Hi, On Fri, Oct 18, 2002 at 08:48:05AM +1000, Brian May wrote: > On Thu, Oct 17, 2002 at 02:18:34PM +0200, Emile van Bergen wrote: > > Of course, you need to implement quite a bit of SMTP before getting at > > the DATA phase, but it's potentially cleaner than doing it in a > > transparent proxy, because you only have to deal with the pure data > > stream through a set of open file descriptors, not with the IP side > > of things. > > If postfix (or whatever MTA you use) sees the connection as comming from > the proxy server, rather then the real server, you have just broken the > code which prevents postfix being used as an open relay. > > The MTA needs to know where the connection started of from, in order to > decide if it is allowed to relay the mail or not. Sure, of course. If you look at how Qmail handles this though, it doesn't have the actual server do a getpeername() on its standard in on the assumption that that's the original socket; rather, it has tcpserver passing down the peer IP and a few other things in environment variables to the server or 'proxy process' it spawns. See http://www.qmail.org/qmail-manual-html/man5/tcp-environ.html. In short, this way that information is preserved even if you put some 'filter' in the pipeline from tcpserver to qmail-smtpd. Cheers, Emile. -- E-Advies / Emile van Bergen | emile@e-advies.info tel. +31 (0)70 3906153 | http://www.e-advies.info
Attachment:
pgp95cF5Zu4Zq.pgp
Description: PGP signature