[prev in list] [next in list] [prev in thread] [next in thread]
List: postfix-users
Subject: Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness
From: "Jeffrey 'jf' Lim" <jfs.world () gmail ! com>
Date: 2013-07-29 3:06:31
Message-ID: CAE4WMGjhXWLv+UvGR9sert94m3WGH8rUv6CPHCNE3oW-UMKhKA () mail ! gmail ! com
[Download RAW message or body]
On Mon, Jul 29, 2013 at 4:51 AM, Wietse Venema <wietse@porcupine.org> wrote:
> Jeffrey 'jf' Lim:
>> > Allow me to repeat my reply above:
>> >
>> > Current reject_unauth_pipelining implementations [...] don't reject
>> > clients that talk before Postfix greets them.
>> >
>> > To reject clients that talk before Postfix greets them, use
>> > Postscreen's pregreet detection feature.
>> >
>>
>> Yes, I got that.
>>
>> I also highlighted another question/issue I have in the 2nd part of my
>> question, where the pipelining occurs *after* ehlo/helo. In that case,
>> smtpd_delay_reject set to 'no' does not work. Should that be expected
>> behaviour?
>
> That's a bug. As of Postfix 2.6, reject_unauth_pipelining works
> only after the Postfix SMTP server has read input. I am currently
> too busy with real work to fix that.
>
I see. Thanks for the confirmation!
> If you must block clients that talk too soon, use postscreen. It
> does a much better job, and it even has a trick to make buggy
> clients talk too soon.
>
gotcha.
thanks,
-jf
--
He who settles on the idea of the intelligent man as a static entity
only shows himself to be a fool.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."
--Richard Stallman
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic