On Fri, Nov 07, 2008 at 03:07:59PM +0100, mouss wrote:
>>
>> Then instead of asking for a lacking addition to a poor whitelisting method
>> (in this case), we should enhance whitelist_from_rcvd to process received
>> paths:
>>
>> whitelist_from_rcvd *@foobar.xyz 1.2.3.4 2.3.4.5

>
> why? I wouldn't put 30 IPs there...
>
> if user trusts his MTA, then rdns can be trusted, and there is no point
> to go the IP way (note that if user doesn't trust MTA, then the IP can't
> be trusted...).
>
>>
>> Perhaps it could even work with hostnames as long as they stay inside
>> trusted_networks.

>
> why link that to trusted_networks?


Obviously the whole IP path must be trusted (excluding the last one). You
can use hostnames as well. But then you have to have trust path right, to
trust later hostnames.

>> And perhaps it could support basic wildcards instead of regexps.

>
> That's probably the best option.
>
> That said, it is not very satisfactory. mixing perl regexps and
> "globbing" comes as a surprise to pcre users...


Isn't the sender part globbed already?