> > I'm concerned about having ETRN wide open. I am not very familiar with > > ETRN >and >
> > have no use for it in our environment. It seems harmless, but if most of >one's > > > recipient/sender/client/helo/etc. restrictions are in places they won't be >seen > > > by someone trying to fiddle maliciously with ETRN, is it better to put >something > > > in smtpd_etrn_restrictions? > > http://www.postfix.org/ETRN_README.html > http://www.postfix.org/postconf.5.html#authorized_flush_users I confess to only having skimmed ETRN_README, because it's not something we make use of. I may have missed it, but that document doesn't seem to talk much about the implications of its access to the outside. I was concerned because my tests seem to show that by default it is allowable by anyone (and indeed, authorized_flush_users's default is "anyone"). Are you suggesting changing authorized_flush_users to an empty value? What's wrong with the examples I gave? Or is this of no concern and/or does the junk command limit take care of it?
