Thank you for adding if-endif to header and body checks. A report on About.com states that in 2010 there were about 294 billion emails sent per day, 90% of which were spam. With numbers like that, trying to go through and blacklist individual IP addresses or users is a waste of time. Spam through here had become such a nightmare that a few years back I informed all my clients that I was done hosting email. I kept the accounts for the Mrs. and myself active, but there continued to be so much spam and gray mail that we quit checking our accounts.
Recently I've had a couple of hard drives crash on the servers. So in the process of replacing the hard drives and reinstalling PostFix, I stumbled across your if-endif conditional. Experimenting with it, I've been able to close the door to world wide access to my email accounts and only allow certain users by placing whitelisted conditions up front, and blocking everyone else. The REJECT action includes instructions how to bypass the filter:
!/\[Key Word\]/ REJECT "UNAUTHORIZED MAIL. To bypass the spam filter, include the following anywhere in the Subject line: [Key Word]"
If I understand correctly, without the if-endif conditional, the only way to exit header_checks before reaching the end of the file is if a REJECT action is matched. There's no way for me to say "This email is from my wife, so accept the email and exit header_checks immediately":
But with the if-endif conditional, I can use it to dump out of the check if a "white listed" condition is met.
> If I understand correctly, without the if-endif conditional, the only way toAccording to http://www.postfix.org/CONTENT_INSPECTION_README.html,
> exit header_checks before reaching the end of the file is if a REJECT action
> is matched. There's no way for me to say "This email is from my wife, so
> accept the email and exit header_checks immediately":
header_checks and body_checks implement light-weight content
inspection. If you have a spam problem, use a real content filter.
Most header_checks and body_checks actions say "do X and inspect
the next input line". Only a few actions are "final", including
DISCARD and REJECT.
Also as documented, if-endif have line scope, not message scope.