Loading ...
Sorry, an error occurred while loading the content.

272096Re: postscreen request: pcre support

Expand Messages
  • Jeroen Koekkoek
    Dec 15, 2010
      On 12/01/2010 06:42 PM, Wietse Venema wrote:
      > jeroen@...:
      >> On Wed, 1 Dec 2010 10:41:22 -0500 (EST), Wietse Venema
      >> <wietse@...> wrote:
      >>> Jeroen Koekkoek:
      >>>> Hi,
      >>>> I would like to request pcre table support in postscreen for some fields
      >>>> e.g. client_name, helo_name, etc.
      >>>> For example if client is not listed on any dnsbl, but the reverse
      >>>> hostname matches /\.dsl\./, the client is greylisted.
      >>>> Or if client is listed on a single dnsbl and contains something like
      >>>> dialup, the connection is dropped.
      >>> This functionality already exists in smtpd. There is no need to duplicate
      >>> this in postscreen.
      >>> Postscreen's purpose is to keep zombies away so that you can keep
      >>> using the existing smtpd features.
      >>> It is not a scoring system that makes a decision at the end.
      >>> Instead, postscreen makes the decision as early as possible.
      >>> Wietse
      >> Not entirely, because I can't combine scores in smtpd. I would need a
      >> policy service for that (correct me if i'm wrong). So if I wanted to do
      >> this check I would need an smtpd + policy service and the policy service
      >> would need to do the exact same lookups in order to get a combined score
      >> and make a descision based on that.
      > Again. if something can already be done with smtpd plus milter or
      > policy plugin or content filter then I urge you to keep using that
      > already existing functionality.
      >> I think it's a lot of overhead where one or two pcre checks would
      > suffice.> > If I create a patch, could this feature make its way
      > into postfix?> > Jeroen> >
      > I don't take any code before I have seen a clear design of user
      > interface (how to use) and semantics (what it does). That is,
      > write the manpage and we can talk about how it would work. But I
      > warn you, I will not take something that simply hard-codes PCRE
      > lookups plus counter into postscreen.
      > Wietse

      I've read through the postscreen code and got a general understanding of
      how it works internally. But judging from the documentation: is
      postscreen intended to ever do more than allowing/disallowing client
      connections? e.g. greylisting or specifying a follow-up service like

      If it's not: It would be nice if the dnsbl results could be passed to
      the follow-up smtpd process, so they in turn can be passed to a policy
      daemon. It would save cpu cycles, etc and it would make implementing a
      policy daemon that needs those results anyway a lot easier.

      If it is: I'll write about how I think the configuration options, maps,
      etc should look.

      - Jeroen
    • Show all 10 messages in this topic