On 12/6/2010 3:31 PM, John Adams wrote:
Hi
I host several domains on my mail system. The various domains all have
their own dedicated spamassassin blacklist. Because spamassassin's
blacklist implementation is not waterproof (if message size > spamc -s
$size, let mail pass unchecked), I want to run the blacklist via
smtpd_sender_restrictions check_sender_access. Because I must use
spamassassins blacklist_from syntax the sql query looks like this:
query = SELECT 'REJECT sender blacklisted' as action FROM sa_prefs
WHERE preference='blacklist_from' AND (value='%...@%d' OR value like
'%%%d')
This works in the global system context. Unfortunatley this does not
respect that a blacklist entry always belongs to a recipient domain
and therefore should not be valid for all recipient domains.
In http://www.postfix.org/mysql_table.5.html I could not find a hint
that would enable the sql query to utilize a parameter that would
reflect the recipient domain, like shown below:
It is not possible to check a sender and recipient in a single
restriction without using an external policy service.
You could do something like:
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, ..., check_recipient_access
hash:/path/to/reject_blacklist_by_recipient_domain
/path/to/reject_blacklist_by_recipient_domain:
domain1.tld check_sender_access mysql:/path/to/domain1_blacklist
domain2.tld check_sender_access mysql:/path/to/domain2_blacklist
This, of course, could be a SQL query as well if you have a long list of
domains, but each would require it's own mysql map.
query = SELECT 'REJECT sender blacklisted' as action FROM sa_prefs
WHERE preference='blacklist_from' AND (value='%...@%d' OR value like
'%%%d') AND recipientdomain='%r'
where %r would stand for the recipient's domain.
I hope I managed to write down understandably what I want. Would be
nice if any of you knew an answer.
Thanks
John
