Yahoo Groups archive
Thread
2005-02-05 by Matthias Scheler
Hello, I've got this statement in my "greylist.conf" ... domain web.de ... to whitelist one of Germany's largest free e-mail provider. Today I found out that this also whitelists hosts with "s-web.de" as there reverse resolving. Is that intentional? I would prefer if the above entry only matched "web.de" and "*.web.de" but not "*web.de*" as it obviously does. Kind regards -- Matthias Scheler http://scheler.de/~matthias/
2005-02-05 by manu@netbsd.org
Matthias Scheler <tron@...> wrote: > I've got this statement in my "greylist.conf" ... > > domain web.de > > ... to whitelist one of Germany's largest free e-mail provider. Today > I found out that this also whitelists hosts with "s-web.de" as there > reverse resolving. Is that intentional? I would prefer if the above > entry only matched "web.de" and "*.web.de" but not "*web.de*" as > it obviously does. That was intentionnal a long time ago: from, rcpt, and domain match any substring. Use regex if you need an exact match. -- Emmanuel Dreyfus Un bouquin en français sur BSD: http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php manu@netbsd.org
2005-02-10 by marlin099
--- In milter-greylist@yahoogroups.com, manu@n... wrote: > Matthias Scheler <tron@z...> wrote: > > > I've got this statement in my "greylist.conf" ... > > > > domain web.de > > > > ... to whitelist one of Germany's largest free e-mail provider. Today > > I found out that this also whitelists hosts with "s-web.de" as there > > reverse resolving. Is that intentional? I would prefer if the above > > entry only matched "web.de" and "*.web.de" but not "*web.de*" as > > it obviously does. > > That was intentionnal a long time ago: from, rcpt, and domain match any > substring. Use regex if you need an exact match. > Why is this? Wouldn't it be more intuitive to have an exact match for both email and domains listings in the greylist.conf? -Andy
2005-02-10 by manu@netbsd.org
marlin099 <marlin099@...> wrote: > Why is this? Wouldn't it be more intuitive to have an exact match for > both email and domains listings in the greylist.conf? That would break backward compatibility. We could have an option that change the comparison to an exact match, though. Do you want to contribute it? That's rather simple. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@...
2005-02-10 by marlin099
--- In milter-greylist@yahoogroups.com, manu@n... wrote: > marlin099 <marlin099@y...> wrote: > > > Why is this? Wouldn't it be more intuitive to have an exact match for > > both email and domains listings in the greylist.conf? > > That would break backward compatibility. We could have an option that > change the comparison to an exact match, though. Do you want to > contribute it? That's rather simple. I think I can do that. -Andy
2005-02-10 by manu@netbsd.org
marlin099 <marlin099@...> wrote: > > That would break backward compatibility. We could have an option that > > change the comparison to an exact match, though. Do you want to > > contribute it? That's rather simple. > I think I can do that. I suggest the exactmatch option. -- Emmanuel Dreyfus Publicité subliminale: achetez ce livre! http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php manu@...
2005-02-11 by Wolfgang Solfrank
Hi, >>>That would break backward compatibility. We could have an option that >>>change the comparison to an exact match, though. Do you want to >>>contribute it? That's rather simple. >> >>I think I can do that. > > > I suggest the exactmatch option. Hmm, I'd suggest to have this be the default. IMHO, the old behaviour seems counterintuitve to me. The only problem I can see with this is maybe with subdomains. Say, I want to allow all subdomains of xxx.yyy like aaa.xxx.yyy and bbb.xxx.yyy. Or, on an email addresses, say to allow aaa+bbb@... through if aaa@... is allowed. This should however be reduced to those special cases, not to any substring match that's in there. IMHO, it's perfectly OK to change the behaviour to only allow real subdomains of some "domain xxx.yyy" through, but deny anything that just happens to end with the same bytes, more or less by accident. Similar for email addresses. Noone in his right mind would rely on the old behaviour. Yes, there are reasons to drop backward-compatibility. Actually, IMHO, it should be dropped quite a bit more often... Ciao, Wolfgang -- ws@... Wolfgang Solfrank, TooLs GmbH
2005-02-11 by Matthias Scheler
On Fri, Feb 11, 2005 at 02:20:56AM +0100, Wolfgang Solfrank wrote: > Hmm, I'd suggest to have this be the default. IMHO, the old > behaviour seems counterintuitve to me. It's especially different from what "sendmail" does. If you put ... To:domain.com RELAY ... into "/etc/mail/access" it means that sendmail is allowed to accept mails for "domain.com" but not for "foobar-domain.com". Kind regards -- Matthias Scheler http://scheler.de/~matthias/