On Wed, Aug 18, 2021 at 12:07:07PM -0700, Ron Garret <r...@flownet.com> wrote:
> On Aug 18, 2021, at 11:55 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > > > If you want different processing for inbound and outbound mail, > > use separate Postfix instances configured appropriately to the > > task at hand. > > There is a useful distinction to be made between mail that is injected > into the system by an authorized user and mail that is not. I think > of the former as “outbound” even though that is not technically > correct. And it is possible to handle these two kinds of messages > differently by using a milter (there may be other ways as well, but I > know for sure that a milter can do it). This may not be a smart thing > to do, but it is possible. > > rg I think a common way to distinguish between authenticated "inside" senders and unauthenticated "outside" senders, just based on tutorials I've seen online, is with the use of values like these in the various smtpd_*_restrictions settings: permit_mynetworks permit_sasl_authenticated reject_unauth_destination permit_auth_destination They can be used to control which mails are subjected to policy checks like greylisting or SPF checking. And with all the actions available in access(5) databases that can also be included in the restrictions settings (e.g. check_recipient_access or check_sender_access), you can do (or avoid doing) all sorts of things (e.g. FILTER). And with multiple instances/services setup in master.cf, you can probably do anything you can imagine. I take it that milters must work too, but they sound like much more effort. You need to write a whole other program (securely). But I guess if you really like the milter API, then you like it. :-) I've only used other people's milters (OpenDKIM and OpenDMARC), and only to filter the mail content itself. cheers, raf
