks = $header_checks
nested_header_checks = $header_checks
so header_checks apply to more than 822 headers.
I'm
not sure if this is a bug/'feature' - but to have to keep
Is this right?
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitly OK a client or sender, in access lists, or not.
I'm gob smacked if it is?
On Fri, June 12, 2009 12:12 pm, Steve said:
Is this right?
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitly OK a client or sender, in access lists, or not.
Yes, that's correct.
--
Magnus
On Fri, 2009-06-12 at 12:51 +0200, Magnus Bäck wrote:
On Fri, June 12, 2009 12:12 pm, Steve said:
Is this right?
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitly OK a client or sender,
* Steve steve.h...@digitalcertainty.co.uk:
Is this right?
Yes
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitly OK a client or sender, in access lists, or not.
I'm gob smacked if it is?
Ralf Hildebrandt wrote:
* Steve steve.h...@digitalcertainty.co.uk:
Is this right?
Yes
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitly OK a client or sender, in access lists, or not.
I'm gob
Mark Goodge:
Ralf Hildebrandt wrote:
* Steve steve.h...@digitalcertainty.co.uk:
Is this right?
Yes
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitly OK a client or sender, in access
On Fri, 2009-06-12 at 08:17 -0400, Wietse Venema wrote:
Mark Goodge:
Ralf Hildebrandt wrote:
* Steve steve.h...@digitalcertainty.co.uk:
Is this right?
Yes
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take
Steve wrote:
On Fri, 2009-06-12 at 08:17 -0400, Wietse Venema wrote:
Mark Goodge:
Ralf Hildebrandt wrote:
* Steve steve.h...@digitalcertainty.co.uk:
Is this right?
Yes
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take
On Fri, 12 Jun 2009, Steve wrote:
Wietse
Always a clever answer for a bug - nice one :-) wanker.
As someone who mostly site on the side of this forum but is extremely
appreciative of the work Wietse and others have done to bring Postfix to
the community, I'd like to suggest that
* Mark Goodge m...@good-stuff.co.uk:
I wouldn't call it a bug, since it's a feature that works as designed.
It is, however, a design choice that makes the feature less useful than
it otherwise could have been. But the point here is that content
inspection isn't a core part of the job of an
On Fri, 2009-06-12 at 14:36 +0100, Mark Goodge wrote:
Steve wrote:
On Fri, 2009-06-12 at 08:17 -0400, Wietse Venema wrote:
Mark Goodge:
Ralf Hildebrandt wrote:
* Steve steve.h...@digitalcertainty.co.uk:
Is this right?
Yes
You cannot whitelist a sender or client in an access list to
On Fri, 2009-06-12 at 15:47 +0200, Ralf Hildebrandt wrote:
* Mark Goodge m...@good-stuff.co.uk:
I wouldn't call it a bug, since it's a feature that works as designed.
It is, however, a design choice that makes the feature less useful than
it otherwise could have been. But the point here
* EASY steve.h...@digitalcertainty.co.uk steve.h...@digitalcertainty.co.uk:
I only use it for stuff I absolutely don't want to see. Everything
else gets handled by amavisd-new
Which is flaky.
Not here.
The fix is to make the content scanner in Postfix work as it should -
or do we keep
On Fri, 2009-06-12 at 15:54 +0200, Ralf Hildebrandt wrote:
* EASY steve.h...@digitalcertainty.co.uk steve.h...@digitalcertainty.co.uk:
I only use it for stuff I absolutely don't want to see. Everything
else gets handled by amavisd-new
Which is flaky.
Not here.
And the tens of
EASY steve.h...@digitalcertainty.co.uk wrote:
It's a bug. Read the original question carefully. If I'm pasting the
original headers into the BODY of a fresh mail, and the header filters
are *blocking* it - is that intended behaviour? Answer (hopefully) 'No'.
If the header-only filters are
On Fri, 2009-06-12 at 15:09 +0100, Mark Goodge wrote:
EASY steve.h...@digitalcertainty.co.uk wrote:
[1] http://www.postfix.org/header_checks.5.html
Mark
Did you find that all on your own, or did you get some help with that?
I honestly can't be tossed to bother with the guy and raising an
Quoting Mark Goodge m...@good-stuff.co.uk:
EASY steve.h...@digitalcertainty.co.uk wrote:
It's a bug. Read the original question carefully. If I'm pasting the
original headers into the BODY of a fresh mail, and the header filters
are *blocking* it - is that intended behaviour? Answer
* Ralf Hildebrandt ralf.hildebra...@charite.de:
* Steve steve.h...@digitalcertainty.co.uk:
/^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic host
in headers
OK
In the logs; tripped on the header filter;
Jun 12 11:01:58 mail4 postfix/cleanup[1419]: B9F16AC09D:
On Fri, 2009-06-12 at 16:40 +0200, Ralf Hildebrandt wrote:
* Ralf Hildebrandt ralf.hildebra...@charite.de:
* Steve steve.h...@digitalcertainty.co.uk:
/^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic
host in headers
OK
In the logs; tripped on the header
* EASY steve.h...@digitalcertainty.co.uk steve.h...@digitalcertainty.co.uk:
Since the headers look like:
Received: from [192.168.1.xx] (xx [192.168.1.xx]) NEWLINE
by mail4.xx.co.uk (xx) with ESMTPA id B9F16AC09D NEWLINE
for ab...@btbroadband.com ...
