Loading ...
Sorry, an error occurred while loading the content.

Re: Custom Policy Integration

Expand Messages
  • Wietse Venema
    ... The available before-queue extension Postfix interfaces are documented at: http://www.postfix.org/SMTPD_POLICY_README.html
    Message 1 of 7 , Jun 2, 2010
    • 0 Attachment
      punit jain:
      > Hi ,
      >
      > I have a postfix server running and it needs to be integrated with 3rd party
      > Policy server. What that server expects is smtp negotiation ie. "mail from",
      > "rcpt to" along with "source IP" to be sent to policy server in form of a
      > HTTP call. Based on the policy, the policy server will return a code of 250
      > or 451 to the client. Any ideas if it is possible in postfix ?

      The available before-queue extension Postfix interfaces are documented at:

      http://www.postfix.org/SMTPD_POLICY_README.html
      http://www.postfix.org/SMTPD_PROXY_README.html
      http://www.postfix.org/MILTER_README.html

      Wietse
    • Khawaja M. Jawad
      You can also use policyd - cluebringer as 3rd party policy server with postfix server. http://www.policyd.org -- Jawad ... From:
      Message 2 of 7 , Jun 2, 2010
      • 0 Attachment
        You can also use policyd - cluebringer as 3rd party policy server with
        postfix server.

        http://www.policyd.org

        --
        Jawad

        -----Original Message-----
        From: owner-postfix-users@...
        [mailto:owner-postfix-users@...] On Behalf Of Wietse Venema
        Sent: Wednesday, June 02, 2010 4:07 PM
        To: Postfix users
        Subject: Re: Custom Policy Integration

        punit jain:
        > Hi ,
        >
        > I have a postfix server running and it needs to be integrated with 3rd
        party
        > Policy server. What that server expects is smtp negotiation ie. "mail
        from",
        > "rcpt to" along with "source IP" to be sent to policy server in form of a
        > HTTP call. Based on the policy, the policy server will return a code of
        250
        > or 451 to the client. Any ideas if it is possible in postfix ?

        The available before-queue extension Postfix interfaces are documented at:

        http://www.postfix.org/SMTPD_POLICY_README.html
        http://www.postfix.org/SMTPD_PROXY_README.html
        http://www.postfix.org/MILTER_README.html

        Wietse
      • punit jain
        Hi Wietse, Gone through the links. I find Milter to be more suitable for my requirement. A quick query on smtpd_milters, the call to external filter would be
        Message 3 of 7 , Jun 3, 2010
        • 0 Attachment

          Hi Wietse,

          Gone through the links. I find Milter to be more suitable for my requirement. A quick query on smtpd_milters, the call to external filter would be same way the smtp negotiation happens ( HELO, MAIL FROM, RCPT TO etc ) before accepting the message to be queued or is the call in some form of HTTP get/post request  ?

          Thanks
        • Wietse Venema
          ... Milter applications are usually implemented on top of the libmilter library, which implements the Milter protocol. See: http://www.milter.org/developers
          Message 4 of 7 , Jun 3, 2010
          • 0 Attachment
            punit jain:
            > Hi Wietse,
            >
            > Gone through the links. I find Milter to be more suitable for my
            > requirement. A quick query on smtpd_milters, the call to external filter
            > would be same way the smtp negotiation happens ( HELO, MAIL FROM, RCPT TO
            > etc ) before accepting the message to be queued or is the call in some form
            > of HTTP get/post request ?

            Milter applications are usually implemented on top of the libmilter
            library, which implements the Milter protocol. See:
            http://www.milter.org/developers

            Wietse
          • punit jain
            Hi Wieste, Thanks for the link.I would like to know if my understanding is correct. Here is what I understood: - 1. Postfix uses Milter (mail filter) protocol
            Message 5 of 7 , Jun 5, 2010
            • 0 Attachment


              Hi Wieste,

              Thanks for the link.I would like to know if my understanding is correct. Here is what I understood: -

              1. Postfix uses Milter (mail filter) protocol to allow external application to inspect SMTP events (CONNECT, DISCONNECT), SMTP commands (HELO, MAIL FROM, etc.) as well as mail content (headers and body) as according to the information from http://www.postfix.org/MILTER_README.html.

              2. This would mean filter application should talk with postfix using Milter instead of HTTP. The application can then be invoked at different stages of SMTP.

              3. When postfix invoke filter application via Milter, information like sender/recipient address, source IP will be passed together or separately the way it is sent during SMTP negotiation ?

              Thanks
            • Wietse Venema
              ... This would mean that *something* talks to Postfix (for example via the Milter protocol). This *something* could then post the information from Postfix as
              Message 6 of 7 , Jun 5, 2010
              • 0 Attachment
                punit jain:
                > Hi Wieste,
                >
                > Thanks for the link.I would like to know if my understanding is correct.
                > Here is what I understood: -
                >
                > 1. Postfix uses Milter (mail filter) protocol to allow external application
                > to inspect SMTP events (CONNECT, DISCONNECT), SMTP commands (HELO, MAIL
                > FROM, etc.) as well as mail content (headers and body) as according to the
                > information from http://www.postfix.org/MILTER_README.html.
                >
                > 2. This would mean filter application should talk with postfix using Milter
                > instead of HTTP. The application can then be invoked at different stages of
                > SMTP.

                This would mean that *something* talks to Postfix (for example via
                the Milter protocol). This *something* could then post the information
                from Postfix as HTTP queries to the filter application.

                You could also talk to Postfix via its policy delegation protocol.
                This is simpler than Milter, and it sends all available attributes
                in one request. I guess that 100 lines of Perl script would do
                the job (not counting existing PERL code that already implements
                HTTP). http://www.postfix.org/SMTPD_POLICY_README.html

                > 3. When postfix invoke filter application via Milter, information like
                > sender/recipient address, source IP will be passed together or separately
                > the way it is sent during SMTP negotiation ?

                See https://www.milter.org/developers/api/index#Callbacks for a
                description of the functions that receive information from the MTA.

                Wietse
              Your message has been successfully submitted and would be delivered to recipients shortly.