On Mon, May 12, 2014 at 04:26:33PM +0200, Heiko Schlittermann wrote:
> (The actual question was: I'd like to tear down the outgoing connection
> as soon as I'm faced with a specific (E)SMTP banner. -- Don't ask why.)
>
> My short answer was: no, we can't.
>
> The long answer could be - why not? Can't we have something like ACL for
> outgoing connections? Assuming, we are the client MTA, the following
> flow could be possible?
For this, Postfix has an smtp_command_filter feature:
http://www.postfix.org/postconf.5.html#smtp_reply_filter:
A mechanism to transform replies from remote SMTP servers one
line at a time. This is a last-resort tool to work around server
replies that break inter-operability with the Postfix SMTP client.
Other uses involve fault injection to test Postfix's handling of
invalid responses.
...
Typically used with regexp/pcre tables, this allows the SMTP client
to see a different reply than the one actually sent by the server.
Thus, for example, the offending banner could be transformed from:
220 offensive text
to
554 offensive text
and the rest would be just normal SMTP processing.
The mechanism is currently not context sensitive, if the *same*
SMTP reply needs to be rewritten differently at different stages
of the SMTP dialogue something different would be required, but
no use-cases for greater sophistication have materialized. The
simpler approach has been sufficient.
--
Viktor.
