On 5/13/2018 11:56 AM, deoren wrote:
On 5/11/2018 2:20 PM, Wietse Venema wrote:
deoren:
My apologies if I overlooked an answer somewhere, but I checked the docs
and performed a brief search of the archives before asking and didn't
spot the answer.
Goal:
BCC everything EXCEPT for health check emails generated by our HAProxy
load-balancer
Use a CIDR map:
/etc/postfix/main.cf
smtpd_client_restritions =
check_client_access cidr:/etc/postfix/client-access.cidr
etc/postfix/client-access.cidr:
# First, a rule that matches healtcheck mail.
1.2.3.4/32 DUNNO
# Add a BCC recipient to other email.
0.0.0.0/0 BCC f...@example.com
This requires Postfix 3.0 or later.
Wietse
Thank you for the feedback and the solution.
I assume that the performance for this solution is going to be much
better than the approach I went with? I'm guessing that this approach
will also be much more stable over the long run as well. To continue
that thought, this approach also keeps the two specific actions together
in a single block which should be easier for anyone reviewing the
settings to mentally parse.
I had a few moments to go back and update the setup to use the proposed
solution, but stopped part way through. I see that we're matching on the
client IP here with an action of DUNNO.
Instead of matching on the IP with check_client_access, could we match
on the sender address instead with check_sender_access so that
non-health-check mail from the load-balancer will still be subject to
the BCC action?
/etc/postfix/main.cf
smtpd_client_restrictions =
check_sender_access hash:/etc/postfix/sender-access.cf
/etc/postfix/sender-access.cf:
# First, a rule that matches health-check mail.
smtp-health-che...@example.com DUNNO
# Add a BCC recipient to other email.
* BCC f...@example.com
For the last entry that BCC's "everything else", is the * character a
valid source?
Thanks for your help.
