I am having a problem that IMHO should be solved by the following in
main.cf. I am using version 2.7.1 in Debian squeeze:
smtpd_data_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_multi_recipient_bounce
This says to me that if the host is listed in mynetworks, it should stop
looking at the rest of the restrictions. This doesn't happen. The log
complains about improper command pipelining, and the SMTP conversation
sends a 503. I have done some testing, and have learned that
reject_multi_recipient_bounce *IS* ignored if the source matches
mynetworks, and takes effect if the source is not listed there.
The client that's doing this is xymon, a monitoring application. It
sends "mail" followed by "quit" and looks for a 220 response. The code
is not flexible enough to do it properly, which means sending helo,
waiting for a response, then sending some useful test command and
waiting for another response. The test does pass, because the first
thing the server sends is a 220.
Am I running into expected behavior? I agree with the notion that
unauthorized pipelining is bad, but what if I have a broken system that
I am forced to use? Shouldn't I be able, through either
permit_mynetworks or another mechanism, to allow that client to do it
while denying everyone else? I am not hampered by what I've discovered,
but I consider it to be a bug that should be fixed, because it might
affect someone else.
I filed a bug on this problem with the Debian project some time ago, but
aside from one person who privately sent me a link to a general postfix
howto for Ubuntu, I've gotten no response.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604707
Thanks,
Shawn
