Hello,
I felt interesting the discussion started by mouss in thread "whitelist
from spamhaus", and particularly the content of the email:
http://archives.neohapsis.com/archives/postfix/2006-05/0598.html
written by Viktor.
Indeed, I have started since some weeks to use the Postfix SMTP policy
access delegation. Because I need to apply a policy to the outgoing
messages, I have been obliged to put the policy check delegation on top
of "smtpd_recipient_restrictions" class:
smtpd_recipient_restrictions =
check_policy_service inet:127.0.0.1:10031
check_client_access
proxy:mysql:/etc/postfix/mysql-check-client-access.cf
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
.
.
.
I don't like much this solution because doing so I apply policy even
before to check If an IP is enabled to relay through my mail gateway.
Neverthless, I could move down "check_policy_service" after
"reject_unauth_destination" because the policy wouldn't be applied to
the outgoing messages..
In the solution proposed by Viktor, it seems that I could separate the
two stages (UCE control - including policy, and relay). So I can rewrite
the stage above as the following:
smtpd_rcpt_restriction_classes =
smtpd_relay_restrictions
smtpd_recipient_restrictions
where
smtpd_relay_restrictions =
check_client_access
proxy:mysql:/etc/postfix/mysql-check-client-access.cf
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
smtpd_recipient_restrictions = check_policy_service
inet:127.0.0.1:10031
What do you think? Could be ok?
A further question: "How I say to postfix to use
'smtpd_rcpt_restriction_classes' and where it will be evaluated?"
Thanks,
rocsca
