Re: proxy_smtpd_filter vs FILTER action

Thu, 30 Sep 2010 14:07:53 -0700 

 Le 30/09/2010 12:48, Christian Rößner a écrit :

Hi,

I have a problem that the smtpd_proxy_filter option has higher priority than a 
FILTER setting in an access table:




if you use a proxy filter, _all_ mail goes to the proxy filter.


Sep 30 12:33:04 mx0 postfix/smtpd[5250]: warning: access table 
cidr:/etc/postfix/maps/client_access.cidr: with smtpd_proxy_filter specified, 
action FILTER is unavailable

What I need is a mechanism to re-route a mail to a different policy-bank in 
amavis, if a MTA-client is found in a whitelist:


either
- forget about proxy filter and use after-the-queue filtering (with content_filter, FILTER and/or transports) 
- or implement the dispatching in your proxy filter.
- if your WL is IP based, put that in your firewall/NAT/routing config.


smtp       inet  n       -       -       -       1       postscreen
smtpd      pass  -       -       -       -       10      smtpd
     -o smtp_bind_address=127.0.0.1
     -o smtpd_proxy_filter=[127.0.0.1]:10024
     -o smtpd_client_connection_rate_limit=5
     -o smtpd_client_message_rate_limit=5
     -o smtpd_client_recipient_rate_limit=30
dnsblog   unix  -        -      -       -       0       dnsblog
...


In main.cf:

smtpd_recipient_restrictions =
     ...
     check_client_access cidr:/etc/postfix/maps/client_access.cidr,
     ...


/etc/postfix/maps/client_access.cidr:
# Whitelisting
193.239.107.22          FILTER lmtp-amavis:[::1]:10027


amavis:

$interface_policy{'10027'} = 'WHITELIST';
$policy_bank{'WHITELIST'} = {
   allow_disclaimers               =>  1,
   bypass_spam_checks_maps         =>  [1],                                  # 
I want to disable spam-checks for SWL and DWL
   terminate_dsn_on_notify_success =>  0,
};


This test here is a pre-prototype for thinking about coding a policy-service 
that respects swl.spamhaus.org and dwl.spamhaus.org. Yet I do not know how to 
_really_ whitelist candidates on these lists. So I took my friend Uwe's MTA for 
a first test of whitelisting.

Also the question for postscreen: Does it allow negative scoring of dnsbl? So I 
could use that lookup mechanism, too. At the moment I try to negative score 
whitelists in policyd-weight.

This all is not so easy for me right now :-)

Best regards
Christian


---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com

Reply via email to