On Thu, Jan 04, 2024 at 10:36:23 -0500, Wietse Venema via Postfix-users wrote:
> Wietse Venema via Postfix-users:
> > Geert Hendrickx via Postfix-users:
> > > I just found an unexpected side effect of this particular configuration
> > > (unrelated to SMTP smuggling).
> > >
> > > [...] Or stated differently: one can now detect a DISCARD rule via
> > > unauthorized pipelining, it is no longer 100% equivalent to an "OK"
> > > from an outside POV.
> > >
> > > The same goes for eg. recipient validation when a sender triggers DISCARD.
> >
> > I suppose that is why one is called a temporary fix (which addresses
> > many cases but not necessarily all) and a permanent fix (which roots
> > out the problem).
>
> To be clear, DISCARD disables this "temporary fix" for the smuggled
> message. It is just one example that the temporary fix with
> smtpd_data_restrictions cannot cover.
My point was not about SMTP smuggling, but about potentially revealing
DISCARD rules to the outside world (since they cause later rules to be
skipped entirely). Eg. a discarded sender receives OK on any RCPT TO,
whereas an allowed sender sees usual recipient/relay restrictions.
Geert
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
