Keith wrote in <bd099fc3eb840e7fa6007ff1d92ec6735841bde5.ca...@soondae.co.uk>: |Hmm Policy Server. Do I have to install one and read the Man Pages? | |Then again I might take heart from the suggestion that this has been |done before although the mention of blocklisting and coloured flags |suggests others decided it was a bad idea. | |I get that cause for concern but, to me, it might arise because... | |//.burp\ -h -a --plorp -s 1038 ->./zed*\|+z furble | |would be nonsensical to a Facebook user. Also likely to apply to |Mastodon users. | |Obviously we all copy and paste random stuff from the Web into our |config files because that works until it doesn't and we kept a backup.
I must admit i do not truly grasp your message. The op wants to be able to reject the one emails, and to block IPs of others which match something, if i understood this correctly. This i think can be done with a "policy server" or a milter, parsing logs is too late. I would say policy is much cheaper and easier than milter in terms of CPU cycles and usage. So.. i do not know, actually, whether there exists an "easily accessible proxy" already, like say one that readily prepares the KEY=VALUE pairs of the protocol to make them accessible for example to a shell script, (or a shell function, ie, one shell instance from start to stop; i-should-go-more-lua, btw), and then supports things like postfix itself, for example "REJECT" or "RUN-SCRIPT" .. or whatever. That would be cool. If so, it would be *cool* if that would become a postfix companion and part of it! (RUN-SCRIPT would then change user and group id etc, likely.) Right now i think the options of the Op are static sender_access, sender_restrict etc. tables for one, and log parsing on the other hand. (I personally *hate* that log parsing thing, but do it myself because of missing options. .. I do not use fail2ban, i have a very simple stateless awk script running via cron at times; funnily i am currently in rewriting these for more state support, including increasing log rotation size from 200 KiB to ~420 KiB, and having a short-term storage with IP / epochsecs of last log entry / visit count / "magic classification number". nawk gained mktime() yesterday, so now all awks do support it! I need more lua though. But no perl, no python (once mailman is gone) on the server, no super large memory usage, no tremendous stress via inotify -- i really hate i do need it, but busybox syslog did not accept my proposed patch many years ago, so that not; however, since sysklogd *did* and there is "notify" and things like "notify /root/bin/syslog-notify.sh" there, i will someday propose it again, and then i say bye-bye to inotify, be thrilled, and not so shy.) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) | | Only during dog days: | On the 81st anniversary of the Goebbel's Sportpalast speech | von der Leyen gave an overlong hypocritical inauguration one. | The brew's essence of our civilizing advancement seems o be: | Total war - shortest war -> Permanent war - everlasting war _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
