> Today I've come across a Sophos PureMesssage server that puts > "ignore_policy_error" as restriction option: > > smtpd_client_restrictions = > ignore_policy_error, > check_policy_service inet:localhost:4466 > > I've looked up the postconf man page, but couldn't find that option. Sophos > OTOH has been quoted by my customer that they don't run a patched Postfix. > > So what is it? Given all of Wietses efforts to create great documentation I > tend to believe Sophos does provide a patched Postfix.
Well, the naming gives a hint: Sophos patched Postfix to have some sort of "soft_fail the next restriction" to secure against "check_policy_service inet:localhost:4466" failing somehow. This is just speculation. But I wonder why they would do that: If the policy service FAILS, no mail goes through and the admins will have a look. With ignore_policy_error I would thing that Postfix will silently ignore the error and just deliver the mail. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
