On Sat, 22 Jan 2000, Randy Bush wrote:
> so, where is the bit about how to restrict which rewrite rules are applied
> to what mail?
There currently isn't. The rewrite rules are applied to every message,
on arrival. I intended them as a means of tidying up local addresses
(e.g. turning ph@??? into P.Hazel@???, not as
a means of routing, and I wasn't planning on supporting bang paths at
all.
The check for "is this address local?" for incoming relay checking
happens before the rewrite, so a rule such as
> # system*!user@???
> ^([^!]+)!(.*)@psg\.com $2@$1 Tbcrtq
means that any incoming address of the form a!b@??? is treated as
local, and therefore accepted; the rewrite then makes it non-local,
thereby causing a relay loophole.
> the S flag says do it for smtp, but they seem to be
> applied anyway.
The S flag causes a rewrite to be done on incoming SMTP addresses
*before* the check for relaying, etc., so it closes this particular
security loophole. So if you add S to your rule, things should be
better. In fact, if the incoming addresses are
MAIL FROM:<a!b>
(i.e. unqualified) you actually need the rule
^([^!]+)!(.*)$ $2@$1 S
because S rewriting happens before qualification as well.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
