Re: Can't whitelist header / bodychecks

2009-06-13 Thread Wietse Venema
Victor Duchovni: > On Sat, Jun 13, 2009 at 01:09:49AM +0200, mouss wrote: > > > by default: > > > > mime_header_checks = $header_checks > > nested_header_checks = $header_checks > > > > so header_checks apply to more than 822 headers. > > > > > I'm > > > not sure if this is a bug/'feature' - bu

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Victor Duchovni
On Sat, Jun 13, 2009 at 01:09:49AM +0200, mouss wrote: > by default: > > mime_header_checks = $header_checks > nested_header_checks = $header_checks > > so header_checks apply to more than 822 headers. > > > I'm > > not sure if this is a bug/'feature' - but to have to keep commenting out > > ce

Re: Can't whitelist header / bodychecks

2009-06-12 Thread mouss
EASY steve.h...@digitalcertainty.co.uk a écrit : > On Fri, 2009-06-12 at 12:51 +0200, Magnus Bäck wrote: >> On Fri, June 12, 2009 12:12 pm, Steve said: >> >>> Is this right? >>> >>> "You cannot whitelist a sender or client in an access list to bypass >>> header or body checks. Header and body chec

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 14:52 -0400, Victor Duchovni wrote: > On Fri, Jun 12, 2009 at 07:40:27PM +0100, EASY > steve.h...@digitalcertainty.co.uk wrote: > > > > Currently, as in, what is available now. I am not good > > > at predicting the future. > > > > I know. If you were I would not be asking fo

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Victor Duchovni
On Fri, Jun 12, 2009 at 07:40:27PM +0100, EASY steve.h...@digitalcertainty.co.uk wrote: > > Currently, as in, what is available now. I am not good > > at predicting the future. > > I know. If you were I would not be asking for basic features you never > had the foresight to see would be requested

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 14:09 -0400, Wietse Venema wrote: > EASY steve.h...@digitalcertainty.co.uk: > > On Fri, 2009-06-12 at 12:36 -0400, Wietse Venema wrote: > > > Steve: > > > > On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote: > > > > > If there is a reproducible example where header_checks

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Wietse Venema
EASY steve.h...@digitalcertainty.co.uk: > On Fri, 2009-06-12 at 12:36 -0400, Wietse Venema wrote: > > Steve: > > > On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote: > > > > If there is a reproducible example where header_checks triggers on > > > > body content, then I will fix it. > > > > >

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 12:36 -0400, Wietse Venema wrote: > Steve: > > On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote: > > > If there is a reproducible example where header_checks triggers on > > > body content, then I will fix it. > > > > > > All I ask for is that conditions be independentl

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Wietse Venema
Steve: > On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote: > > If there is a reproducible example where header_checks triggers on > > body content, then I will fix it. > > > > All I ask for is that conditions be independently reproducible. > > > > Wietse > In the meantime - how do I whi

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Wietse Venema
Wietse Venema: > Steve: > > It is easy enough to reproduce. Just build a header filter like this; > > (put aside the fact this is going to catch a shed load of legit mail) > > > > /^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic > > host in headers > > This matches Received:

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Steve
On Fri, 2009-06-12 at 11:07 -0400, Wietse Venema wrote: > If there is a reproducible example where header_checks triggers on > body content, then I will fix it. > > All I ask for is that conditions be independently reproducible. > > Wietse In the meantime - how do I white-list this?

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Wietse Venema
Steve: > It is easy enough to reproduce. Just build a header filter like this; > (put aside the fact this is going to catch a shed load of legit mail) > > /^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic > host in headers This matches Received: headers. > This mail; > Subje

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Wietse Venema
If there is a reproducible example where header_checks triggers on body content, then I will fix it. All I ask for is that conditions be independently reproducible. Wietse

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 16:56 +0200, Ralf Hildebrandt wrote: > * EASY steve.h...@digitalcertainty.co.uk : > > > Yep, I had already done that. I tried the same thing to ab...@bt.com and > > got the same result. > > Log entry for exactly that case? > reads 6 minutes later but was sent to 'ab...@bt.c

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* EASY steve.h...@digitalcertainty.co.uk : > Yep, I had already done that. I tried the same thing to ab...@bt.com and > got the same result. Log entry for exactly that case? -- Ralf Hildebrandt Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.computerbeschi

