Re: On-* quarantine fails
On Thu, 25 Apr 2013, Claus Assmann wrote:
> If libmilter/MTA doesn't support quarantining, then you want to detect
> that as early as possible. If you can figure it out during "configure",
> then those quarantine options should not be available for the config
> file.
Obviously you can't tell if the MTA talking to you supports quarantining
until runtime, but you can tell if your own libmilter does at compile
time.
>> That way we get automate away a config file option and command line
>> flag we probably no longer need. Does that seem reasonable?
>
> I don't understand this part, sorry. The (global) "Quarantine"
> option has a different purpose then those for On-*, right?
It seems to be fairly obsolete in the current code. It's tied to a flag
that requests quarantining of messages that result in unknown errors from
openssl, or on specific request by a policy script, or via one of the On-*
settings.
I think the following will work:
- detect at compile time if libmilter supports quarantining; if not,
arrange to reject the configuration if any On-* requests quarantine or if
the OpenSSL capture thing is enabled (i.e., fail to start if that's the
case)
- at run time, when talking to an MTA that doesn't have quarantine service
(by negotiation) and a quarantine action is requested, replace it with
temp-fail and log something
Does that make sense?
-MSK
Received on Thu Apr 25 2013 - 21:35:31 PST
This archive was generated by hypermail 2.3.0
: Thu Apr 25 2013 - 21:36:01 PST