On 2009-09-15 Steve Fatula wrote: >> Why? What problem are you trying to solve. >> if you inist, force it to go to smtpd by using a content_filter in >> the pickup service in master.cf. > > The problem to be solved is that various filters we use, spamassassin, > dcc, etc., use the receive from header in order to use whitelists and > such concepts. We can't whitelist based on from, etc. since those can > be forged. So, we desire to whitelist based on sending mx.
Your concept is b0rken. Received headers can be forged just as well as any other header. If you want to whitelist by sending MTA, why don't you just whitelist those MTAs via a check_sender_access or check_client_access restriction? > Sending MX is not available as postfix does not add the header. Mail > frro can be hundreds of domains that are local. > > Those processes are running, by necessity in our case, at delivery > time via procmail, so, the mail is already processed by postfix. I fail to see why anyone would want to do this kind of check in the backend when it can be done most easily in the frontend. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
