I'd like to propose a small enhancement for the Policy Server protocol.
I'll code up a first cut of it, if nobody else is willing.
Basically, I think it would be very useful if the protcol included a
line like:
trusted_client=[yes/no]
where the value would be set to "yes" if and only if the client had
either authenticated (SASL) _or_ the client connected from some IP
specified in $my_networks.
Rationale:
Handling of the e-mails processed by Postfix could be broadly grouped into
"incoming" and "outgoing" categories. The handling of each category might
reasonably be very different. For example, while it may be desirable to
apply all sorts of filtering tests to incoming e-mail, one probably does
not want to apply such tests to outgoing e-mails. Separately, if one
wishes to automatically construct and/or maintain an whitelist of every
e-mail address that "internal" (trusted) users have sent mail to in the
past, then one could do that by simply adding all recipient e-mail
addresses associated with _just_ "outgoing" e-mails to the automatically
maintained whitelist. (Such a whitelist could be easily maintained in an
entirely automated fasion by a Postfix policy server, but the policy server
has to differentiate between incoming and outgoing e-mails.)
I've already written something (a policy server) that does in fact try to
maintain a system-wide whitelist in just this way, but it is less than
optimal because it has to check itself to see if either (a) there is one
or more sasl_* lines in the current policy request or else (b) the client
IP is in $my_networks. For the latter test, the tool in question has to
be provided with its own copy of the value of $my_networks (because it is
not smart enough to know how to parse this data out of Postfix's *.cf files)
and I'm worried that this will eventually lead to a "version skew" type
problem, i.e. where Postfix has one version of the $my_networks list, but
the external (whitelist maintainer) policy server has a somewhat different
version of $my_networks, in which case proper maintenance of the whitelist
will break down.
Given that Postfix is already checking to see if the client is in $my_networks
anyway, _and_ that it already knows whether or not the current SMTP session
has authenticated (via SASL), it seems that it would be quite simple for
Postfix to simply share this bit of useful information (in a convenient form)
with external policy servers.
