Hi Patrick!
On Tue, Aug 06, 2013 at 08:37:09AM +0200, Patrick Ben Koetter wrote:
> * Franz Schwartau <[email protected]>:
> > Hi Noel,
> >
> > thanks for your answer.
> >
> > On 05.08.2013 18:31, Noel Jones wrote:
> > > On 8/5/2013 10:42 AM, Franz Schwartau wrote:
> > >> Dear list,
> > >>
> > >> I configured postfix to use amavisd as a SMTP proxy
> > >> (smtpd_proxy_filter). Now I'd like to skip amavisd if a policy daemon
> > >> called in smtpd_recipient_restrictions returns OK.
> > >>
> > >> Has anyone any idea how to accomplish this?
> > >>
> > >> As far as I unterstood postfix' restrictions there is no "final" OK
> > >> skipping any further checks.
> > >
> > > The insurmountable problem is that amavisd is called before the
> > > policy server is ever run.
> > > Any bypass will need to be in amavisd itself.
> > >
> > > The built-in bypass mechanisms in amavisd-new are the various
> > > bypass* and *lovers parameters. If they can't do what you want,
> > > custom code will be needed.
> >
> > I'm aware of the fact that amavisd is run before the policy daemon if
> > configured as a smtpd_proxy_filter. This is why I asked "Is there any
> > way to flag anything so amavisd skips it's checks?"
> >
> > The only way I found so far is to set an extra header in postfix via
> > PREPEND. This extra header can be evaluted by spamassassin setting a
> > very low score. Unfortunatly this doesn't cover virus or bad header checks.
> >
> > amavisd's bypass and lovers maps are for recipients, only.
> >
> > Any idea how amavisd can be configured to skip checks if an extra header
> > is set?
>
> Not unless you add (read: program) a custom class.
>
> What problem do you need to solve? Maybe we can use a different approach.
Basically I'd like to skip any further checks based on a result of a policy
daemon.
I use smtpd_recipient_restrictions to ask a policy server using
check_policy_service. This policy server implements black- and whitelisting in
dependency of the recipient domain. The parameters for black- or whitelisting
are stored in a SQL database. The parameters can be of all types (client name,
client address, hello parameter, sender, recipient). If some parameter is
whitelisted amavisd shouldn't perform any checks.
BTW. I know SMTP is a multi recipient protocol. Black- and whitelisting can be
complicated. But please don't let us discuss it here. Maybe I have to use
another call to a policy daemon in smtpd_data_restrictions to solve multiple
recipient problems.
So I'm looking for a possibility to skip checks within amavisd based on some
critera, e. g. special header is present, external file based on queue id is
present.
Best regards
Franz
