[Mimedefang] Request for "Trusted Relay" Feature

Rick Mallett rmallett at ccs.carleton.ca
Tue Nov 26 12:39:01 EST 2002 

David F. Skoll writes:
> 
> On Mon, 25 Nov 2002, Rick Mallett wrote:
> 
> > In case you might decide to add this feature, I took the liberty of
> > coding it up, using a file called "trusted-relay" in /etc/mail which
> > would be expected to contain a one-line regexp which would be matched
> > against the hostname and also the hostip in case it turned out to be
> > easier to do it that way for some sites.
> 
> Hmm... when I hear "regexp", I think "Perl", not "C". :-)
> 
> Maybe a compromise would be to have a way for filter_relay and
> filter_sender to return a code back which gets translated in
> SMFIS_ACCEPT.  That way, you (and I) don't have to code special-case tests
> in C.  The overhead of filter_relay and filter_sender is much less than
> actual message filtering -- you don't need to parse MIME or anything
> like that.  Something like:
> 
> sub filter_relay {
> 	my($hostip, $hostname, $helo) = @_;
> 
> 	if ($hostname eq 'trusted.host.net') {
> 		return ('ACCEPT', 'accept');
> 	}
> 	return(1, 'OK');
> }
> 
> The special code "ACCEPT" would mean "return SMFIS_ACCEPT to Milter."
> 

Sounds reasonable, although I think there may still be significant
advantages in moving the check further up the chain, thus avoiding use
of the multiplexor apparatus, when the volume of traffic from the
machine in question is very high. 

The C code was pretty straightforward, IMO, and only required that the
mail system administrator be capable of creating a one line regexp,
albeit not in Perl syntax, in /etc/mail/trusted-relay, rather than
writing some perl code for mimedefang-filter, so from a user POV the C
coding approach is no more difficult. On the other hand, I wasn't sure
if the routines I used (compile, step) from libgen were available on
other platforms and if not I can see why you wouldn't want to use them.

> Regards,
> 
> David.
> _______________________________________________
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> 

- rick --

More information about the MIMEDefang mailing list