[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default MTA for sarge



On Wed, 16 Jul 2003 10:56:43 +1000
Craig Sanders <cas@taz.net.au> wrote:
> which tricks would they be?  gratuitously stating provable facts and
> providing verifiable information?  i ought to be ashamed of such tricks,
> right?

    No.  That would be giving half-assed arguments which you think are factual
but are, in fact opinions (ie, the ease of configuration for MTA a vs. MTA b)
as well as being demonstrated, time and again, that your verifiable
information (given only half the time) is easily refuted.

> obviously, http://www.postfix.org/ is too hard to find.  as is the
> /usr/share/doc/postfix/html/ reference i provided in this thread yesterday.

    Obviously I looked through it.

> > The access lists seem to be horrid since they are based on the arbitrary
> > order of the headers!
 
> huh?

> like many people, you're obviously confused by the difference between
> headers and envelope.  this is indicative of a lack of experience, they are
> two entirely different and unrelated things.

    Too true.  My mistake for the wrong label.

> header_checks are applied against headers, but they are a completely
> different thing to access lists.  they are a simple way of rejecting mail
> based on regexp or pcre patterns in message headers and/or mime attachment
> headers.  note the word simple, that basically means "first match 'wins'" -
> if you want more complex filtering, then use a filter like SpamAssassin.

    Yes, and the order is based on the headers, not the order in the
configuration file:

http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt

-----
Understanding Header and Body Checks

    You cannot whitelist a sender or client in an access list to bypass
    header or body checks.  Header and body checks take place whether you
    explicitly "OK" a client or sender, in access lists, or not.

    You cannot "OK" an entire set of headers based on one header line.
    For example:  One might be tempted to try:

	/^To: postmaster@yourdom.ain/	OK
	/^To: abuse@yourdom.ain/	OK
	/^From: .*@example.com/		REJECT

    in an attempt to block everything from example.com, except if it's
    sent to "postmaster" or "abuse" at your end.

    This will not work.  Postfix header checks are line-by-line.  Even if
    you "OK" one header line, the other lines will be checked
    independently.  Even were that not so: You have no way of knowing in
    what order header lines will be present.  So, in the example above, if
    the "From:" is seen before the "To:", you'd be out-of-luck anyway.
-----

> a better test of "easyness" would be to get a bunch of people who have had
> no experience with either postfix or exim before to set up both.

    Considering I had never setup either postfix or exim beforehand I would
qualify.
 
> > open up relays for static IPs that I would send mail from
 
> $mynetworks lists the IP address that you will relay for.

    Yes, misnamed, isn't it, since some of those IPs aren't on "my networks".

> sorry, i don't buy into the mediocrity line that all opinions have the same
> worth.  the truism that everyone has the right to hold an opinion does not
> mean that all opinions are worth the same, opinions have different worths
> depending on the level of relevant experience and knowledge behind them.

    Except that is not what I said.  I said it doesn't matter much to other
people what your opinion is because whether *THEY* find it easier or harder is
not effected one iota by your opinion of whether or not it is easy.  As such
you cannot claim to have a total lock on what is easy and what isn't.

-- 
         Steve C. Lamb         | I'm your priest, I'm your shrink, I'm your
       PGP Key: 8B6E99C5       | main connection to the switchboard of souls.
	                       |    -- Lenny Nero - Strange Days
-------------------------------+---------------------------------------------

Attachment: pgpA94JONq8Sa.pgp
Description: PGP signature


Reply to: