Re: postscreen request: pcre support

Wed, 15 Dec 2010 15:39:15 -0800 

On 12/01/2010 06:42 PM, Wietse Venema wrote:

jer...@intuxicated.org:


On Wed, 1 Dec 2010 10:41:22 -0500 (EST), Wietse Venema
<wie...@porcupine.org>  wrote:

Jeroen Koekkoek:

Hi,

I would like to request pcre table support in postscreen for some fields



e.g. client_name, helo_name, etc.

For example if client is not listed on any dnsbl, but the reverse
hostname matches /\.dsl\./, the client is greylisted.

Or if client is listed on a single dnsbl and contains something like
dialup, the connection is dropped.


This functionality already exists in smtpd. There is no need to duplicate
this in postscreen.

Postscreen's purpose is to keep zombies away so that you can keep
using the existing smtpd features.

It is not a scoring system that makes a decision at the end.
Instead, postscreen makes the decision as early as possible.

        Wietse


Not entirely, because I can't combine scores in smtpd. I would need a
policy service for that (correct me if i'm wrong). So if I wanted to do
this check I would need an smtpd + policy service and the policy service
would need to do the exact same lookups in order to get a combined score
and make a descision based on that.


Again. if something can already be done with smtpd plus milter or
policy plugin or content filter then I urge you to keep using that
already existing functionality.


I think it's a lot of overhead where one or two pcre checks would

suffice.>  >  If I create a patch, could this feature make its way
into postfix?>  >  Jeroen>  >

I don't take any code before I have seen a clear design of user
interface (how to use) and semantics (what it does).  That is,
write the manpage and we can talk about how it would work. But I
warn you, I will not take something that simply hard-codes PCRE
lookups plus counter into postscreen.

        Wietse



I've read through the postscreen code and got a general understanding of 
how it works internally. But judging from the documentation: is 
postscreen intended to ever do more than allowing/disallowing client 
connections? e.g. greylisting or specifying a follow-up service like 
postgrey?



If it's not: It would be nice if the dnsbl results could be passed to 
the follow-up smtpd process, so they in turn can be passed to a policy 
daemon. It would save cpu cycles, etc and it would make implementing a 
policy daemon that needs those results anyway a lot easier.



If it is: I'll write about how I think the configuration options, maps, 
etc should look.


 - Jeroen






















					Reply via email to