On Mon, Dec 08, 2003 at 11:06:35AM +0000, Philip Hazel wrote:
> On Wed, 3 Dec 2003, Marc MERLIN wrote:
>
> > Because if you implement callbacks, you're most likely not refusing <>
> > What I already discussed with Philip was to have callbacks that first do
> > MAIL FROM: <>
> > fail null mail from
> > or
> > RCPT TO: <dest>
> > fail null mail from
> > RSET
> > MAIL FROM: <postmater@mysite>
> > RCPT TO: <dest>
> >
> > If you do that, it's reasonably safe.
> > I think Philip agreed to it (it's been a while, so I might be wrong),
> > but I guess it hasn't been implemented yet (I haven't had any time to
> > work on this myself recently)
>
> I can't remember the discussion either, but nowadays I don't think I
> would agree to that.
Did we talk about making this a callback option maybe?
Yes, I think that was it. Since some people are already modifying their exim
source to do that, it would probaby be better to offer them the safest
option we can (i.e. do the above, and only if they do
callout/unsafepostmastercallback or something)
Marc
--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key