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Wietse Venema
Mark Goodge: > I wouldn't call it a bug, since it's a feature that works as designed. > It is, however, a design choice that makes the feature less useful than > it otherwise could have been. [other good points omitted] For SMTP submissions, header/body checks whitelisting could be done by addin

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Mark Goodge
EASY steve.h...@digitalcertainty.co.uk wrote: On Fri, 2009-06-12 at 16:40 +0200, Ralf Hildebrandt wrote: * Ralf Hildebrandt : * Steve : /^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic host in headers OK In the logs; tripped on the header filter; Jun 12 11:01:58 mail

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 16:50 +0200, Ralf Hildebrandt wrote: > * EASY steve.h...@digitalcertainty.co.uk : > > > > for ... > > > > > > You COULD solve this using: > > > > > > /^Received: from .*(cmodem|dhcp|adsl|broadband|dynamic).*by / REJECT > > > dynamic host in headers > > > > > > It's w

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* Ralf Hildebrandt : > > > /^Received: from .*(cmodem|dhcp|adsl|broadband|dynamic).*by / REJECT > > > dynamic host in headers > > > > > > It's worth a try. > > > Indeed, but it's *not* in the header section of the email, is it! It has > > been pasted into the *BODY* of an email. > > Your syste

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* EASY steve.h...@digitalcertainty.co.uk : > > for ... > > > > You COULD solve this using: > > > > /^Received: from .*(cmodem|dhcp|adsl|broadband|dynamic).*by / REJECT > > dynamic host in headers > > > > It's worth a try. > > > Indeed, but it's *not* in the header section of the email,

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* EASY steve.h...@digitalcertainty.co.uk : > > Since the headers look like: > > > > Received: from [192.168.1.xx] (xx [192.168.1.xx]) NEWLINE > > by mail4.xx.co.uk (xx) with ESMTPA id B9F16AC09D NEWLINE > > for ... > > > > You COULD solve this using: > > > > /^Received: from .

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 16:40 +0200, Ralf Hildebrandt wrote: > * Ralf Hildebrandt : > > * Steve : > > > > > /^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic > > > host in headers > > > > OK > > > > > In the logs; tripped on the header filter; > > > Jun 12 11:01:58 mail4 post

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* Ralf Hildebrandt : > * Steve : > > > /^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic host > > in headers > > OK > > > In the logs; tripped on the header filter; > > Jun 12 11:01:58 mail4 postfix/cleanup[1419]: B9F16AC09D: reject: header > > Received: from [192.168.1.xx]

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* Steve : > /^Received: from.*(cmodem|dhcp|adsl|broadband|dynamic)/ REJECT dynamic host > in headers OK > In the logs; tripped on the header filter; > Jun 12 11:01:58 mail4 postfix/cleanup[1419]: B9F16AC09D: reject: header > Received: from [192.168.1.xx] (xx [192.168.1.xx])??by mail4.xx.co.uk >

Re: Can't whitelist header / bodychecks

2009-06-12 Thread d . hill
Quoting Mark Goodge : EASY steve.h...@digitalcertainty.co.uk wrote: It's a bug. Read the original question carefully. If I'm pasting the original headers into the BODY of a fresh mail, and the header filters are *blocking* it - is that intended behaviour? Answer (hopefully) 'No'. If the head

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Steve
On Fri, 2009-06-12 at 15:09 +0100, Mark Goodge wrote: > EASY steve.h...@digitalcertainty.co.uk wrote: > > [1] http://www.postfix.org/header_checks.5.html > > Mark Did you find that all on your own, or did you get some help with that? I honestly can't be tossed to bother with the guy and raising

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Mark Goodge
EASY steve.h...@digitalcertainty.co.uk wrote: It's a bug. Read the original question carefully. If I'm pasting the original headers into the BODY of a fresh mail, and the header filters are *blocking* it - is that intended behaviour? Answer (hopefully) 'No'. If the header-only filters are bloc

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 15:54 +0200, Ralf Hildebrandt wrote: > * EASY steve.h...@digitalcertainty.co.uk : > > > > I only use it for stuff I absolutely don't want to see. Everything > > > else gets handled by amavisd-new > > > > Which is flaky. > > Not here. And the tens of thousands of Barracuda o

