On Thu, 2009-07-30 at 16:46 +0200, Sebastian Wiesinger wrote:
> * Matus UHLAR - fantomas <uh...@fantomas.sk> [2009-07-30 16:35]:
> > On 30.07.09 14:03, Sebastian Wiesinger wrote:
> > > I was under the impression that whitelist_from_rcvd checks if the
> > > reverse lookup is forged. But still with the following rule
SA does not do the DNS lookup, but depends on the MTA doing so and
recording the result in the Received header.
> > > whitelist_from_rcvd *...@alita.karotte.org localhost
> > >
> > > the attached mail is whitelisted because 220.231.127.15 resolves to
> > > localhost. Am I doing something wrong or is this a bug?
> > should never work, because it works at network boundary, while localhost
> > should always be in your networks (trusted and internal too)
I believe this is correct, these whitelist tests are performed against
the header where the mail entered your network.
> It does work for me. Every mail from the local server gets
> whitelisted.
I believe you shouldn't get a hit on internal-only mail, unless your
internal network is mis-configured. You should get ALL_TRUSTED instead,
or something.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
