Geert Hendrickx via Postfix-users:
> On Thu, Jan 04, 2024 at 10:36:23 -0500, Wietse Venema via Postfix-users wrote:
> > Wietse Venema via Postfix-users:
> > > Geert Hendrickx via Postfix-users:
> > > > I just found an unexpected side effect of this particular configuration
> > > > (unrelated to SMTP smuggling).
> > > >
> > > > [...] Or stated differently: one can now detect a DISCARD rule via
> > > > unauthorized pipelining, it is no longer 100% equivalent to an "OK"
> > > > from an outside POV.
> > > >
> > > > The same goes for eg. recipient validation when a sender triggers
> > > > DISCARD.
> > >
> > > I suppose that is why one is called a temporary fix (which addresses
> > > many cases but not necessarily all) and a permanent fix (which roots
> > > out the problem).
> >
> > To be clear, DISCARD disables this "temporary fix" for the smuggled
> > message. It is just one example that the temporary fix with
> > smtpd_data_restrictions cannot cover.
>
> My point was not about SMTP smuggling, but about potentially revealing
> DISCARD rules to the outside world (since they cause later rules to be
> skipped entirely). Eg. a discarded sender receives OK on any RCPT TO,
> whereas an allowed sender sees usual recipient/relay restrictions.
And my point was that DISCARD allowed smuggled mail in, because a
temporary fix did not cover all cases.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
