[refpolicy] Milter Mail Filters

Christopher J. PeBenito cpebenito at tresys.com
Wed Oct 8 14:22:25 CDT 2008

Moving to refpolicy list.

On Wed, 2008-10-08 at 14:05 +0100, Paul Howarth wrote:
> Christopher J. PeBenito wrote:
> > On Mon, 2008-09-22 at 13:27 +0100, Paul Howarth wrote:
> >> Updated patch: sendmail, when run as "newaliases", tries to getattr() 
> >> milter sockets as well as the directories they live in, so I changed
> >> the 
> >> milter_getattr_all_data_dirs interface to milter_getattr_all_sockets.
> >>
> >> I also moved the call to this interface in mta.te out from the middle
> >> of 
> >> a bunch of postfix-related lines.
> >>
> >> Paul.
> > 
> > I think my last two comments are
> > 
> > * you can't require milter_port_t.  It doesn't seem like a generic port
> > type would be useful anyway, otherwise there would be a port defined.
> So I should change "allow milter_$1_t milter_port_t:tcp_socket 
> name_bind;" to "corenet_tcp_bind_generic_port($1_milter_t)"?

No.  I don't see how it makes sense to have a port type common to all

> I can do that but I don't understand why milter_port_t should be any 
> different than say stunnel_port_t, which also doesn't have a default 
> port defined, and would be used in a similar way, i.e. an admin would 
> set up an application to use a specific port (a milter running over tcp 
> needs to have a port specified, just a tunnel set up using stunnel does 
> - they don't just bind to random generic ports).

This is not comparable, as there is only one stunnel domain, whereas
there are several milter domains.

Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150

More information about the refpolicy mailing list