james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noel J. Bergman" <n...@devtech.com>
Subject RE: [jira] Updated: (JAMES-380) ESMTP Compliance fix
Date Thu, 02 Jun 2005 19:18:19 GMT
Stefano Bagnara wrote:

> > You moved the check inside the authRequired check.  I want it
> > OUTSIDE the check because I want for it to apply to ALL
> > e-mail, regardless of whether auth is required or not.

> I did not check your intended behaviour, I simply refactored it.

> Am I missing something?

Actually, I did, and your refactoring pointed it out.  :-)

We have two checks:

		true when <authRequired> != false and ! in {<authorizedAddresses>}

		true when in {<authorizedAddresses>}

which is why we don't need this change:

-            if (authRequired) {
+            if (authRequired && !relayingAllowed)

For now, we want to check the DNSRBL whenever the address is not authorized,
but since the isAuthRequired check would be false in the common case where
SMTP AUTH isn't enabled, we can't rely on isAuthRequired as the sole check.

My check was:

  if (blocklisted &&
     (authRequired && getUser() == null) &&
     !(recipientAddress.getUser().equalsIgnoreCase("postmaster") ||
       recipientAddress.getUser().equalsIgnoreCase("abuse"))) {

and should be:

  if (blocklisted &&
      (!relayAllowed || (authRequired && getUser() == null)) &&
            ^ handle case when IP not authorized and SMTP AUTH not enabled
      !(recipientAddress.getUser().equalsIgnoreCase("postmaster") ||
        recipientAddress.getUser().equalsIgnoreCase("abuse"))) {

because !relayedAllow can be true when authRequired is false.

I'd consider cleaning this up, but I think that moving to the fast-fail
approach proposed will clean up the whole area structurally.

Again, please check my logic (above.

	--- Noel

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message