Re: [exim-dev] ACL for outgoing connections?

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
Subject: Re: [exim-dev] ACL for outgoing connections?
On Mon, May 12, 2014 at 04:26:33PM +0200, Heiko Schlittermann wrote:

> (The actual question was: I'd like to tear down the outgoing connection
> as soon as I'm faced with a specific (E)SMTP banner. -- Don't ask why.)
>
> My short answer was: no, we can't.
>
> The long answer could be - why not? Can't we have something like ACL for
> outgoing connections? Assuming, we are the client MTA, the following
> flow could be possible?


For this, Postfix has an smtp_command_filter feature:

    http://www.postfix.org/postconf.5.html#smtp_reply_filter:


    A mechanism to transform replies from remote SMTP servers one
    line at a time.  This is a last-resort tool to work around server
    replies that break inter-operability with the Postfix SMTP client.
    Other uses involve fault injection to test Postfix's handling of
    invalid responses.


    ...


Typically used with regexp/pcre tables, this allows the SMTP client
to see a different reply than the one actually sent by the server.

Thus, for example, the offending banner could be transformed from:

    220 offensive text


to

    554 offensive text


and the rest would be just normal SMTP processing.

The mechanism is currently not context sensitive, if the *same*
SMTP reply needs to be rewritten differently at different stages
of the SMTP dialogue something different would be required, but
no use-cases for greater sophistication have materialized. The
simpler approach has been sufficient.

-- 
    Viktor.