[handlerapi-experiment] SMTPSession.getUser() usage

Tue, 02 Jan 2007 15:16:43 -0800

I did a small review of the current SMTPSession.getUser() calls inside the handlerapi-experiment sandbox. 

SMTPSession.getUser() is called by all this RcptHooks:
o.a.j.s.c.filter.fastfail.ResolvableEhloHeloHandler.doRcpt()
- if ((session.getUser() == null || checkAuthUsers)) do the check
o.a.j.s.c.AuthRequiredToRelayRcptHook.doRcpt()
- if (!session.isRelayingAllowed() && session.getUser() == null) do the check 
o.a.j.s.c.filter.fastfail.DNSRBLHandler.doRcpt()
- if (session.getUser() == null) do the check
o.a.j.s.c.filter.fastfail.GreylistHandler.doRcpt()
- if (!session.isRelayingAllowed() && session.getUser() == null) do the check 
o.a.j.s.c.filter.fastfail.SPFHandler.doRcpt()
- if (session.getUser() == null) do the check
o.a.j.s.c.filter.fastfail.ValidRcptHandler.doRcpt()
- if (!session.isRelayingAllowed() && session.getUser() == null) do the check 


These 3 instead really read the username (one for "logging", one other 
for checking, one to see if the user already authenticated)

o.a.j.s.c.AuthCmdHandler.doAUTH()
- if (session.getUser() != null) return error:bad_sequence
o.a.j.s.c.SenderAuthIdentifyVerificationRcptHook.doRcpt()
o.a.j.s.c.AddDefaultAttributesMessageHook.onMessage()


About the 6 RcptHooks that currently check for "getUser() == null" I 
think we have few inconsistencies:



1st) only ResolvableEhloHeloHandler have a "checkAuthUsers" option: do 
we need that check only there? do we need it in every of this RcptHooks?



2nd) 3 of that RcptHooks call !session.isRelayingAllowed() in and with 
the getUser==null call: is it the wanted behaviour: do we want to extend 
this to every handler?


My current suggestions:


A. Should we simply make the default AuthHandler to add a 
setRelayingAllowed to true after succesfull authentication? Is there any 
drawback doing this? Imho it would be simpler and cleaner.



B. Maybe we should add an RcptHook that simply return HookRetCode.OK if 
the user is authenticated, so that adding that check before all of this 
handlers will already do the trick, and moving it up-down in the chain 
will provide the "checkAuthUsers" behaviour to every handler.


Any thought?

Stefano


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to