[Mimedefang] Skipping SA on TLSMTA connections?

[Jan-Pieter Cornet]

On Thu, Nov 23, 2006 at 12:48:34PM -0700, Philip Prindeville wrote:
> Hey, that's how it comes out-of-the-box from sendmail.org: it's
> set in /etc/mail/submit.mc on my machine.

What platform is that? I can't find any mention of it on debian
nor on freebsd. Not even of the (sub-standard) port 465, sendmail
seems to come default listening on 25 and 587 (submission). 465
is deprecated because it is SSL only, not TLS. It's commonly added
because lots of clients still cannot do TLS, only direct SSL.
 
> >I don't really understand all the fuss about applying micropatches to
> >the examples/suggested-minimum-filter-for-windows-clients file. As the
> >name implies, it's an EXAMPLE and a SUGGESTION.
> 
> Well, I do generate diffs after each update, and then patch them back in.
> 
> Ideally it would be nice if MdF could peek into the SA configs in this
> case, figure out the values of "internal_networks", and then skip the test
> for clients on those subnets.

I'm sure some large company from washington would ship it this way, yes :)
But given the ways in which this can go wrong and the difficulty to
determine sane "internal_networks", and the easy with which this can
be changed while installing, I'd recommend against it.

It would probably be better if the example filter came in a number of
pluggable modules, where you could easily add extra modules or replace
existing modules by providing your own version in another directory.
But then again I'm biased, because I wrote a modular filter framework.

-- 
Jan-Pieter Cornet <johnpc at xs4all.nl>
!! Disclamer: The addressee of this email is not the intended recipient. !!
!! This is only a test of the echelon and data retention systems. Please !!
!! archive this message indefinitely to allow verification of the logs.  !!