Victor Duchovni wrote:
On Mon, Jan 18, 2010 at 10:14:34AM -0800, Daniel L. Miller wrote:
But my primary issue is sender validation. I don't see how, currently, to
implement this as a policy daemon without re-writing sender validation into
the policy daemon. I don't see any way, for example, to call another
policy daemon after permit_sasl_authenticated returns "OK".
This thread is NOT about address validation, it is about automatic
whitelisting of addresses (as senders) that are observed in outgoing
mail as recipients. No validation is required.
Correct - however my question is how do I determine what is "valid
outgoing mail" using built-in Postfix processes & methods?
A robust solution is a content filter or milter that inspects the outgoing
message, and ignores out-off-office messages and other auto-replies,
whitelisting only "real" email. I also think that such whitelists should
be for a given pair of correspondents, rather than all mail from the
sender in question.
Great points, and as we delve deeper into this I'm sure there are other
items we'll either want to consider or at least have the option for.
But the key to the whole thing is getting that recipient/sender
information to the whitelist writing daemon in a manner that works WITH
Postfix - and so far the methods I've looked at work around or against
Postfix.
You could also consider a sync of internal users' contact databases into
the whitelist, at which point, you can do away with any observation of
traffic, and just whitelist senders who appear in recipients' contact
lists.
A point - and a good one for initialization of the whitelist. However,
this does not address the need to add new addresses to the list
automatically. Example - our company changes insurance brokers, and
needs to receive forms from the new broker. Such communications should
not be reliant on the IT department "unlocking" the mail server - just
the act of the office manager's sending an e-mail to the broker should
be sufficient.
--
Daniel