Thanks, I'll read about that tool. I'm pretty new to DKIM/SPF and am just now trying to set it up. I've been using postgrey for awhile and it does work great but it creates a lot of lag and causes problems (lost e-mail) with a lot of email senders.
So I want to be able to set up Postfix so, if it passes DKIM or other checks that give me a high confidence then just skip the postgrey stuff entirely. But, if it's a "Not sure" e-mail, then go ahead and postgrey it. I'll read about mtpolicyd and see if I can understand what my options with that would be. On Fri, 2015-09-18 at 20:20 +0200, Benning, Markus wrote: > I'm also using a policy daemon to build a score based on Whitelists, > SPF, RBLs, GeoIP, etc. > And then apply greylisting, rejects based on the score. > (as in mtpolicyd example configuration: > https://github.com/benningm/mtpolicyd/blob/master/etc/mtpolicyd.conf) > > But you can't do content checks in a recipient_restriction. > DKIM is based on message content. > > > Markus > > Am 2015-09-18 20:09, schrieb Bruce Marriner: > > I have (well had, technically) all of these running under the > > smtpd_recipient_restrictions with check_policy_service statements. > > > > On Fri, 2015-09-18 at 19:56 +0200, Sebastian Nielsen wrote: > >> I think he is out after doing a temporary fail after the DATA stage, > >> thus > >> avoiding the chicken and egg problem. > >> > >> -----Ursprungligt meddelande----- > >> From: Wietse Venema > >> Sent: Friday, September 18, 2015 7:50 PM > >> To: Postfix users > >> Subject: Re: Conditional Greylisting > >> > >> Bruce Marriner: > >> > I'd like to have DKIM/SPF setup and if an e-mail passed those I want to > >> > to completely bypass greylisting. However, if it soft-fails those > >> > checks then I want it to greylist next. > >> > >> You have a chicken and egg problem. DKIM signature verification > >> requires that Postfix receives the email message. Greylisting > >> happens BEFORE Postfix receives the email message. > >> > >> Wietse > >> >
