Re: [exim] Let the 'postmaster' callout option be damned

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: exim-users
Subject: Re: [exim] Let the 'postmaster' callout option be damned
On Wed, 25 Aug 2004, Tim Jackson wrote:

> I have a feeling this may well spark some fighting, but a recent incident
> has made me somewhat of the opinion that the "postmaster" callout option
> is, with every respect to Philip, somewhat flawed.


No need to be respectful to me. In any case, I didn't invent the
"postmaster" callout; somebody that wanted it submitted the code.

> 2. I propose that in future Exim releases the "postmaster" callout be made
> a no-op (at least without source-level intervention), removed from the
> manual and deprecated. I realise that this is a relatively radical
> suggestion, but after consideration I do think that this option is
> fundamentally flawed.


The people who originally wanted it would no doubt scream and fuss about
that. I am not inclined to provoke screaming and fussing.

> 3. As a poor alternative to (2), I propose that at the very least a strong
> warning is placed in the Exim spec cautioning against the use of the
> "postmaster" callout option, with an explanation along the lines that I've
> given here.


I am quite happy to insert a warning that this will give problems on
sites that don't accept DSNs to postmaster. I can see why you might do
this, and I suppose it is in line with the spirit of this paragraph from
RFC 2821:

    SMTP systems are expected to make every reasonable effort to accept
    mail directed to Postmaster from any other system on the Internet.
    In extreme cases --such as to contain a denial of service attack or
    other breach of security-- an SMTP server may block mail directed to
    Postmaster.  However, such arrangements SHOULD be narrowly tailored
    so as to avoid blocking messages which are not part of such attacks.


On Wed, 25 Aug 2004, David Woodhouse wrote:

> 4. Postmaster callouts shouldn't use the null sender. They should use
> something like postmaster@$primary_hostname instead.
>
> Cue Phil being concerned about callout loops -- and rightly so. And of
> course if you're going to do a callout with source 'postmaster@' then
> you have to accept a DSN to that address. Perhaps the postmaster callout
> should require a source address to be specified? It gets complicated.


Quite. Too complicated.

On Tue, 24 Aug 2004, Fred Viles wrote:

> As I read the 4.4x spec the "use_postmaster" option applies only to
> verify *recipient* callouts, not verify sender. In which case the
> callout uses <postmaster@$qualify_domain> (instead of <>) as the
> *sender* address, not the recipient address.


You are misunderstanding. It isn't "use_postmaster" that is being
discussed, it is "postmaster", which is something entirely different.

On Wed, 25 Aug 2004, Peter Bowyer wrote:

> It's early, but haven't you got the postmaster logic wrong there? I thought
> it was for recip verification callouts, and it it used in place of a null
> sender ...


No, that's "use_postmaster", not "postmaster".

Regards,
Philip

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.