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* EASY steve.h...@digitalcertainty.co.uk : > > I only use it for stuff I absolutely don't want to see. Everything > > else gets handled by amavisd-new > > Which is flaky. Not here. > The fix is to make the content scanner in Postfix work as it should - > or do we keep making excuses for it so w

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 15:47 +0200, Ralf Hildebrandt wrote: > * Mark Goodge : > > > I wouldn't call it a bug, since it's a feature that works as designed. > > It is, however, a design choice that makes the feature less useful than > > it otherwise could have been. But the point here is that content

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 14:36 +0100, Mark Goodge wrote: > Steve wrote: > > On Fri, 2009-06-12 at 08:17 -0400, Wietse Venema wrote: > >> Mark Goodge: > >>> Ralf Hildebrandt wrote: > * Steve : > > Is this right? > Yes > > "You cannot whitelist a sender or client in an access list to

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* Mark Goodge : > I wouldn't call it a bug, since it's a feature that works as designed. > It is, however, a design choice that makes the feature less useful than > it otherwise could have been. But the point here is that content > inspection isn't a core part of the job of an MTA anyway, so if th

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Larry Stone
On Fri, 12 Jun 2009, Steve wrote: Wietse Always a clever answer for a bug - nice one :-) wanker. As someone who mostly site on the side of this forum but is extremely appreciative of the work Wietse and others have done to bring Postfix to the community, I'd like to suggest that i

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Mark Goodge
Steve wrote: On Fri, 2009-06-12 at 08:17 -0400, Wietse Venema wrote: Mark Goodge: Ralf Hildebrandt wrote: * Steve : Is this right? Yes "You cannot whitelist a sender or client in an access list to bypass header or body checks. Header and body checks take place whether you explicitly "OK" a

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Steve
On Fri, 2009-06-12 at 08:17 -0400, Wietse Venema wrote: > Mark Goodge: > > Ralf Hildebrandt wrote: > > > * Steve : > > >> Is this right? > > > > > > Yes > > >> "You cannot whitelist a sender or client in an access list to bypass > > >> header or body checks. Header and body checks take place whe

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Wietse Venema
Mark Goodge: > Ralf Hildebrandt wrote: > > * Steve : > >> Is this right? > > > > Yes > >> "You cannot whitelist a sender or client in an access list to bypass > >> header or body checks. Header and body checks take place whether you > >> explicitly "OK" a client or sender, in access lists, or no

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Mark Goodge
Ralf Hildebrandt wrote: * Steve : Is this right? Yes "You cannot whitelist a sender or client in an access list to bypass header or body checks. Header and body checks take place whether you explicitly "OK" a client or sender, in access lists, or not." I'm gob smacked if it is? Why? Be

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Ralf Hildebrandt
* Steve : > Is this right? Yes > "You cannot whitelist a sender or client in an access list to bypass > header or body checks. Header and body checks take place whether you > explicitly "OK" a client or sender, in access lists, or not." > > I'm gob smacked if it is? Why? -- Ralf Hildebrandt

Re: Can't whitelist header / bodychecks

2009-06-12 Thread EASY steve.h...@digitalcertainty.co.uk
On Fri, 2009-06-12 at 12:51 +0200, Magnus Bäck wrote: > On Fri, June 12, 2009 12:12 pm, Steve said: > > > Is this right? > > > > "You cannot whitelist a sender or client in an access list to bypass > > header or body checks. Header and body checks take place whether you > > explicitly "OK" a clie

Re: Can't whitelist header / bodychecks

2009-06-12 Thread Magnus Bäck
On Fri, June 12, 2009 12:12 pm, Steve said: > Is this right? > > "You cannot whitelist a sender or client in an access list to bypass > header or body checks. Header and body checks take place whether you > explicitly "OK" a client or sender, in access lists, or not." Yes, that's correct. -- M

Can't whitelist header / bodychecks

2009-06-12 Thread Steve
Is this right? "You cannot whitelist a sender or client in an access list to bypass header or body checks. Header and body checks take place whether you explicitly "OK" a client or sender, in access lists, or not." I'm gob smacked if it is?