----- Message from Noel Jones <njo...@megan.vbhcs.org> ---------
Date: Fri, 24 Aug 2012 23:49:25 -0500
From: Noel Jones <njo...@megan.vbhcs.org>
Reply-To: postfix users <postfix-users@postfix.org>
Subject: Re: exceptions for smtpd_end_of_data_restrictions
To: postfix-users@postfix.org
On 8/24/2012 11:10 PM, an...@isac.gov.in wrote:
----- Message from Noel Jones <njo...@megan.vbhcs.org> ---------
Date: Wed, 22 Aug 2012 06:31:10 -0500
From: Noel Jones <njo...@megan.vbhcs.org>
Reply-To: postfix users <postfix-users@postfix.org>
Subject: Re: exceptions for smtpd_end_of_data_restrictions
To: postfix-users@postfix.org
On 8/22/2012 2:14 AM, an...@isac.gov.in wrote:
Dear List,
I have this in my main.cf
smtpd_end_of_data_restrictions =
check_policy_service inet:127.0.0.1:9998
This basically checks for mail size and allows/not allows a mail
based on contents of a file.
Is there a way to say, not to use this policy service, based on some
headers of a mail?
You can skip the policy based on envelope information by using a
check_*_access map before the policy check. You could also likely
do this inside the policy server itself.
You cannot skip it based on headers.
-- Noel Jones
Thanks for your inputs. You are all experts, please share some
ideas with me to solve my problem. I have described the requirement
in detail as below.
Let me explain my current setup and my real requirement.
I have a front end for accessing and sending mail (say server A).
All mails sent from this (server A) are directed to another server
(say server B) for virus/spam check using Amavisd. If the mails are
addressed to any internet domain other than ours, mails get
forwarded to Server C, else mails are delivered locally.
A (Front End Mail) -> B (Virus/Spam scanner) -> C (for delivering to
Internet).
At server B (for local delivery of mails) we have a size limit of 30
MB.
At Server C (for delivery to Internet ) we have a size limit of 30
MB, but using policyd feature of Postfix (at
smtpd_end_of_data_restrictions), by default we are restricting to 2
MB and based on the contents of a data file (which is manually
edited as and when required) which contains Sender address and
allowed size, mails get get delivered to outside domains having
higher size.
Now, I have been asked to develop another front end at same level as
Server A (say server D), to enable users to send mails of large size
to Internet users, such that, once a mail is composed and submitted
for approval, Based on the content, I can approve or disapprove.
Once approved, it should go through Server B and finally server C to
get delivered to outside domains.
My problem lies at Server C where I am running a policy for sending
outside mails. How does that mail be allowed without even looking
at policy (exception for policy).
Please provide guidance or any other alternative strategy to achieve
the requirement. But, it is must that, mail should go through the
virus scan.
Regards,
Anant.
Have D submit mail to a dedicated amavisd port on B, which can then
submit to a separate port on C with no policy.
See amavisd docs about listening on multiple ports, policy banks, etc.
For the postfix changes on C, the lazy solution is set up another
smtpd listener in master.cf with empty
smtpd_end_of_data_restrictions; the better full-featured solution is
a separate postfix instance giving full control with separate queue,
logging, and stats.
-- Noel Jones
Thanks. I think, this is the only option. I need to work on this. Thanks.
Regards,
Anant.
----- End message from Noel Jones <njo...@megan.vbhcs.org> -----
------------------------------------------------------------------------------
Confidentiality Notice: This e-mail message, including any attachments, is for
the sole use of the intended recipient(s) and may contain confidential and
privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact the sender by reply e-mail and destroy all copies of the original
message.
------------------------------------------------------------------------------
