Wietse Venema wrote in
<4kz8dy5nbpzj...@spike.porcupine.org>:
|Steffen Nurpmeso:
|> The _only_ thing that must be taken into account, and i would wish
|> postfix would offer a solution for this, is that the *_error_limit
|> configuration parameters kick in. I have drastically low numbers
|> to reduce log noise for all these nonsense connections, but with
|> graylisting each DEFER_IF_PERMIT (or DEFER etc) counts as one
|> error. So if you have a message from a non-whitelisted sender
|> that ends up with two or three valid recipients on the host, it
|> counts as two or three errors.
|> So like s-postgray will impose limit-delay sleeps per RCPT TO:,
|> postfix will count errors per RCPT TO.
|> This is no good for graylisting, better would be a special
|> access(5) entry which simply "remembers an error once".
|
|Something like WARN_IF_REJECT (but with a different name and effect)
|that you can specify before REJECT, DEFER, etc. in an access map
|or policy server response?
You mean an action prefix? Why not, this sounds good.
(I meant "DEFER_IF_PERMIT_ERROR_ONCE" that only counts as one
error per instance=, even if it occurs multiple times.)
|To my astonishment, Postfix does not send its own version in a
|policy server request. That should probably be fixed.
diff --git a/README_FILES/SMTPD_POLICY_README b/README_FILES/SMTPD_POLICY_README
index 291fa5c870..5361412464 100644
--- a/README_FILES/SMTPD_POLICY_README
+++ b/README_FILES/SMTPD_POLICY_README
@@ -85,6 +85,8 @@ a delegated SMTPD access policy request:
P�Po�os�st�tf�fi�ix�x v�ve�er�rs�si�io�on�n 3�3.�.2�2 a�an�nd�d
l�la�at�te�er�r:�:
server_address=10.3.2.1
server_port=54321
+ P�Po�os�st�tf�fi�ix�x v�ve�er�rs�si�io�on�n 3�3.�.8�8 a�an�nd�d
l�la�at�te�er�r:�:
+ mail_version=3.8.0
[empty line]
Notes:
@@ -164,6 +166,8 @@ Notes:
* The "policy_context" attribute provides a way to pass information that is
not available via other attributes (Postfix version 3.1 and later).
+ * The "mail_version" attribute corresponds to the "postconf" parameter.
+
The following is specific to SMTPD delegated policy requests:
* Protocol names are ESMTP or SMTP.
diff --git a/src/global/mail_proto.h b/src/global/mail_proto.h
index b5504638e6..5081194617 100644
--- a/src/global/mail_proto.h
+++ b/src/global/mail_proto.h
@@ -201,6 +201,8 @@ extern char *mail_pathname(const char *, const char *);
#define MAIL_ATTR_CRYPTO_CIPHER "encryption_cipher"
#define MAIL_ATTR_CRYPTO_KEYSIZE "encryption_keysize"
+#define MAIL_ATTR_MAIL_VERSION "mail_version"
+
/*
* Suffixes for sender_name, sender_domain etc.
*/
diff --git a/src/smtpd/Makefile.in b/src/smtpd/Makefile.in
index 8c4132a30b..f48d38f026 100644
--- a/src/smtpd/Makefile.in
+++ b/src/smtpd/Makefile.in
@@ -340,6 +340,7 @@ smtpd_check.o: ../../include/mail_error.h
smtpd_check.o: ../../include/mail_params.h
smtpd_check.o: ../../include/mail_proto.h
smtpd_check.o: ../../include/mail_stream.h
+smtpd_check.o: ../../include/mail_version.h
smtpd_check.o: ../../include/map_search.h
smtpd_check.o: ../../include/maps.h
smtpd_check.o: ../../include/match_list.h
diff --git a/src/smtpd/smtpd_check.c b/src/smtpd/smtpd_check.c
index a4a6af0633..fea7e4852c 100644
--- a/src/smtpd/smtpd_check.c
+++ b/src/smtpd/smtpd_check.c
@@ -228,6 +228,7 @@
#include <namadr_list.h>
#include <domain_list.h>
#include <mail_params.h>
+#include <mail_version.h> /* MAIL_VERSION_NUMBER */
#include <resolve_clnt.h>
#include <mail_error.h>
#include <resolve_local.h>
@@ -4099,9 +4100,11 @@ static int check_policy_service(SMTPD_STATE *state,
const char *server,
#endif
SEND_ATTR_STR(MAIL_ATTR_POL_CONTEXT,
policy_clnt->policy_context),
+ SEND_ATTR_STR(MAIL_ATTR_MAIL_VERSION,
MAIL_VERSION_NUMBER),
ATTR_TYPE_END,
ATTR_FLAG_MISSING, /* Reply attributes. */
RECV_ATTR_STR(MAIL_ATTR_ACTION, action),
ATTR_TYPE_END) != 1
|| (var_smtputf8_enable && valid_utf8_action(server, STR(action)) ==
0)) {
NOCLOBBER static int nesting_level = 0;
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
