On Sun, Nov 24, 2019 at 10:54:14AM +0100, Gilles Chehade wrote: > > Ten years ago, it seemed a very neat idea that OpenSMTPD would have some > implicit defaults to avoid people creating open relays. > > Back then I was trying to make the smtpd.conf as compact as possible and > came up with the very nice idea of "implicit local" so that we would get > a very compact: > > accept for any relay > > which would not be an open relay as it translated to: > > accept from local for any relay > > > This idea was carried when we moved the syntax to match/action. > > I think this was an error from the beginning and we should only have the > explicit notation as I see a trend in people coming up with: > > match for domain foobar.org action "deliver" > > which, read loud, seems to imply that mail for domain foobar.org will be > delivered but which actually fails because it translates as: > > match from local for domain foobar.org action "deliver" > > and actually limits the scope to local users... > > People keep making this mistake over and over which as safe as it is, is > a serious hint that the mistake is on smtpd's side. > > > Is there strong objection to move to a mode where implicit notation will > no longer be allowed ?
No objections. Yes, please make the notation explicit and remove the syntactic sugar which often seems to be the reason for confusions. > This could start with us adding the explicit notation to default config, > then put a startup warning in the next release so configurations are not > broken but people spot that this is no longer encouraged and we can then > later kill it. Sounds like a good plan to me. Thanks, Regards, Joerg
