I have clients relaying email through a set of servers but I wanted to put a hold in there based on specific circumstances (such as they are sending too much data, so lets hold and inspect). I have a hash file (/etc/postfix/maps/hold) that is dynamically updated from a central server. So when the need calls, an entry domain.tld HOLD is added to the file and postmap'ed).
So, where do I need to put the hash file in the overall scheme of things in order to get it to hold after they have authed into the system? I was thinking of setting up an alternate port on localhost that basically has this: smtpd_client_restrictions=hash:/etc/postfix/maps/hold,allow smtpd_recipient_restrictions=hash:/etc/postfix/maps/hold,allow relay_host= and then have the default relay_host be localhost:alternateport Does that make sense? Is there a better way to do this? our existing config (outbound only email server): postconf -n: alias_maps = hash:/etc/postfix/custom/aliases biff = no broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 delay_warning_time = 1h disable_dns_lookups = no disable_mime_output_conversion = no html_directory = /usr/share/doc/packages/postfix-doc/html inet_protocols = all mail_owner = postfix mail_spool_directory = /var/mail mailbox_size_limit = 0 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_exceptions = root message_strip_characters = \0 myhostname = mynetworks = /etc/postfix/custom/mynetworks newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES relay_domains = $mydestination, hash:/etc/postfix/relay sample_directory = /usr/share/doc/packages/postfix-doc/samples sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,reject smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_tls_cert_file = smtpd_tls_key_file = smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes strict_8bitmime = no tls_random_source = dev:/dev/urandom transport_maps = hash:/etc/postfix/maps/rate_limit_transport,hash:/etc/postfix/maps/transport unknown_local_recipient_reject_code = 550
