Loading ...
Sorry, an error occurred while loading the content.
 

Re: multirecipient mail and adding headers

Expand Messages
  • Robert Felber
    ... Correction: I guess this is because the same policyd-weight instance processed another smtpd meanwhile, thus it lost the instance information which leads
    Message 1 of 4 , Jun 2, 2007
      On Sat, Jun 02, 2007 at 09:48:02AM +0200, Robert Felber wrote:
      > On Fri, Jun 01, 2007 at 03:12:45PM -0600, Kenny Dail wrote:
      > > Ok so we are trying some different things to block mail with post fix.
      > > Trouble is that multirecipient mail is being check many times, and in
      > > cases where a header is added, the header is being added multiple times.
      > > Is there a cleaner way to do this?
      > >
      > > example:
      > >
      > > Return-Path: <spammer>
      > > X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on mail3.amigo.net
      > > X-Spam-Level:
      > > X-Spam-Status: No, score=0.0 required=1.0 tests=none autolearn=disabled version=3.1.8
      > > Delivered-To: joec@...
      > > Received: from localhost (localhost [127.0.0.1])
      > > by mail3.amigo.net (Postfix)
      > > with ESMTP id 7B7B01D339B;
      > > Fri, 1 Jun 2007 13:56:12 -0600 (MDT)
      > > X-Virus-Scanned: amavisd-new at amigo.net
      > > Received: from mx.amigo.net ([127.0.0.1])
      > > by localhost (mail3.amigo.net [127.0.0.1]) (amavisd-new, port 10024)
      > > with ESMTP id ssfWxur1U6mQ;
      > > Fri, 1 Jun 2007 13:56:09 -0600 (MDT)
      > > X-WhiteListed: No
      > > X-policyd-weight: NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 NOT_IN_SORBS_NEW=-1.2 NOT_IN_PSBL=-0.8 CL_IP_EQ_HELO_IP=-2 (check from: .floridwant. - helo: .election182.floridwant. - helo-domain: .floridwant.) FROM/MX_MATCHES_HELO(DOMAIN)=-2 <client=64.89.22.182> <helo=election182.floridwant.com> <from=spammer>
      > > <to=someotherguy@...>, rate: -9
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-policyd-weight: using cached result; rate: -9
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > X-WhiteListed: No
      > > smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_recipient_domain, reject_unauth_destination, reject_unlisted_recipient, check_recipient_access mysql:/etc/postfix/mysql-no-filter-header.cf, check_recipient_access mysql:/etc/postfix/mysql-no-filter.cf, check_client_access cidr:/etc/postfix/dnswl/postfix-dnswl-header, check_client_access cidr:/etc/postfix/dnswl/postfix-dnswl-permit, check_policy_service inet:127.0.0.1:10031, check_policy_service inet:127.0.0.1:12525, permit_mx_backup, permit
      >
      > First: headers are prepended for each recipient IF the check does not
      > check whether it has been already evaluated for a previous recipient of
      > the same transaction. This goes for access maps where PREPEND is being used.
      >
      > The policy proto gives you the ability to check for already evaluated mail
      > and to turn PREPEND into DUNNO.
      >
      > Allthough I wonder why policyd-weight is listed two times.
      > Which postfix version is that?

      Correction: I guess this is because the same policyd-weight instance processed
      another smtpd meanwhile, thus it lost the instance information which leads
      to a subsequent PREPEND for the same transaction. If policyd-weight used
      in master.cf mode this won't happen.

      > I have seen (two times) in postfix 2.1 that sometimes the value
      > "instance" was not reliable.

      Correction: the behaviour I have seen with 2.1 was, that it happened two
      times that the smtpd provided the sam instance variable for different
      transactions.

      > So for your problem with X-Whitelisted it would be interesting to know
      > which check does PREPEND X-WhiteListed: No. If that is a sender/client check
      > you could probably beat it best with a policy server. If that is a policy
      > server you could store
      >
      > client_address.sender as $instance and check whether subsequent
      > client_address.sender match the old $instance.

      Which may not be appropriate for your scenario. You rely on the policy proto
      variable "instance" to ensure that the header is prepended for each
      transaction once. If you use client_address.sender as instance-classifier then
      it might happen that the header is only prepended for transaction1. If the same
      client does a subsequent mail-transaction then it might happen that it still
      has the client_address.sender as instance variable and does not prepend a
      header.



      --
      Robert Felber (PGP: 896CF30B)
      Munich, Germany
    Your message has been successfully submitted and would be delivered to recipients shortly.