On Wed, 16 Jul 2003 10:56:43 +1000
Craig Sanders <cas@taz.net.au> wrote:
> which tricks would they be? gratuitously stating provable facts and
> providing verifiable information? i ought to be ashamed of such tricks,
> right?
No. That would be giving half-assed arguments which you think are factual
but are, in fact opinions (ie, the ease of configuration for MTA a vs. MTA b)
as well as being demonstrated, time and again, that your verifiable
information (given only half the time) is easily refuted.
> obviously, http://www.postfix.org/ is too hard to find. as is the
> /usr/share/doc/postfix/html/ reference i provided in this thread yesterday.
Obviously I looked through it.
> > The access lists seem to be horrid since they are based on the arbitrary
> > order of the headers!
> huh?
> like many people, you're obviously confused by the difference between
> headers and envelope. this is indicative of a lack of experience, they are
> two entirely different and unrelated things.
Too true. My mistake for the wrong label.
> header_checks are applied against headers, but they are a completely
> different thing to access lists. they are a simple way of rejecting mail
> based on regexp or pcre patterns in message headers and/or mime attachment
> headers. note the word simple, that basically means "first match 'wins'" -
> if you want more complex filtering, then use a filter like SpamAssassin.
Yes, and the order is based on the headers, not the order in the
configuration file:
http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
-----
Understanding Header and Body Checks
You cannot whitelist a sender or client in an access list to bypass
header or body checks. Header and body checks take place whether you
explicitly "OK" a client or sender, in access lists, or not.
You cannot "OK" an entire set of headers based on one header line.
For example: One might be tempted to try:
/^To: postmaster@yourdom.ain/ OK
/^To: abuse@yourdom.ain/ OK
/^From: .*@example.com/ REJECT
in an attempt to block everything from example.com, except if it's
sent to "postmaster" or "abuse" at your end.
This will not work. Postfix header checks are line-by-line. Even if
you "OK" one header line, the other lines will be checked
independently. Even were that not so: You have no way of knowing in
what order header lines will be present. So, in the example above, if
the "From:" is seen before the "To:", you'd be out-of-luck anyway.
-----
> a better test of "easyness" would be to get a bunch of people who have had
> no experience with either postfix or exim before to set up both.
Considering I had never setup either postfix or exim beforehand I would
qualify.
> > open up relays for static IPs that I would send mail from
> $mynetworks lists the IP address that you will relay for.
Yes, misnamed, isn't it, since some of those IPs aren't on "my networks".
> sorry, i don't buy into the mediocrity line that all opinions have the same
> worth. the truism that everyone has the right to hold an opinion does not
> mean that all opinions are worth the same, opinions have different worths
> depending on the level of relevant experience and knowledge behind them.
Except that is not what I said. I said it doesn't matter much to other
people what your opinion is because whether *THEY* find it easier or harder is
not effected one iota by your opinion of whether or not it is easy. As such
you cannot claim to have a total lock on what is easy and what isn't.
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
PGP Key: 8B6E99C5 | main connection to the switchboard of souls.
| -- Lenny Nero - Strange Days
-------------------------------+---------------------------------------------
Attachment:
pgpsTBPwwkFX9.pgp
Description: PGP signature