On Wed, 16 Jul 2003 10:56:43 +1000 Craig Sanders <cas@taz.net.au> wrote: > which tricks would they be? gratuitously stating provable facts and > providing verifiable information? i ought to be ashamed of such tricks, > right? No. That would be giving half-assed arguments which you think are factual but are, in fact opinions (ie, the ease of configuration for MTA a vs. MTA b) as well as being demonstrated, time and again, that your verifiable information (given only half the time) is easily refuted. > obviously, http://www.postfix.org/ is too hard to find. as is the > /usr/share/doc/postfix/html/ reference i provided in this thread yesterday. Obviously I looked through it. > > The access lists seem to be horrid since they are based on the arbitrary > > order of the headers! > huh? > like many people, you're obviously confused by the difference between > headers and envelope. this is indicative of a lack of experience, they are > two entirely different and unrelated things. Too true. My mistake for the wrong label. > header_checks are applied against headers, but they are a completely > different thing to access lists. they are a simple way of rejecting mail > based on regexp or pcre patterns in message headers and/or mime attachment > headers. note the word simple, that basically means "first match 'wins'" - > if you want more complex filtering, then use a filter like SpamAssassin. Yes, and the order is based on the headers, not the order in the configuration file: http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt ----- Understanding Header and Body Checks You cannot whitelist a sender or client in an access list to bypass header or body checks. Header and body checks take place whether you explicitly "OK" a client or sender, in access lists, or not. You cannot "OK" an entire set of headers based on one header line. For example: One might be tempted to try: /^To: postmaster@yourdom.ain/ OK /^To: abuse@yourdom.ain/ OK /^From: .*@example.com/ REJECT in an attempt to block everything from example.com, except if it's sent to "postmaster" or "abuse" at your end. This will not work. Postfix header checks are line-by-line. Even if you "OK" one header line, the other lines will be checked independently. Even were that not so: You have no way of knowing in what order header lines will be present. So, in the example above, if the "From:" is seen before the "To:", you'd be out-of-luck anyway. ----- > a better test of "easyness" would be to get a bunch of people who have had > no experience with either postfix or exim before to set up both. Considering I had never setup either postfix or exim beforehand I would qualify. > > open up relays for static IPs that I would send mail from > $mynetworks lists the IP address that you will relay for. Yes, misnamed, isn't it, since some of those IPs aren't on "my networks". > sorry, i don't buy into the mediocrity line that all opinions have the same > worth. the truism that everyone has the right to hold an opinion does not > mean that all opinions are worth the same, opinions have different worths > depending on the level of relevant experience and knowledge behind them. Except that is not what I said. I said it doesn't matter much to other people what your opinion is because whether *THEY* find it easier or harder is not effected one iota by your opinion of whether or not it is easy. As such you cannot claim to have a total lock on what is easy and what isn't. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 8B6E99C5 | main connection to the switchboard of souls. | -- Lenny Nero - Strange Days -------------------------------+---------------------------------------------
Attachment:
pgpsTBPwwkFX9.pgp
Description: PGP signature