Steve wrote:
On Fri, 2009-06-12 at 08:17 -0400, Wietse Venema wrote:
Mark Goodge:
Ralf Hildebrandt wrote:
* Steve <steve.h...@digitalcertainty.co.uk>:
Is this right?
Yes
"You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitly "OK" a client or sender, in access lists, or not."
I'm gob smacked if it is?
Why?
Because it rather misses the point of whitelisting.
To forward spam reports through Postfix, the recommended solution
is to BASE64 encode the "offending" content.
See http://www.postfix.org/BUILTIN_FILTER_README.html for points
discussed in this thread and more.
Wietse
Always a clever answer for a bug - nice one :-) wanker.
I wouldn't call it a bug, since it's a feature that works as designed.
It is, however, a design choice that makes the feature less useful than
it otherwise could have been. But the point here is that content
inspection isn't a core part of the job of an MTA anyway, so if the
rather simplistic version built in to Postfix isn't sufficient then
you're no worse off than if it didn't have the facility to begin with.
The fact that it does it at all is a bonus that may be useful in some
cases where whitelisting isn't necessary.
Actually, if you wanted to do it all with Postfix then I think one
solution could be to use multiple SMTP services. Have all inbound mail
go to the first service, where mail from whitelisted sources is handled,
then all remaining mail is delivered to the second service which does
header checks before processing the mail. But there may be other gotchas
with this that I haven't thought of.
Mark
