Wietse Venema via Postfix-users wrote in <4wtl814dp5zj...@spike.porcupine.org>: |Steffen Nurpmeso via Postfix-users: |> Keith wrote in |> <bd099fc3eb840e7fa6007ff1d92ec6735841bde5.ca...@soondae.co.uk>: |>|Hmm Policy Server. Do I have to install one and read the Man Pages? ... |> The op wants to be able to reject the one emails, and to block IPs |> of others which match something, if i understood this correctly. |> This i think can be done with a "policy server" or a milter, |> parsing logs is too late. I would say policy is much cheaper and |> easier than milter in terms of CPU cycles and usage. |> |> So.. i do not know, actually, whether there exists an "easily |> accessible proxy" already, like say one that readily prepares the |> KEY=VALUE pairs of the protocol to make them accessible for |> example to a shell script, (or a shell function, ie, one shell |> instance from start to stop; i-should-go-more-lua, btw), and then |> supports things like postfix itself, for example "REJECT" or |> "RUN-SCRIPT" .. or whatever. That would be cool. |> If so, it would be *cool* if that would become a postfix companion |> and part of it! (RUN-SCRIPT would then change user and group id |> etc, likely.) | |For policy delegation, it's already there. The example in |https://www.postfix.org/SMTPD_POLICY_README.html uses the Postfix |built-in spawn(8) daemon, to run a policy server on-demand and as |an unprivileged user. | |The policy protocol is brain-dead simple (apart from %hex encoding |of weird strings). The script should run in a loop so that the same
After the shock .. this hopefully only applies to "ccert_*" attributes as the README says. |process can be reused multiple times until the Postfix SMTP daemon |closes the connection. So this strips the mentioned postfix example to a core that should run (untested), with only the necessity to fill in the function fullfill_your_desire(). A pity it is not lua, maybe sometimes before autumn i could create the same as a lua script, and post it to this thread just for fun?!? #!/usr/bin/env perl use Sys::Syslog qw(:DEFAULT setlogsock); $verbose = 0; $syslog_socktype = 'unix'; # inet, unix, stream, console $syslog_facility="mail"; $syslog_options="pid"; $syslog_priority="info"; sub fullfill_your_desire { return "dunno"; } sub fatal_exit { my($first) = shift(@_); syslog "err", "fatal: $first", @_; exit 1; } setlogsock $syslog_socktype; openlog $0, $syslog_options, $syslog_facility; while ($option = shift(@ARGV)) { if ($option eq "-v") { $verbose = 1; } else { syslog $syslog_priority, "Invalid option: %s. Usage: %s [-v]", $option, $0; exit 1; } } select((select(STDOUT), $| = 1)[0]); while (<STDIN>) { if (/([^=]+)=(.*)\n/) { $attr{substr($1, 0, 512)} = substr($2, 0, 512); } elsif ($_ eq "\n") { if ($verbose) { for (keys %attr) { syslog $syslog_priority, "Attribute: %s=%s", $_, $attr{$_}; } } fatal_exit "unrecognized request type: '%s'", $attr{request} unless $attr{"request"} eq "smtpd_access_policy"; $action = fullfill_your_desire(); syslog $syslog_priority, "Action: %s", $action if $verbose; print STDOUT "action=$action\n\n"; %attr = (); } else { chop; syslog $syslog_priority, "warning: ignoring garbage: %.100s", $_; } } |For header_checks, one could use the tcp_table and socketmap |protocols, but the Postfix lookup table interface supports only one |query attribute per request. | |For complex policies that require real-time responses and that look |at the envelope and message content, I still recommed using a milter. ... --End of <4wtl814dp5zj...@spike.porcupine.org> --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | | Only during dog days: | On the 81st anniversary of the Goebbel's Sportpalast speech | von der Leyen gave an overlong hypocritical inauguration one. | The brew's essence of our civilizing advancement seems o be: | Total war - shortest war -> Permanent war - everlasting war _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org