On 8/24/2012 11:10 PM, an...@isac.gov.in wrote: > > ----- Message from Noel Jones <njo...@megan.vbhcs.org> --------- > Date: Wed, 22 Aug 2012 06:31:10 -0500 > From: Noel Jones <njo...@megan.vbhcs.org> > Reply-To: postfix users <postfix-users@postfix.org> > Subject: Re: exceptions for smtpd_end_of_data_restrictions > To: postfix-users@postfix.org > > >> On 8/22/2012 2:14 AM, an...@isac.gov.in wrote: >>> Dear List, >>> >>> I have this in my main.cf >>> >>> smtpd_end_of_data_restrictions = >>> check_policy_service inet:127.0.0.1:9998 >>> >>> >>> This basically checks for mail size and allows/not allows a mail >>> based on contents of a file. >>> >>> Is there a way to say, not to use this policy service, based on some >>> headers of a mail? >>> >> >> >> You can skip the policy based on envelope information by using a >> check_*_access map before the policy check. You could also likely >> do this inside the policy server itself. >> >> You cannot skip it based on headers. >> >> >> >> -- Noel Jones > > > > Thanks for your inputs. You are all experts, please share some > ideas with me to solve my problem. I have described the requirement > in detail as below. > > Let me explain my current setup and my real requirement. > > I have a front end for accessing and sending mail (say server A). > All mails sent from this (server A) are directed to another server > (say server B) for virus/spam check using Amavisd. If the mails are > addressed to any internet domain other than ours, mails get > forwarded to Server C, else mails are delivered locally. > > A (Front End Mail) -> B (Virus/Spam scanner) -> C (for delivering to > Internet). > > At server B (for local delivery of mails) we have a size limit of 30 > MB. > > At Server C (for delivery to Internet ) we have a size limit of 30 > MB, but using policyd feature of Postfix (at > smtpd_end_of_data_restrictions), by default we are restricting to 2 > MB and based on the contents of a data file (which is manually > edited as and when required) which contains Sender address and > allowed size, mails get get delivered to outside domains having > higher size. > > Now, I have been asked to develop another front end at same level as > Server A (say server D), to enable users to send mails of large size > to Internet users, such that, once a mail is composed and submitted > for approval, Based on the content, I can approve or disapprove. > Once approved, it should go through Server B and finally server C to > get delivered to outside domains. > > My problem lies at Server C where I am running a policy for sending > outside mails. How does that mail be allowed without even looking > at policy (exception for policy). > > Please provide guidance or any other alternative strategy to achieve > the requirement. But, it is must that, mail should go through the > virus scan. > > Regards, > Anant. >
Have D submit mail to a dedicated amavisd port on B, which can then submit to a separate port on C with no policy. See amavisd docs about listening on multiple ports, policy banks, etc. For the postfix changes on C, the lazy solution is set up another smtpd listener in master.cf with empty smtpd_end_of_data_restrictions; the better full-featured solution is a separate postfix instance giving full control with separate queue, logging, and stats. -- Noel Jones
