Ronald F. Guilmette:
>
> I'd like to propose a small enhancement for the Policy Server protocol.
> I'll code up a first cut of it, if nobody else is willing.
>
> Basically, I think it would be very useful if the protcol included a
> line like:
>
> trusted_client=[yes/no]
>
> where the value would be set to "yes" if and only if the client had
> either authenticated (SASL) _or_ the client connected from some IP
> specified in $my_networks.
You are assuming that mynetworks, SASL and TLS will grant identical
privileges to the client, but there is nothing that requires this
to be so.
For this reason, combining multiple different things in one name
is not a good idea. Perhaps it is better to extend the existing
sasl_ and cert_ attributes where needed (for example, sasl_method
and sasl_username already tell you if someone used SASL successfully).
Wietse
> Rationale:
>
> Handling of the e-mails processed by Postfix could be broadly grouped into
> "incoming" and "outgoing" categories. The handling of each category might
> reasonably be very different. For example, while it may be desirable to
> apply all sorts of filtering tests to incoming e-mail, one probably does
> not want to apply such tests to outgoing e-mails. Separately, if one
> wishes to automatically construct and/or maintain an whitelist of every
> e-mail address that "internal" (trusted) users have sent mail to in the
> past, then one could do that by simply adding all recipient e-mail
> addresses associated with _just_ "outgoing" e-mails to the automatically
> maintained whitelist. (Such a whitelist could be easily maintained in an
> entirely automated fasion by a Postfix policy server, but the policy server
> has to differentiate between incoming and outgoing e-mails.)
>
> I've already written something (a policy server) that does in fact try to
> maintain a system-wide whitelist in just this way, but it is less than
> optimal because it has to check itself to see if either (a) there is one
> or more sasl_* lines in the current policy request or else (b) the client
> IP is in $my_networks. For the latter test, the tool in question has to
> be provided with its own copy of the value of $my_networks (because it is
> not smart enough to know how to parse this data out of Postfix's *.cf files)
> and I'm worried that this will eventually lead to a "version skew" type
> problem, i.e. where Postfix has one version of the $my_networks list, but
> the external (whitelist maintainer) policy server has a somewhat different
> version of $my_networks, in which case proper maintenance of the whitelist
> will break down.
>
> Given that Postfix is already checking to see if the client is in $my_networks
> anyway, _and_ that it already knows whether or not the current SMTP session
> has authenticated (via SASL), it seems that it would be quite simple for
> Postfix to simply share this bit of useful information (in a convenient form)
> with external policy servers.
>
>
>
