Loading ...
Sorry, an error occurred while loading the content.
 

Re: mysql based blacklist

Expand Messages
  • mouss
    ... you an t have a rule per send and per recipient in the genral case. that is, you can t implement: if foo(sender) and bar(recipient) if on the other hand
    Message 1 of 3 , Dec 6, 2010
      Le 06/12/2010 21:31, John Adams a écrit :
      > Hi
      >
      > I host several domains on my mail system. The various domains all have
      > their own dedicated spamassassin blacklist. Because spamassassin's
      > blacklist implementation is not waterproof (if message size > spamc -s
      > $size, let mail pass unchecked), I want to run the blacklist via
      > smtpd_sender_restrictions check_sender_access. Because I must use
      > spamassassins blacklist_from syntax the sql query looks like this:
      >
      > query = SELECT 'REJECT sender blacklisted' as action FROM sa_prefs WHERE
      > preference='blacklist_from' AND (value='%u@%d' OR value like '%%%d')
      >
      > This works in the global system context. Unfortunatley this does not
      > respect that a blacklist entry always belongs to a recipient domain and
      > therefore should not be valid for all recipient domains.
      >
      > In http://www.postfix.org/mysql_table.5.html I could not find a hint
      > that would enable the sql query to utilize a parameter that would
      > reflect the recipient domain, like shown below:
      >
      > query = SELECT 'REJECT sender blacklisted' as action FROM sa_prefs WHERE
      > preference='blacklist_from' AND (value='%u@%d' OR value like '%%%d') AND
      > recipientdomain='%r'
      >
      > where %r would stand for the recipient's domain.


      you an't have a rule per send and per recipient in the genral case. that
      is, you can't implement:
      if foo(sender) and bar(recipient)


      if on the other hand you can define N policies, then you can decide that
      a recipient implies one policy (among the N policies) in which you can
      do what you want. for example


      smtpd_restriction_classes =
      policy1
      policy2
      ...


      smtpd_something_restrictions =
      check_recipient_access hash:/etc/postfix/access_recipient


      policy1 = check_sneder_access hash:/etc/postfix/access_sender_1
      policy2 = check_sneder_access hash:/etc/postfix/access_sender_2
      ...

      == access_recipient:
      joe@... policy1
      jim@... policy2
      ...


      if you don't realise it, the limitation is that you need to define a
      predefined number of "policies".


      if you want a more general config, then you need a policy service or a
      milter.

      >
      > I hope I managed to write down understandably what I want. Would be nice
      > if any of you knew an answer.
      >
      > Thanks
      > John
    Your message has been successfully submitted and would be delivered to recipients shortly.