Ability to listen to network socket
dene14 opened this issue · 3 comments
Hello Andrew!
Will it take much effort to have an ability to work with a network socket? Any cons on its usage?
Thank you!
Hi @dene14,
This isn't documented, but you can pass the following to the socket option to listen on the given TCP port:
inet:1234@localhost
That will listen on the loopback interface only. To listen on all interfaces, replace localhost with 0.0.0.0.
I haven't tested this extensively or used it in production, but it should work. The main downside is that it's less secure, particularly if you listen on all interfaces. The milter protocol has no authentication, so anyone who can connect to the socket can interact with the milter. With UNIX domain sockets you don't have to worry about this since you can use file permissions to make sure only your MTA can connect.
Ah... I was too asleep to try standard milter's socket definition.
Thanks!
P.S. you're right, it's better to add that in examples :)
2014-12-16 1:23 GMT+03:00 Andrew Ayer notifications@github.com:
Hi @dene14 https://github.com/dene14,
This isn't documented, but you can pass the following to the socket
option to listen on the given TCP port:inet:1234@localhost
That will listen on the loopback interface only. To listen on all
interfaces, replace localhost with 0.0.0.0.I haven't tested this extensively or used it in production, but it should
work. The main downside is that it's less secure, particularly if you
listen on all interfaces. The milter protocol has no authentication, so
anyone who can connect to the socket can interact with the milter. With
UNIX domain sockets you don't have to worry about this since you can use
file permissions to make sure only your MTA can connect.—
Reply to this email directly or view it on GitHub
#4 (comment).
I just released batv-tools 0.6. Non-UNIX sockets are now documented in both the batv-milter(8) man page and the example batv-milter.conf file.