Loading ...
Sorry, an error occurred while loading the content.

Re: smtpd_client_restrictions = reject_unauth_pipelining weirdness

Expand Messages
  • Jeffrey 'jf' Lim
    ... I see. Thanks for the confirmation! ... gotcha. thanks, -jf -- He who settles on the idea of the intelligent man as a static entity only shows himself to
    Message 1 of 7 , Jul 28, 2013
    • 0 Attachment
      On Mon, Jul 29, 2013 at 4:51 AM, Wietse Venema <wietse@...> wrote:
      > Jeffrey 'jf' Lim:
      >> > Allow me to repeat my reply above:
      >> >
      >> > Current reject_unauth_pipelining implementations [...] don't reject
      >> > clients that talk before Postfix greets them.
      >> >
      >> > To reject clients that talk before Postfix greets them, use
      >> > Postscreen's pregreet detection feature.
      >> >
      >>
      >> Yes, I got that.
      >>
      >> I also highlighted another question/issue I have in the 2nd part of my
      >> question, where the pipelining occurs *after* ehlo/helo. In that case,
      >> smtpd_delay_reject set to 'no' does not work. Should that be expected
      >> behaviour?
      >
      > That's a bug. As of Postfix 2.6, reject_unauth_pipelining works
      > only after the Postfix SMTP server has read input. I am currently
      > too busy with real work to fix that.
      >

      I see. Thanks for the confirmation!


      > If you must block clients that talk too soon, use postscreen. It
      > does a much better job, and it even has a trick to make buggy
      > clients talk too soon.
      >

      gotcha.

      thanks,
      -jf

      --
      He who settles on the idea of the intelligent man as a static entity
      only shows himself to be a fool.

      "Every nonfree program has a lord, a master --
      and if you use the program, he is your master."
      --Richard Stallman
    Your message has been successfully submitted and would be delivered to recipients shortly.