272096Re: postscreen request: pcre support
- Dec 15, 2010On 12/01/2010 06:42 PM, Wietse Venema wrote:
> jeroen@...:I've read through the postscreen code and got a general understanding of
>> On Wed, 1 Dec 2010 10:41:22 -0500 (EST), Wietse Venema
>> <wietse@...> wrote:
>>> Jeroen Koekkoek:
>>>> I would like to request pcre table support in postscreen for some fields
>>>> e.g. client_name, helo_name, etc.
>>>> For example if client is not listed on any dnsbl, but the reverse
>>>> hostname matches /\.dsl\./, the client is greylisted.
>>>> Or if client is listed on a single dnsbl and contains something like
>>>> dialup, the connection is dropped.
>>> This functionality already exists in smtpd. There is no need to duplicate
>>> this in postscreen.
>>> Postscreen's purpose is to keep zombies away so that you can keep
>>> using the existing smtpd features.
>>> It is not a scoring system that makes a decision at the end.
>>> Instead, postscreen makes the decision as early as possible.
>> Not entirely, because I can't combine scores in smtpd. I would need a
>> policy service for that (correct me if i'm wrong). So if I wanted to do
>> this check I would need an smtpd + policy service and the policy service
>> would need to do the exact same lookups in order to get a combined score
>> and make a descision based on that.
> Again. if something can already be done with smtpd plus milter or
> policy plugin or content filter then I urge you to keep using that
> already existing functionality.
>> I think it's a lot of overhead where one or two pcre checks would
> suffice.> > If I create a patch, could this feature make its way
> into postfix?> > Jeroen> >
> I don't take any code before I have seen a clear design of user
> interface (how to use) and semantics (what it does). That is,
> write the manpage and we can talk about how it would work. But I
> warn you, I will not take something that simply hard-codes PCRE
> lookups plus counter into postscreen.
how it works internally. But judging from the documentation: is
postscreen intended to ever do more than allowing/disallowing client
connections? e.g. greylisting or specifying a follow-up service like
If it's not: It would be nice if the dnsbl results could be passed to
the follow-up smtpd process, so they in turn can be passed to a policy
daemon. It would save cpu cycles, etc and it would make implementing a
policy daemon that needs those results anyway a lot easier.
If it is: I'll write about how I think the configuration options, maps,
etc should look.
- << Previous post in topic Next post in topic >>