Stefano Bagnara wrote:
> > You moved the check inside the authRequired check. I want it
> > OUTSIDE the check because I want for it to apply to ALL
> > e-mail, regardless of whether auth is required or not.
> I did not check your intended behaviour, I simply refactored it.
> Am I missing something?
Actually, I did, and your refactoring pointed it out. :-)
We have two checks:
isAuthRequired:
true when <authRequired> != false and ! in
{<authorizedAddresses>}
usRelayingAllowed
true when in {<authorizedAddresses>}
which is why we don't need this change:
- if (authRequired) {
+ if (authRequired && !relayingAllowed)
For now, we want to check the DNSRBL whenever the address is not authorized,
but since the isAuthRequired check would be false in the common case where
SMTP AUTH isn't enabled, we can't rely on isAuthRequired as the sole check.
My check was:
if (blocklisted &&
(authRequired && getUser() == null) &&
!(recipientAddress.getUser().equalsIgnoreCase("postmaster") ||
recipientAddress.getUser().equalsIgnoreCase("abuse"))) {
and should be:
if (blocklisted &&
(!relayAllowed || (authRequired && getUser() == null)) &&
^ handle case when IP not authorized and SMTP AUTH not enabled
!(recipientAddress.getUser().equalsIgnoreCase("postmaster") ||
recipientAddress.getUser().equalsIgnoreCase("abuse"))) {
because !relayedAllow can be true when authRequired is false.
I'd consider cleaning this up, but I think that moving to the fast-fail
approach proposed will clean up the whole area structurally.
Again, please check my logic (above.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
