martin f krafft wrote:
also sprach Daryl C. W. O'Shea <[EMAIL PROTECTED]> [2006.06.06.1848 +0200]:
Really? That makes no sense to me. I don't see anything in your
example header that we use as auth tokens. Actually, I don't see any
auth tokens. What's to stop someone from connecting with SSL but not
authenticating?
Well, true. Given that I am actually calling SA after amavisd,
127.0.0.1 will always be the relay. I think I thus just effectively
disabled all of SA. :)
Yeah, it sounds like you may have messed up your trust path settings
enough to prevent your problem. :)
If you provide a full set of received headers that are being passed to
SA, someone can help you out with the correct settings.
And I don't want to filter on auth headers because what's to keep
spammers from adding them?
Sure you do... at least auth headers that you know you added. Your
problem is that Postfix doesn't include RFC 3848 style (or any) auth tokens.
I think I heard (actually I may have dreamt) that a then future, now
recent, version of Postfix would include such auth tokens. The last
thing I do recall for sure though is something along the lines of Wietse
saying "it's nobody's business if, or how, or who as, you
authenticated". I don't see anything on the Postfix site about support
for this.
What version of SA are you using?
3.1.0a-2
Hrm. Matt Kettler has said that he's seen a difference between
1.2.3.4/32 and 1.2.3.4. Now I believe you're saying you've seen 127.
not include 127.0.0.1. I'm still not sure how that'd happen with
current code.
Daryl
