On 06/09/2012 04:44 AM, Pritam D. Gautam wrote:
Dear Amit,

Thank you for pointing in right direction.
However, there are some shortcomings of implementing eMPF, I have

Scenario 1: User A has been configured to prevent sending mails to
external domain.

If user A sends mail to internal domain (permitted by policy), with a
copy to external domain (denied by policy), the entire mail is rejected.

This is the behavior that I would expect, although that doesn't necessarily make it right or proper.

I'll need to think this through before coming up with a suggestion. This seems similar to another situation where a submission contains one invalid address out of a bunch, and the message is refused giving the user no indication of which address is bad. I'm not sure this is the best way to handle things either.

Scenario 2: Vpopmail has been configured with /defaultdomain/ name in
~vpopmail/etc/defaultdomain file

With defaultdomain configured, it is not mandatory to supply full
emailaddress for authenticating with mailserver resulting in eMPF to
fail and allow all emails.

Having said that I have been able to write a workaround for Scenario 2
but living with Scenario 1 currently.
Any help will be appreciated.

Attached is patch I have created for Scenario 2.

HOWTO for Scenario 2:
1. Apply patch
2. Configure and export QMAILDEFAULTDOMAIN variable in the run file for
SMTP Server
e.g. export QMAILDEFAULTDOMAIN="@example.com"

Rather than have the default domain hard coded in another location, I would rather see something like:
if [ -f "$defdomfile" ]; then
  export QMAILDEFAULTDOMAIN=$(cat $defdomfile)

Also, I'm not a C expert. I wonder what happens with
when QMAILDEFAULTDOMAIN is not defined. If nothing, that's fine. If it causes strcat to do something undesired though, then the result of env_get should be checked before doing the strcat.

Nice work. This fix should probably be included the the stock eMPF code.

-Eric 'shubes'


Reply via email to