Jose Borges Ferreira: > On 10/20/2013 03:21 PM, Wietse Venema wrote: > > That is the wrong question. The right question when enabling a feature > is **will this feature be safe to use**. I will give one example of > why it is not safe: Postfix accepts mail into the queue and then > bounces it later. When this bounce is blocked by a filter, it will > disappear into a black hole, which violates the SMTP standard. That is > only one example; that is sufficient to demonstrate that something is > unsafe. Showing that something is safe requires a more detailed > analysis. I have no time for that. > > Ok, I understand that you don't have time to explain Postfix internals > but the subject was regarding documentation and the MILTER_README is > wrong.
Well, the text wasn't wrong. It is not safe to "filter" bounce messages until someone does a detailed analysis to determine under what conditions it is safe. And if they can't explain that in a few lines then it is irrelevant, because no-one will understand it. Apart from that, I don't think that signing bounce messages makes much sense to begin with. > And btw, if you think that blocking bounces is evil ( not saying you > are not right ), check the EXAMPLES section in > http://www.postfix.org/header_checks.5.html. These examples block dangerous MIME types and an old IFRAME exploit. If you apply these header_checks rules for new mail and for bounces that Postfix itself generates, then these rules should not block those bounces. Wietse
