On Fri, Nov 07, 2008 at 03:09:29PM +0100, Per Jessen wrote:
> Henrik K wrote:
>
> > Then instead of asking for a lacking addition to a poor whitelisting
> > method (in this case), we should enhance whitelist_from_rcvd to
> > process received paths:
> >
> > whitelist_from_rcvd *@foobar.xyz 1.2.3.4 2.3.4.5
> >

>
> Should this be read to mean "whitelist from foobar if it came via
> 1.2.3.4 AND 2.3.4.5"? That's an interesting option, but I can't see
> much immediate use. Maybe when I've thought about it for a bit.


Yes.

> > Perhaps it could even work with hostnames as long as they stay inside
> > trusted_networks.

>
> I'm not sure I like the ideas of whitelisting based on IP-addresses,
> it's too inflexible. Why would you not use hostnames?


Hmm.. ok I think you both (mouss) are right. Ignore my last post. The trust
would go from hostname to hostname, so it's ok. Too little time to think.

> > And perhaps it could support basic wildcards instead of regexps.

>
> I appreciate Matts explanation about whitelist_from_rcvd being a regular
> user option, so maybe the right way would be
> a "whitelist_from_rcvdregex" ?


IMO the right option is wildcards. You might as well ask then, why can't the
sender part be regexed for convienence..