Viktor Dukhovni via Postfix-devel:
> On Sat, Mar 01, 2025 at 10:40:21PM -0500, Demi Marie Obenour via
> Postfix-devel wrote:
>
> > > How about this:
> > >
> > > main.cf:
> > > # Some Microsoft servers violate RFC 2554 section 4.
> > > smtp_reply_filter = pcre:{{/^334\s+GSSAPI\s+supported/ 334}}
> > >
> > > For a description of inline PCRE table syntax, see
> > > https://www.postfix.org/pcre_table.5.html#inline_specification
> > >
> > > Patches? Patches? We don't need no steenkeeng patches.
> > > https://www.youtube.com/watch?v=VqomZQMZQCQ
> >
> > Would it make sense to have this in either the default config,
> > or as a commented-out option? That way mail admins will know
> > what is going on and have an easy way to fix it.
>
> Well, this only belongs in a dedicated transport used to relay mail into
> Exchange authenticated via GSSAPI. This is a rather specialised use
> case. So I would not put this in main.cf.
A dedicated transport, because you are concerned that this pattern
suffers from false positives? When would 334 a server reply like
this be valid?
> At most a commented out "exchange-gssapi" transport in master.cf with
> "-o { smtp_reply_filter = ... }" in master.cf, but perhaps really
> just an example in SASL_README, with nothing in either main.cf or
> master.cf that might confuse more users than it helps.
It certanly deserves an example in smtp_reply_filter documentation,
but discoverability remains difficult (like you I started to reply
on the patch before I realized that this is the kind of problem
what smtp_reply_filter was implemented for 15 years ago).
Wietse
_______________________________________________
Postfix-devel mailing list -- postfix-devel@postfix.org
To unsubscribe send an email to postfix-devel-le...@postfix.org
