postfix-users October 2010 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: hide (do not disclose) reject reason to clien

Re: hide (do not disclose) reject reason to client but log as usual

From: Costin Gusa <costinel_at_nospam>
Date: Tue Oct 12 2010 - 22:33:21 GMT
To: mouss <mouss@ml.netoyen.net>

On Wed, Oct 13, 2010 at 00:04, mouss <mouss@ml.netoyen.net> wrote:
>  Le 12/10/2010 12:09, Costin Gusa a écrit :
>>
>> Hello,
>> I would like to be able to configure smtpd so that a generic smtp
>> session reject code to be given without explanation (ex. helo command
>> rejected, user unknown, client host rbl, etc) while at the same time
>> detail the reject reason in mail.log as usual.
>>
>> Is this possible?
>> Thank you
>
> sure:
> ....   REJECT we reject you (#code)

I'm sure there's some detail in the documentation which tells me where
exactly do you put that in order to act as a generic reject message,
but being unable to find it is the reason I mailed you.
My postconf -n looks like this: http://paste.lug.ro/126607 but don't
think this is relevant to the answer.

`postconf -d|grep reject' options gives me the posibility to change
the reject code (which I don't intend). I just want to modify the
text, for example: I don't want the text "helo command rejected" to be
prepended to my custom "REJECT internal code 123" in a
*_helo_restrictions check.

if not generic, then at least I'd like to be able to overwrite the
reject text for each reject reason, preferably without recompiling
from source.

>
> where only you know what #code means.

rfc821 gives also explanations for second-digit of the reject codes so
you don't need the text:

"The second digit encodes responses in specific categories:

            x0z Syntax -- These replies refer to syntax errors,
                  syntactically correct commands that don't fit any
                  functional category, and unimplemented or superfluous
                  commands.

            x1z Information -- These are replies to requests for
                  information, such as status or help.

            x2z Connections -- These are replies referring to the
                  transmission channel.

            x3z Unspecified as yet.

            x4z Unspecified as yet.

            x5z Mail system -- These replies indicate the status of
                  the receiver mail system vis-a-vis the requested
                  transfer or other mail system action.
[...]
Each reply text is recommended rather than
         mandatory, and may even change according to the command with
         which it is associated."

Note the wording in the last phrase, *recommended rather than
mandatory*, which means I am complying with rfc821.

>
> but this is a really bad idea. when I get rejected without a reason I can
> work on, I simply blocklist the other side. remember: this story is about

good, "an eye for an eye", brilliant!
so then you're not delivering to m$ sexchange at all, for example?

> reputation. if you think you can solve your spam problem using your own
> measures, don't forget that we too have a problem with spam. and if you take
> a measure that might work for you but causes problems for us, then we'll
> consider that you're part of the problem.

please define "causes problems for us" and detail a little more.
I rarely get complains from users about receiving DSN's with generic
reject text and most of the time is because they don't know how to
read DSN very well rather than complaining.