I mentioned this is another thread, but now have more specific examples. It seems that before anything else, LS resolves a host name into an IP address; the issue arises in that most expectations indicate an "allow" to a TLD (top level domain) would also resolve sub domains. However, it seems each sub domain may need it's own "rule."
With all the new features in 2.x, I'm trying to be a lot more specific about what is or isn't allowed. So more and more I am trying to have a series of rules rather than giving an application carte blanche. Witness the factory set of rules for Apple Mail, as opposed to a blanket allow everything for that application.
So I set several rules that my e-mail client needs to connect to transfer mail. The problem arises in many e-mail messages I DO allow through (amazon, buy.com, etc.). Take Amazon as an example... one e-mail from them wants to connect to 3-4 amazon.com domains, except each is a separate sub domain. So, rather than one rule for amazon.com, I need 4-5.
Yes I could user a series of ports as the factory rules for Mail do... BUT it seems to me that means that spam messages will be allowed to retrieve all the images they tend to put into e-mails. This I do NOT want to happen.
Obviously this is a kind of feature request; however, there COULD be some reason why it wasn't done the way I'm asking... I'd like to know if there is an overarching reason why what I'm suggesting has little chance of implementation!
General discussions about Little Snitch
1 post • Page 1 of 1