Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness
- On Mon, Jul 29, 2013 at 4:51 AM, Wietse Venema <wietse@...> wrote:
> Jeffrey 'jf' Lim:I see. Thanks for the confirmation!
>> > Allow me to repeat my reply above:
>> > Current reject_unauth_pipelining implementations [...] don't reject
>> > clients that talk before Postfix greets them.
>> > To reject clients that talk before Postfix greets them, use
>> > Postscreen's pregreet detection feature.
>> Yes, I got that.
>> I also highlighted another question/issue I have in the 2nd part of my
>> question, where the pipelining occurs *after* ehlo/helo. In that case,
>> smtpd_delay_reject set to 'no' does not work. Should that be expected
> That's a bug. As of Postfix 2.6, reject_unauth_pipelining works
> only after the Postfix SMTP server has read input. I am currently
> too busy with real work to fix that.
> If you must block clients that talk too soon, use postscreen. Itgotcha.
> does a much better job, and it even has a trick to make buggy
> clients talk too soon.
He who settles on the idea of the intelligent man as a static entity
only shows himself to be a fool.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."