Steve a écrit :
> -------- Original-Nachricht --------
>> Datum: Thu, 29 Jan 2009 20:38:26 +0100
>> Von: "Steve" <steeeeev...@gmx.net>
>> An: postfix-users@postfix.org
>> Betreff: Re: Calling smtpd restriction/filter from within master.cf
>
>> -------- Original-Nachricht --------
>>> Datum: Thu, 29 Jan 2009 19:44:53 +0100
>>> Von: mouss <mo...@ml.netoyen.net>
>>> An: postfix-users@postfix.org
>>> Betreff: Re: Calling smtpd restriction/filter from within master.cf
>>> Steve a écrit :
>>>> -------- Original-Nachricht --------
>>>>> Datum: Thu, 29 Jan 2009 17:14:08 +0100
>>>>> Von: mouss <mo...@ml.netoyen.net>
>>>> [snip]
>>>>> PS If you are using this to do per recipient filtering, don't forget
>>>>> that only one filter will run. so if a message is sent to multiple
>>>>> recipients, the last FILTER statement will set the filter. if one of
>>> the
>>>>> recipients is configured to skip filtering, all it takes a spammer
>> is
>>>>> to add this as the last recipient...
>>>>>
>>>> Thanks for reminding me about that. Is that btw as well true if I
>> would
>>> limit destination concurrency to 1 for that filter?
>>> no. but this would not be very "nice"...
>>>
>>> if your goal is to skip dspam for some users, then why not do this in
>>> dspam itself (opt-in or other....)
>>>
>> Who was writing about DSPAM? Me not.
then I guessed wrong ;-p
> Anyway... let's take DSPAM as an
>> example:
>> Postfix -{content filter Amavis in LMTP mode} -> {Amavis doing his stuff
>> reinject back to Postfix over SMTP on another port (for example 10025)} ->
>> {Postfix on port 10025 has content filter entry to use DSPAM over LMTP} ->
>> {DSPAM filtering and then reinjecting back to Postfix listening on another
>> port (for example 10026) with SMTP} -> delivery
>>
>> How would now one let all inbound/outbound mail go over Amavis but let
>> only outbound
>>
> Sorry! Only inbound not outbound.
>
>
you can do that by using different ports in amavisd-new:
[postfix]
configure postfix to pass outbound mail to port 10586. you can do this
with FILTER based on the client or auth:
smtpd_recipient_restrictions =
check_client_access pcre:/etc/postfix/filter_outbound
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_client_access pcre:/etc/postfix/filter_inbound
...
== filter_outbound:
/./ FILTER filter:[127.0.0.1]:10586
== filter_inbound:
/./ FILTER filter:[127.0.0.1]:10024
[amasvid-new]
- configure amavsid-new to listen on 10024 and 10586
$inet_socket_port = [10024, 10586];
- use policy banks to achieve different configs for inbound and
outbound. for example:
$interface_policy{'10586'} = 'MSA';
$policy_bank{'MSA'} = {
# mail was submitted by our smtp client
originating => 1,
#pass mail to postfix on 10026
forward_method => 'smtp:[127.0.0.1]:10026',
# skip spam checks?
# bypass_spam_checks_maps => [ 1 ],
};
>
>> mail go over DSPAM? The valid users are all in a MySQL table and
>> that's the reason I was thinking to use a recipient access map to separate
>> the recipients and use that info to know what is inbound and what is
>> outbound.
>>
it is more robust to use the client or authentication instead, as long
as you can keep different "paths" as in the example above.
> [snip]
