On 2/10/2010 2:15 PM, Stefan Palme wrote:
Hi all,
I have smtpd_recipient_restrictions like this:
smtpd_recipient_restrictions =
...
permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination,
check_policy_service unix:private/postgrey,
reject_rbl_client zen.spamhaus.org,
permit
For testing purposes, I want to skip the policy service for some
recipient addresses, for other recipients I want to skip the spamhaus
check, and for a third class of recipients I want to skip both checks.
So the idea is something like this:
smtpd_recipient_restrictions =
...
permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination,
check_recipient_access hash:/etc/postfix/skip_postgrey,
check_policy_service unix:private/postgrey,
check_recipient_access hash:/etc/postfix/skip_spamhaus,
reject_rbl_client zen.spamhaus.org,
permit
/etc/postfix/skip_postgrey could contain somethink like:
do.not.want.postg...@example.com SKIP_NEXT_RESTRICTION
Similar for /etc/postfix/skip_spamhaus...
Of course, "SKIP_NEXT_RULE" is not a possible action in access tables.
But I guess you see what I want. Any ideas how to solve this?
Thanks and regards
-stefan-
You can use a check_recipient_access map and some
smtpd_restriction_classes to define some recipients with
different checks.
#main.cf
smtpd_restriction_classes = class_postgrey, class_sbl
class_postgrey = check_policy_service unix:private/postgrey
class_sbl = reject_rbl_client zen.spamhaus.org
smtpd_recipient_restrictions =
...
reject_unauth_destination
check_recipient_access hash:/etc/postfix/recipient_class
check_policy_service unix:private/postgrey
reject_rbl_client zen.spamhaus.org
# recipient_class
us...@example.com class_postgrey, class_sbl, permit
us...@example.com class_sbl, permit
us...@example.com permit
http://www.postfix.org/RESTRICTION_CLASS_README.html
-- Noel Jones
[1] a restriction class isn't required for the rbl lookup, but
it seemed easier to me. You could instead use
"reject_rbl_client zen.spamhaus.org" in your recipient_class
access table.
[2] it would probably be better to use
"permit_auth_destination" rather than "permit" in the
recipient_class file to prevent accidents.