On Wed, 21 May 2008, Hanno Hecker wrote:
On Wed, 21 May 2008 10:39:37 -0400 (EDT)
Charlie Brady <[EMAIL PROTECTED]> wrote:
On Wed, 21 May 2008, Hanno Hecker wrote:
- if you use the tls plugin, all connection notes are lost after the
TLS setup is complete
Why? Isn't that a bug in the tls plugin? When TLS is negotiated, the
transaction notes should be cleared (then TLS status added), but the
connection notes should still be valid - it's the same connection still.
Yes and no :) IMO at least some of the notes are still valid, but see
this thread:
http://www.nntp.perl.org/group/perl.qpsmtpd/2006/08/msg5371.html
Keeping notes across the TLS setup is a simple patch, but I won't
commit it until all agree that we want to keep all notes
What connection notes might exist at starttls which shouldn't be kept? I'd
say that if there are any, they should be transaction notes and not
connection notes (e.g. helo host is SMTP transaction metadata, not TCP
connection metadata).
(but: why
do we need connection->clone() then? ;-))
I didn't say that we did need it :-)
Another approach would be to add a "starttl-post" hook and let all
plugins set the connection notes they need/want again in there (think
of dnsbl, which will not block clients if the start with TLS,
currently).
I don't see any need for another approach. It seems straightforward to me
that the connection exists from when it is created to when it is broken,
and any connection notes should apply to the connection, and not to the
data stream which passes over the connection. Plugins should be able to
add and query notes about the connection, and the connection notes should
not be discarded until the connection goes away.
... and to add some more new hooks:
http://ankh-morp.org/~vetinari/tmp/new_command.diff is what I'm
currently working on (The hardest part of this patch is still to do: the
AUTH* commands): any plugin can add new hooks / commands. Adding a
starttls-post hook in there would be easy.
Hanno
