Wietse Venema: > Jose Borges Ferreira: > > Ok, I understand that you don't have time to explain Postfix internals > > but the subject was regarding documentation and the MILTER_README is > > wrong. > > Well, the text wasn't wrong. It is not safe to "filter" bounce > messages until someone does a detailed analysis to determine under > what conditions it is safe.
I don't have time for that full analysis, but it looks like internal_mail_filter_classes=bounce can be safe (more on that at the end of this email). Postfix internal_mail_filter_classes was thrown in alongside with Milter support but it does not provide the right interface for signing mail (a result of pressure to work on other things). Why would one want to turn on header checks when all you want is to sign mail with a Milter? internal_mail_filter_classes needs to be replaced by a tool that is more precise. > > And btw, if you think that blocking bounces is evil ( not saying you > > are not right ), check the EXAMPLES section in > > http://www.postfix.org/header_checks.5.html. > > These examples block dangerous MIME types and an old IFRAME exploit. > If you apply these header_checks rules for new mail and for bounces > that Postfix itself generates, then these rules should not block > those bounces. As long as you don't have header/body_checks rules that reject only text that appears in bounce messages, internal_mail_filter_classes=bounce should be safe to use. Wietse
