On Sat, 14 Mar 2009, Wietse Venema wrote:
Henk van Oers:Quote from header_checks (5): "" DUNNO Pretend that the input line did not match any pat- tern, and inspect the next input line. This action can be used to shorten the table search. For backwards compatibility reasons, Postfix also accepts OK but it is (and always has been) treated as DUNNO. "" I was trying to use action OK to jump out of header checks. That is: not only skip the next patterns, but also the next input lines.According to the above documentation, Postfix does not work that way. Whitelisting based on a single header line is unsafe.
I know. spammers can insert/spoof whatever.
Doing a proper job requires an external content filter.
I want to reject as mutch as posible, so i have a header_checks file. To bypass the header check for trusted senders i tryed: if /^Return-Path:/ /trusted_sender/ OK endif As i now understand it, i have to put this header check in a separate file and the other header_check file will be ignored. Right? (and, yes i know, the sender can be spoofed, but the spammer will be rejected before the data fase)
