Firstly, thanks very much for your responses. I always learn so much
from your posts. :)
My problem is that I want to limit mail only on certain mailboxes. As
I understood your message, your method works like this:
(1) Are you from a domain I've whitelisted? if yes, (2). If no, (3)
(2) deliver.
(3) reject.
Say I add bingo.com as a client. I'll eventually want to set up a
[EMAIL PROTECTED] with filtering, but do I really want to say on the
phone, "Give me a minute to whitelist you in our system?"
Also (not that this is at all likely to happen), what happens when a
joker at foo.com thinks it would be funny to make trouble by sending
to [EMAIL PROTECTED]
Am I misunderstanding or do I really have the problem I think I have?
-CMP
On 7/23/06, Aaron S. Joyner <[EMAIL PROTECTED]> wrote:
Cristobal Palmer wrote:
> Many thanks to Nathan Conrad for showing me how it's done in procmail:
>
> --install procmail
> --add this line to /etc/postfix/main.cf :
> 'mailbox_command = /usr/bin/procmail'
> --assuming we don't want to drop rejected mail to /dev/null, we should
> make a /var/log/procmail dir and set up a rotation for .junk files
> --make an /etc/procmailrc file:
>
> :0
> * ^To:[EMAIL PROTECTED]
> {
> :0
> * !^From:[EMAIL PROTECTED]
> /var/log/procmail/foo.junk
> }
>
> :0
> * ^To:[EMAIL PROTECTED]
> {
> :0
> * !^From:[EMAIL PROTECTED]
> /var/log/procmail/baz.junk
> }
>
> --??
In the procmail setup, this --?? step corresponds to "accept the entire
body of the message and cache it to the local disk for no good reason".
:) For the same reasons Jason mentioned previously in this thread, it's
much preferable to do it with the MTA, a lot less load and a lot less
bandwidth consumed. Perhaps the best benefit is that persons not
sending valid mail to you get a rejection, generated for free by their
MTA, instead of having their mail silently dropped on the floor (where
the floor in this case is /var/log/procmail/*.junk). Before someone
jumps in and modifies your procmail rule to send a failure DSN (Delivery
Status Notification), let me point out that you don't want one of those
to be sitting in your mail queue for 5 days for every piece of spam you
get with out a valid return domain (ie. mail server that can't be
contacted). Then someone might suggest that you could solve that by
lowering your queue length to less than 5 days or offloading it to a
separate queue server, but of course that affects all of your normal
mail flow, etc and hopefully you'll notice that these things are a lot
of hoops to jump through unnecessarily. Enforcing rules about who to
accept and receive mail from is the job of the MTA, delivery into
different mailboxes is the job of the delivery agent.
Aaron S. Joyner
> --Profit!
>
> -CMP
>
> On 7/22/06, Cristobal Palmer <[EMAIL PROTECTED]> wrote:
>
>> I have a site, bar.com, that will be receiving mail from clients such
>> as foo and baz who have their own domains, foo.com and baz.com.
>>
>> I want to set things up such that mail to [EMAIL PROTECTED] only gets
>> through if it came from [EMAIL PROTECTED], likewise mail to [EMAIL
PROTECTED] should
>> be dropped if it didn't come from [EMAIL PROTECTED]
>>
>> What's the _best_ way to do this if I'm using postfix? Something
>> directly in postfix? Procmail?
>>
>> TIA,
>> CMP
>>
>> --
>> Cristobal M. Palmer
>> UNC-CH SILS Student
>> TriLUG Vice Chair
>> [EMAIL PROTECTED]
>> [EMAIL PROTECTED]
>> ils.unc.edu/~cmpalmer
>> "Television-free since 2003"
>>
>> <tarheelcoxn> iank has trouble with English. his native language is
>> Python
>> <iank> Yeah
>> <iank> I'm forced
>> <iank> To indent
>> <iank> My sentences
>>
>
>
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
--
Cristobal M. Palmer
UNC-CH SILS Student
TriLUG Vice Chair
[EMAIL PROTECTED]
[EMAIL PROTECTED]
ils.unc.edu/~cmpalmer
"Television-free since 2003"
<tarheelcoxn> iank has trouble with English. his native language is Python
<iank> Yeah
<iank> I'm forced
<iank> To indent
<iank> My sentences
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
