On 2/10/2010 2:15 PM, Stefan Palme wrote:
Hi all,

I have smtpd_recipient_restrictions like this:

smtpd_recipient_restrictions =
        ...
        permit_sasl_authenticated, permit_mynetworks,
        reject_unauth_destination,
        check_policy_service unix:private/postgrey,
        reject_rbl_client zen.spamhaus.org,
        permit

For testing purposes, I want to skip the policy service for some
recipient addresses, for other recipients I want to skip the spamhaus
check, and for a third class of recipients I want to skip both checks.

So the idea is something like this:

smtpd_recipient_restrictions =
        ...
        permit_sasl_authenticated, permit_mynetworks,
        reject_unauth_destination,
         check_recipient_access hash:/etc/postfix/skip_postgrey,
        check_policy_service unix:private/postgrey,
         check_recipient_access hash:/etc/postfix/skip_spamhaus,
        reject_rbl_client zen.spamhaus.org,
        permit

/etc/postfix/skip_postgrey could contain somethink like:

   do.not.want.postg...@example.com    SKIP_NEXT_RESTRICTION

Similar for /etc/postfix/skip_spamhaus...

Of course, "SKIP_NEXT_RULE" is not a possible action in access tables.
But I guess you see what I want. Any ideas how to solve this?

Thanks and regards
-stefan-




You can use a check_recipient_access map and some smtpd_restriction_classes to define some recipients with different checks.

#main.cf
smtpd_restriction_classes = class_postgrey, class_sbl
class_postgrey = check_policy_service unix:private/postgrey
class_sbl = reject_rbl_client zen.spamhaus.org
smtpd_recipient_restrictions =
  ...
  reject_unauth_destination
  check_recipient_access hash:/etc/postfix/recipient_class
  check_policy_service unix:private/postgrey
  reject_rbl_client zen.spamhaus.org

# recipient_class
us...@example.com   class_postgrey, class_sbl, permit
us...@example.com   class_sbl, permit
us...@example.com   permit


http://www.postfix.org/RESTRICTION_CLASS_README.html


  -- Noel Jones

[1] a restriction class isn't required for the rbl lookup, but it seemed easier to me. You could instead use "reject_rbl_client zen.spamhaus.org" in your recipient_class access table.

[2] it would probably be better to use "permit_auth_destination" rather than "permit" in the recipient_class file to prevent accidents.

Reply via email to