skipping single restrictions
Hi all, I have smtpd_recipient_restrictions like this: smtpd_recipient_restrictions = ... permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/postgrey, reject_rbl_client zen.spamhaus.org, permit For testing purposes, I want to skip the policy service for some recipient addresses, for other recipients I want to skip the spamhaus check, and for a third class of recipients I want to skip both checks. So the idea is something like this: smtpd_recipient_restrictions = ... permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/skip_postgrey, check_policy_service unix:private/postgrey, check_recipient_access hash:/etc/postfix/skip_spamhaus, reject_rbl_client zen.spamhaus.org, permit /etc/postfix/skip_postgrey could contain somethink like: do.not.want.postg...@example.comSKIP_NEXT_RESTRICTION Similar for /etc/postfix/skip_spamhaus... Of course, SKIP_NEXT_RULE is not a possible action in access tables. But I guess you see what I want. Any ideas how to solve this? Thanks and regards -stefan-
Re: skipping single restrictions
Stefan Palme: Hi all, I have smtpd_recipient_restrictions like this: smtpd_recipient_restrictions = ... permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/postgrey, reject_rbl_client zen.spamhaus.org, permit For testing purposes, I want to skip the policy service for some recipient addresses, for other recipients I want to skip the spamhaus check, and for a third class of recipients I want to skip both checks. So the idea is something like this: smtpd_recipient_restrictions = ... permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/skip_postgrey, check_policy_service unix:private/postgrey, check_recipient_access hash:/etc/postfix/skip_spamhaus, reject_rbl_client zen.spamhaus.org, permit /etc/postfix/skip_postgrey could contain somethink like: do.not.want.postg...@example.comSKIP_NEXT_RESTRICTION Similar for /etc/postfix/skip_spamhaus... Of course, SKIP_NEXT_RULE is not a possible action in access tables. But I guess you see what I want. Any ideas how to solve this? See RESTRICTION_CLASS_README for recipient-dependent restrictions. Wietse
Re: skipping single restrictions
On Wed, Feb 10, 2010 at 09:15:59PM +0100, Stefan Palme wrote: smtpd_recipient_restrictions = ... permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/postgrey, reject_rbl_client zen.spamhaus.org, permit For testing purposes, I want to skip the policy service for some recipient addresses, for other recipients I want to skip the spamhaus check, and for a third class of recipients I want to skip both checks. http://www.postfix.org/RESTRICTION_CLASS_README.html -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: skipping single restrictions
On 2/10/2010 2:15 PM, Stefan Palme wrote: Hi all, I have smtpd_recipient_restrictions like this: smtpd_recipient_restrictions = ... permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/postgrey, reject_rbl_client zen.spamhaus.org, permit For testing purposes, I want to skip the policy service for some recipient addresses, for other recipients I want to skip the spamhaus check, and for a third class of recipients I want to skip both checks. So the idea is something like this: smtpd_recipient_restrictions = ... permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/skip_postgrey, check_policy_service unix:private/postgrey, check_recipient_access hash:/etc/postfix/skip_spamhaus, reject_rbl_client zen.spamhaus.org, permit /etc/postfix/skip_postgrey could contain somethink like: do.not.want.postg...@example.comSKIP_NEXT_RESTRICTION Similar for /etc/postfix/skip_spamhaus... Of course, SKIP_NEXT_RULE is not a possible action in access tables. But I guess you see what I want. Any ideas how to solve this? Thanks and regards -stefan- You can use a check_recipient_access map and some smtpd_restriction_classes to define some recipients with different checks. #main.cf smtpd_restriction_classes = class_postgrey, class_sbl class_postgrey = check_policy_service unix:private/postgrey class_sbl = reject_rbl_client zen.spamhaus.org smtpd_recipient_restrictions = ... reject_unauth_destination check_recipient_access hash:/etc/postfix/recipient_class check_policy_service unix:private/postgrey reject_rbl_client zen.spamhaus.org # recipient_class us...@example.com class_postgrey, class_sbl, permit us...@example.com class_sbl, permit us...@example.com permit http://www.postfix.org/RESTRICTION_CLASS_README.html -- Noel Jones [1] a restriction class isn't required for the rbl lookup, but it seemed easier to me. You could instead use reject_rbl_client zen.spamhaus.org in your recipient_class access table. [2] it would probably be better to use permit_auth_destination rather than permit in the recipient_class file to prevent accidents.
