Loading ...
Sorry, an error occurred while loading the content.

Custom Policy Integration

Expand Messages
  • punit jain
    Hi , I have a postfix server running and it needs to be integrated with 3rd party Policy server. What that server expects is smtp negotiation ie. mail from ,
    Message 1 of 7 , Jun 2, 2010
    • 0 Attachment
      Hi ,

      I have a postfix server running and it needs to be integrated with 3rd party Policy server. What that server expects is smtp negotiation ie. "mail from", "rcpt to" along with "source IP" to be sent to policy server in form of a HTTP call. Based on the policy, the policy server will return a code of 250 or 451 to the client. Any ideas if it is possible in postfix ?

      Thanks and Regards
    • Wietse Venema
      ... The available before-queue extension Postfix interfaces are documented at: http://www.postfix.org/SMTPD_POLICY_README.html
      Message 2 of 7 , Jun 2, 2010
      • 0 Attachment
        punit jain:
        > Hi ,
        >
        > I have a postfix server running and it needs to be integrated with 3rd party
        > Policy server. What that server expects is smtp negotiation ie. "mail from",
        > "rcpt to" along with "source IP" to be sent to policy server in form of a
        > HTTP call. Based on the policy, the policy server will return a code of 250
        > or 451 to the client. Any ideas if it is possible in postfix ?

        The available before-queue extension Postfix interfaces are documented at:

        http://www.postfix.org/SMTPD_POLICY_README.html
        http://www.postfix.org/SMTPD_PROXY_README.html
        http://www.postfix.org/MILTER_README.html

        Wietse
      • Khawaja M. Jawad
        You can also use policyd - cluebringer as 3rd party policy server with postfix server. http://www.policyd.org -- Jawad ... From:
        Message 3 of 7 , Jun 2, 2010
        • 0 Attachment
          You can also use policyd - cluebringer as 3rd party policy server with
          postfix server.

          http://www.policyd.org

          --
          Jawad

          -----Original Message-----
          From: owner-postfix-users@...
          [mailto:owner-postfix-users@...] On Behalf Of Wietse Venema
          Sent: Wednesday, June 02, 2010 4:07 PM
          To: Postfix users
          Subject: Re: Custom Policy Integration

          punit jain:
          > Hi ,
          >
          > I have a postfix server running and it needs to be integrated with 3rd
          party
          > Policy server. What that server expects is smtp negotiation ie. "mail
          from",
          > "rcpt to" along with "source IP" to be sent to policy server in form of a
          > HTTP call. Based on the policy, the policy server will return a code of
          250
          > or 451 to the client. Any ideas if it is possible in postfix ?

          The available before-queue extension Postfix interfaces are documented at:

          http://www.postfix.org/SMTPD_POLICY_README.html
          http://www.postfix.org/SMTPD_PROXY_README.html
          http://www.postfix.org/MILTER_README.html

          Wietse
        • punit jain
          Hi Wietse, Gone through the links. I find Milter to be more suitable for my requirement. A quick query on smtpd_milters, the call to external filter would be
          Message 4 of 7 , Jun 3, 2010
          • 0 Attachment

            Hi Wietse,

            Gone through the links. I find Milter to be more suitable for my requirement. A quick query on smtpd_milters, the call to external filter would be same way the smtp negotiation happens ( HELO, MAIL FROM, RCPT TO etc ) before accepting the message to be queued or is the call in some form of HTTP get/post request  ?

            Thanks
          • Wietse Venema
            ... Milter applications are usually implemented on top of the libmilter library, which implements the Milter protocol. See: http://www.milter.org/developers
            Message 5 of 7 , Jun 3, 2010
            • 0 Attachment
              punit jain:
              > Hi Wietse,
              >
              > Gone through the links. I find Milter to be more suitable for my
              > requirement. A quick query on smtpd_milters, the call to external filter
              > would be same way the smtp negotiation happens ( HELO, MAIL FROM, RCPT TO
              > etc ) before accepting the message to be queued or is the call in some form
              > of HTTP get/post request ?

              Milter applications are usually implemented on top of the libmilter
              library, which implements the Milter protocol. See:
              http://www.milter.org/developers

              Wietse
            • punit jain
              Hi Wieste, Thanks for the link.I would like to know if my understanding is correct. Here is what I understood: - 1. Postfix uses Milter (mail filter) protocol
              Message 6 of 7 , Jun 5, 2010
              • 0 Attachment


                Hi Wieste,

                Thanks for the link.I would like to know if my understanding is correct. Here is what I understood: -

                1. Postfix uses Milter (mail filter) protocol to allow external application to inspect SMTP events (CONNECT, DISCONNECT), SMTP commands (HELO, MAIL FROM, etc.) as well as mail content (headers and body) as according to the information from http://www.postfix.org/MILTER_README.html.

                2. This would mean filter application should talk with postfix using Milter instead of HTTP. The application can then be invoked at different stages of SMTP.

                3. When postfix invoke filter application via Milter, information like sender/recipient address, source IP will be passed together or separately the way it is sent during SMTP negotiation ?

                Thanks
              • Wietse Venema
                ... This would mean that *something* talks to Postfix (for example via the Milter protocol). This *something* could then post the information from Postfix as
                Message 7 of 7 , Jun 5, 2010
                • 0 Attachment
                  punit jain:
                  > Hi Wieste,
                  >
                  > Thanks for the link.I would like to know if my understanding is correct.
                  > Here is what I understood: -
                  >
                  > 1. Postfix uses Milter (mail filter) protocol to allow external application
                  > to inspect SMTP events (CONNECT, DISCONNECT), SMTP commands (HELO, MAIL
                  > FROM, etc.) as well as mail content (headers and body) as according to the
                  > information from http://www.postfix.org/MILTER_README.html.
                  >
                  > 2. This would mean filter application should talk with postfix using Milter
                  > instead of HTTP. The application can then be invoked at different stages of
                  > SMTP.

                  This would mean that *something* talks to Postfix (for example via
                  the Milter protocol). This *something* could then post the information
                  from Postfix as HTTP queries to the filter application.

                  You could also talk to Postfix via its policy delegation protocol.
                  This is simpler than Milter, and it sends all available attributes
                  in one request. I guess that 100 lines of Perl script would do
                  the job (not counting existing PERL code that already implements
                  HTTP). http://www.postfix.org/SMTPD_POLICY_README.html

                  > 3. When postfix invoke filter application via Milter, information like
                  > sender/recipient address, source IP will be passed together or separately
                  > the way it is sent during SMTP negotiation ?

                  See https://www.milter.org/developers/api/index#Callbacks for a
                  description of the functions that receive information from the MTA.

                  Wietse
                Your message has been successfully submitted and would be delivered to recipients shortly.