Re: Whitelisting made easy
Daniel L. Miller wrote: Wietse Venema wrote: The client IP address passed along in the policy protocol. This goes back to my original question. How, using existing Postfix syntax, can I call the policy daemon - after the IP address and/or sender authentication has been performed by Postfix? Or would I have to re-create IP sender validation within the policy daemon? IS there a way? Or must the checks be duplicated - or replicated - in the new policy daemon? -- Daniel
Re: Whitelisting made easy
Wietse Venema wrote: The following solution solves 99% of the problem: - IF mail is from a local (or authenticated) client That's the magic part right there. How do I accomplish this? - AND the sender has already passed reject_unlisted_sender - THEN store the (sender, recipient) pair in a whitelist. This can be done with trivial modification of an existing greylisting policy daemon. Absolutely - already done. Just need that test. -- Daniel
Re: Whitelisting made easy
Daniel L. Miller: Wietse Venema wrote: The following solution solves 99% of the problem: - IF mail is from a local (or authenticated) client That's the magic part right there. How do I accomplish this? The client IP address passed along in the policy protocol. - AND the sender has already passed reject_unlisted_sender That's by having reject_unlisted_sender before check_policy_service. Wietse - THEN store the (sender, recipient) pair in a whitelist. This can be done with trivial modification of an existing greylisting policy daemon. Absolutely - already done. Just need that test. -- Daniel
Re: Whitelisting made easy
Wietse Venema wrote: The client IP address passed along in the policy protocol. This goes back to my original question. How, using existing Postfix syntax, can I call the policy daemon - after the IP address and/or sender authentication has been performed by Postfix? Or would I have to re-create IP sender validation within the policy daemon? -- Daniel
Whitelisting made easy (was: The method behind the madness)
The following solution solves 99% of the problem: - IF mail is from a local (or authenticated) client - AND the sender has already passed reject_unlisted_sender - THEN store the (sender, recipient) pair in a whitelist. This can be done with trivial modification of an existing greylisting policy daemon. Occasionally, a sender or recipient address will become invalid, or a user mis-types. To clean out junk, maintain a last use time stamp for each (sender, recipient) pair, and periodically remove entries that are too old. Or just rename the database late Saturday night and let it re-populate over time. Wietse