Re: mysql based blacklist

Mon, 06 Dec 2010 13:52:33 -0800 

Le 06/12/2010 21:31, John Adams a écrit :

Hi

I host several domains on my mail system. The various domains all have
their own dedicated spamassassin blacklist. Because spamassassin's
blacklist implementation is not waterproof (if message size > spamc -s
$size, let mail pass unchecked), I want to run the blacklist via
smtpd_sender_restrictions check_sender_access. Because I must use
spamassassins blacklist_from syntax the sql query looks like this:

query = SELECT 'REJECT sender blacklisted' as action FROM sa_prefs WHERE
preference='blacklist_from' AND (value='%...@%d' OR value like '%%%d')

This works in the global system context. Unfortunatley this does not
respect that a blacklist entry always belongs to a recipient domain and
therefore should not be valid for all recipient domains.

In http://www.postfix.org/mysql_table.5.html I could not find a hint
that would enable the sql query to utilize a parameter that would
reflect the recipient domain, like shown below:

query = SELECT 'REJECT sender blacklisted' as action FROM sa_prefs WHERE
preference='blacklist_from' AND (value='%...@%d' OR value like '%%%d') AND
recipientdomain='%r'

where %r would stand for the recipient's domain.
you an't have a rule per send and per recipient in the genral case. that is, you can't implement: 
        if foo(sender) and bar(recipient)
if on the other hand you can define N policies, then you can decide that a recipient implies one policy (among the N policies) in which you can do what you want. for example 


smtpd_restriction_classes =
        policy1
        policy2
        ...


smtpd_something_restrictions =
        check_recipient_access hash:/etc/postfix/access_recipient


policy1 = check_sneder_access hash:/etc/postfix/access_sender_1
policy2 = check_sneder_access hash:/etc/postfix/access_sender_2
...

== access_recipient:
j...@example.com                policy1
j...@example.net                policy2
...
if you don't realise it, the limitation is that you need to define a predefined number of "policies".
if you want a more general config, then you need a policy service or a milter. 



I hope I managed to write down understandably what I want. Would be nice
if any of you knew an answer.

Thanks
John

Reply via email to