Re: v2.9.0 release planning

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Rolf E. Sonneveld <R.E.Sonneveld_at_sonnection.nl>
Date: Fri, 12 Apr 2013 21:23:29 +0200

On 04/12/2013 01:36 AM, Murray S. Kucherawy wrote:
> On Fri, 12 Apr 2013, Rolf E. Sonneveld wrote:
>> Hope this explains things?
>
> It does, but actual milter service (i.e., accepting of connections
> from MTAs) is handled by libmilter, so that's the right place to put
> such access controls. What gets passed to opendkim is information
> about the SMTP client that contacted an MTA, not which MTA is talking
> to opendkim.
>
> libmilter is code we don't control. At best we could forward this
> request, or submit a patch to Sendmail in the hopes they will adopt it.
>
> We could also check to see how the MTA identifies itself (via the $j
> macro), but there's nothing stopping an MTA from lying about its
> identity in this manner. If you'd like to have a simple check against
> that list, we could look at adding such a thing.

Hmm, using the MTA identity does not provide any real protection and
falls (IMHO) in the category 'security by obscurity'. I'm sorry to have
filed this request against opendkim. Do you know where we can submit
this request for libmilter (within the Sendmail organization)?

/rolf
Received on Fri Apr 12 2013 - 19:23:46 PST

This archive was generated by hypermail 2.3.0 : Fri Apr 12 2013 - 19:27:01 PST