The method behind the madness
in [Postfix]
|
From: Stan Hoeppner on 18 Jan 2010 17:48 Mark Nernberg (gmail account) put forth on 1/18/2010 4:17 PM: > I have achieved this with a slightly hacked TMDA (www.tmda.net). if you > want my modifications, contact me off-list. I'm surprised you actually mentioned a solution whose core feature is challenge/response. C/R is one of those "cures" that far is worse than the disease. -- Stan
From: marknernberg on 18 Jan 2010 17:50 On Jan 18, 2010, at 17:48, Stan Hoeppner <stan(a)hardwarefreak.com> wrote: > Mark Nernberg (gmail account) put forth on 1/18/2010 4:17 PM: > >> I have achieved this with a slightly hacked TMDA (www.tmda.net). if >> you >> want my modifications, contact me off-list. > > I'm surprised you actually mentioned a solution whose core feature is > challenge/response. C/R is one of those "cures" that far is worse > than the disease. > > -- > Stan I got rid of the C/R ... I wanted auto whitelisting & some of the other features. hence my modifications.
From: Stan Hoeppner on 18 Jan 2010 18:30 Mark Nernberg (gmail account) put forth on 1/18/2010 4:50 PM: > > > On Jan 18, 2010, at 17:48, Stan Hoeppner <stan(a)hardwarefreak.com> wrote: > >> Mark Nernberg (gmail account) put forth on 1/18/2010 4:17 PM: >> >>> I have achieved this with a slightly hacked TMDA (www.tmda.net). if you >>> want my modifications, contact me off-list. >> >> I'm surprised you actually mentioned a solution whose core feature is >> challenge/response. C/R is one of those "cures" that far is worse >> than the disease. >> >> -- >> Stan > > I got rid of the C/R ... I wanted auto whitelisting & some of the other > features. hence my modifications. From: http://tmda.sourceforge.net/cgi-bin/moin.cgi/TmdaFaq#head-0b1aee3c2decf32a26ffcc12b397f9d3cec3fdc0 How do I setup an "auto-whitelist"? TMDA has the ability to automagically add confirmed addresses to a whitelist. This way, each new sender only has to go through the confirmation process once. .... Then TMDA will the add the senders from successfully confirmed messages to the 'whitelist_confirmed' file. A possible variation on this includes setting CONFIRM_APPEND to your main whitelist file rather than a secondary file. This strongly suggests the auto-whitelist feature will not function in the absence of the C/R feature. Put another way, the auto-whitelist function is dependent upon the C/R function. Senders must reply to the challenge email in order to be added to the whitelist. Am I reading this wrong? -- Stan
From: marknernberg on 18 Jan 2010 18:50 On Jan 18, 2010, at 18:30, Stan Hoeppner <stan(a)hardwarefreak.com> wrote: > Mark Nernberg (gmail account) put forth on 1/18/2010 4:50 PM: >> >> >> On Jan 18, 2010, at 17:48, Stan Hoeppner <stan(a)hardwarefreak.com> >> wrote: >> >>> Mark Nernberg (gmail account) put forth on 1/18/2010 4:17 PM: >>> >>>> I have achieved this with a slightly hacked TMDA (www.tmda.net). >>>> if you >>>> want my modifications, contact me off-list. >>> >>> I'm surprised you actually mentioned a solution whose core feature >>> is >>> challenge/response. C/R is one of those "cures" that far is worse >>> than the disease. >>> >>> -- >>> Stan >> >> I got rid of the C/R ... I wanted auto whitelisting & some of the >> other >> features. hence my modifications. > > From: > http://tmda.sourceforge.net/cgi-bin/moin.cgi/TmdaFaq#head-0b1aee3c2decf32a26ffcc12b397f9d3cec3fdc0 > > How do I setup an "auto-whitelist"? > > TMDA has the ability to automagically add confirmed addresses to a > whitelist. > This way, each new sender only has to go through the confirmation > process once. > ... > Then TMDA will the add the senders from successfully confirmed > messages to the > 'whitelist_confirmed' file. A possible variation on this includes > setting > CONFIRM_APPEND to your main whitelist file rather than a secondary > file. > > > This strongly suggests the auto-whitelist feature will not function > in the > absence of the C/R feature. Put another way, the auto-whitelist > function is > dependent upon the C/R function. Senders must reply to the > challenge email in > order to be added to the whitelist. Am I reading this wrong? yes. you can set tge whitelisting features in either the global .config file or the individual users' .config. it's in the documentation. you may also choose which messages are challenged, tagged, etc. I'd give you the direct link to the doc, but I'm mobile, ATM - I will forward it later.
From: Wietse Venema on 18 Jan 2010 18:54
Stan Hoeppner: [ Charset ISO-8859-1 unsupported, converting... ] > Mark Nernberg (gmail account) put forth on 1/18/2010 4:50 PM: > > > > > > On Jan 18, 2010, at 17:48, Stan Hoeppner <stan(a)hardwarefreak.com> wrote: > > > >> Mark Nernberg (gmail account) put forth on 1/18/2010 4:17 PM: > >> > >>> I have achieved this with a slightly hacked TMDA (www.tmda.net). if you > >>> want my modifications, contact me off-list. > >> > >> I'm surprised you actually mentioned a solution whose core feature is > >> challenge/response. C/R is one of those "cures" that far is worse > >> than the disease. > >> > >> -- > >> Stan > > > > I got rid of the C/R ... I wanted auto whitelisting & some of the other > > features. hence my modifications. > > From: > http://tmda.sourceforge.net/cgi-bin/moin.cgi/TmdaFaq#head-0b1aee3c2decf32a26ffcc12b397f9d3cec3fdc0 > > How do I setup an "auto-whitelist"? I'm sure that it is possible to MODIFY the TMDA source code such that it will handle auto-whitelisting without challenge-response. Conceptually, it's as simple as 1) never sending the challenge and 2) skipping the "was this challenge confirmed" check. After that change, there is a lot of code that can be deleted because it is no longer used. Given the choice between starting from scratch, and starting with code that already works, the choice should be clear. The only reason to write Postfix in the first place was that I could not live with the alternatives. Wietse |