Loading ...
Sorry, an error occurred while loading the content.
 

Re: proxy_smtpd_filter vs FILTER action

Expand Messages
  • mouss
    ... if you use a proxy filter, _all_ mail goes to the proxy filter. ... either - forget about proxy filter and use after-the-queue filtering (with
    Message 1 of 3 , Sep 30, 2010
      Le 30/09/2010 12:48, Christian Rößner a écrit :
      > Hi,
      >
      > I have a problem that the smtpd_proxy_filter option has higher priority than a FILTER setting in an access table:
      >


      if you use a proxy filter, _all_ mail goes to the proxy filter.

      > Sep 30 12:33:04 mx0 postfix/smtpd[5250]: warning: access table cidr:/etc/postfix/maps/client_access.cidr: with smtpd_proxy_filter specified, action FILTER is unavailable
      >
      > What I need is a mechanism to re-route a mail to a different policy-bank in amavis, if a MTA-client is found in a whitelist:

      either
      - forget about proxy filter and use after-the-queue filtering (with
      content_filter, FILTER and/or transports)
      - or implement the dispatching in your proxy filter.
      - if your WL is IP based, put that in your firewall/NAT/routing config.

      > smtp inet n - - - 1 postscreen
      > smtpd pass - - - - 10 smtpd
      > -o smtp_bind_address=127.0.0.1
      > -o smtpd_proxy_filter=[127.0.0.1]:10024
      > -o smtpd_client_connection_rate_limit=5
      > -o smtpd_client_message_rate_limit=5
      > -o smtpd_client_recipient_rate_limit=30
      > dnsblog unix - - - - 0 dnsblog
      > ...
      >
      >
      > In main.cf:
      >
      > smtpd_recipient_restrictions =
      > ...
      > check_client_access cidr:/etc/postfix/maps/client_access.cidr,
      > ...
      >
      >
      > /etc/postfix/maps/client_access.cidr:
      > # Whitelisting
      > 193.239.107.22 FILTER lmtp-amavis:[::1]:10027
      >
      >
      > amavis:
      >
      > $interface_policy{'10027'} = 'WHITELIST';
      > $policy_bank{'WHITELIST'} = {
      > allow_disclaimers => 1,
      > bypass_spam_checks_maps => [1], # I want to disable spam-checks for SWL and DWL
      > terminate_dsn_on_notify_success => 0,
      > };
      >
      >
      > This test here is a pre-prototype for thinking about coding a policy-service that respects swl.spamhaus.org and dwl.spamhaus.org. Yet I do not know how to _really_ whitelist candidates on these lists. So I took my friend Uwe's MTA for a first test of whitelisting.
      >
      > Also the question for postscreen: Does it allow negative scoring of dnsbl? So I could use that lookup mechanism, too. At the moment I try to negative score whitelists in policyd-weight.
      >
      > This all is not so easy for me right now :-)
      >
      > Best regards
      > Christian
      >
      >
      > ---
      > Roessner-Network-Solutions
      > Bachelor of Science Informatik
      > Nahrungsberg 81, 35390 Gießen
      > F: +49 641 5879091, M: +49 176 93118939
      > USt-IdNr.: DE225643613
      > http://www.roessner-network-solutions.com
      >
    Your message has been successfully submitted and would be delivered to recipients shortly.