On Nov 24, 2009, at 12:39 PM, Jordi Espasa Clofent <jespa...@minibofh.org
> wrote:
That is easy.
Have your users connect to the submission port, and let everyone
else connnect to the smtp port. Then, specify "=o
content_filter=whatever"
for the smtp port and not for the submission port.
Yes Wietse, I've considered this simple and clean option, but we're
a hosting company and the costumers are to lazy to understand and
accept an approach like this.
If you are taking in all mail on port 25 then you are making mail
handling more complicated than it needs to be.
I agree... but ¿is there no more alternatives?
An untested idea: try not specfying a content_filter anywhere in
main.cf or master.cf. Then place a policy service (like postfwd) that
checks whether clients connecting on port 25 authenticate (determined
by whether Postfix passes a non-empty sasl_* attribute to the policy
service). Make the policy service respond with a suitable FILTER
action only for clients that do NOT authenticate.
