Henrik K wrote:
> On Fri, Nov 07, 2008 at 02:38:22PM +0100, Per Jessen wrote:
>> Henrik K wrote:
>>> On Fri, Nov 07, 2008 at 02:22:08PM +0100, Per Jessen wrote:
>>>> Yes, I saw that in the code - still, having a
>>>> whitelist_from_rcvdregex
>>>> would be very useful, people relay via their providers quite a lot.
>>>> I guess I'll have to write something up.
>>> If the originator is static IP, add whole path to trusted_networks and
>>> use ALL_TRUSTED.

>> I prefer to use that only for our own networks. That I whitelist one
>> domain from a certain server(s) doesn't mean I want to whitelist
>> everything.

> Then instead of asking for a lacking addition to a poor whitelisting method
> (in this case), we should enhance whitelist_from_rcvd to process received
> paths:
> whitelist_from_rcvd *@foobar.xyz

why? I wouldn't put 30 IPs there...

if user trusts his MTA, then rdns can be trusted, and there is no point
to go the IP way (note that if user doesn't trust MTA, then the IP can't
be trusted...).

> Perhaps it could even work with hostnames as long as they stay inside
> trusted_networks.

why link that to trusted_networks?

> And perhaps it could support basic wildcards instead of regexps.

That's probably the best option.

That said, it is not very satisfactory. mixing perl regexps and
"globbing" comes as a surprise to pcre users...