You COULD
* EASY steve.h...@digitalcertainty.co.uk steve.h...@digitalcertainty.co.uk:
for ab...@btbroadband.com ...
You COULD solve this using:
/^Received: from .*(cmodem|dhcp|adsl|broadband|dynamic).*by / REJECT
dynamic host in headers
It's worth a try.
Indeed, but it's *not*
* Ralf Hildebrandt ralf.hildebra...@charite.de:
/^Received: from .*(cmodem|dhcp|adsl|broadband|dynamic).*by / REJECT
dynamic host in headers
It's worth a try.
Indeed, but it's *not* in the header section of the email, is it! It has
been pasted into the *BODY* of an email.
On Fri, 2009-06-12 at 16:50 +0200, Ralf Hildebrandt wrote:
* EASY steve.h...@digitalcertainty.co.uk steve.h...@digitalcertainty.co.uk:
for ab...@btbroadband.com ...
You COULD solve this using:
/^Received: from .*(cmodem|dhcp|adsl|broadband|dynamic).*by / REJECT
dynamic
EASY steve.h...@digitalcertainty.co.uk wrote:
On Fri, 2009-06-12 at 16:40 +0200, Ralf Hildebrandt wrote:
* Ralf Hildebrandt ralf.hildebra...@charite.de:
* Steve steve.h...@digitalcertainty.co.uk:
/^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic host in
headers
OK
In
Mark Goodge:
I wouldn't call it a bug, since it's a feature that works as designed.
It is, however, a design choice that makes the feature less useful than
it otherwise could have been. [other good points omitted]
For SMTP submissions, header/body checks whitelisting could be done
by adding
* EASY steve.h...@digitalcertainty.co.uk steve.h...@digitalcertainty.co.uk:
Yep, I had already done that. I tried the same thing to ab...@bt.com and
got the same result.
Log entry for exactly that case?
--
Ralf Hildebrandt
Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450
On Fri, 2009-06-12 at 16:56 +0200, Ralf Hildebrandt wrote:
* EASY steve.h...@digitalcertainty.co.uk steve.h...@digitalcertainty.co.uk:
Yep, I had already done that. I tried the same thing to ab...@bt.com and
got the same result.
Log entry for exactly that case?
reads 6 minutes later
If there is a reproducible example where header_checks triggers on
body content, then I will fix it.
All I ask for is that conditions be independently reproducible.
Wietse
Steve:
It is easy enough to reproduce. Just build a header filter like this;
(put aside the fact this is going to catch a shed load of legit mail)
/^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic
host in headers
This matches Received: headers.
This mail;
Subject:
On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote:
If there is a reproducible example where header_checks triggers on
body content, then I will fix it.
All I ask for is that conditions be independently reproducible.
Wietse
In the meantime - how do I white-list this?
Wietse Venema:
Steve:
It is easy enough to reproduce. Just build a header filter like this;
(put aside the fact this is going to catch a shed load of legit mail)
/^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic
host in headers
This matches Received: headers.
Steve:
On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote:
If there is a reproducible example where header_checks triggers on
body content, then I will fix it.
All I ask for is that conditions be independently reproducible.
Wietse
In the meantime - how do I white-list this?
On Fri, 2009-06-12 at 12:36 -0400, Wietse Venema wrote:
Steve:
On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote:
If there is a reproducible example where header_checks triggers on
body content, then I will fix it.
All I ask for is that conditions be independently
EASY steve.h...@digitalcertainty.co.uk:
On Fri, 2009-06-12 at 12:36 -0400, Wietse Venema wrote:
Steve:
On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote:
If there is a reproducible example where header_checks triggers on
body content, then I will fix it.
All I ask for
On Fri, 2009-06-12 at 14:09 -0400, Wietse Venema wrote:
EASY steve.h...@digitalcertainty.co.uk:
On Fri, 2009-06-12 at 12:36 -0400, Wietse Venema wrote:
Steve:
On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote:
If there is a reproducible example where header_checks triggers on
On Fri, 2009-06-12 at 14:52 -0400, Victor Duchovni wrote:
On Fri, Jun 12, 2009 at 07:40:27PM +0100, EASY
steve.h...@digitalcertainty.co.uk wrote:
Currently, as in, what is available now. I am not good
at predicting the future.
I know. If you were I would not be asking for basic
38 matches
Mail list logo
