Am 08.08.2014 um 18:16 schrieb Noel Jones: > On 8/8/2014 11:06 AM, li...@rhsoft.net wrote: >> Am 08.08.2014 um 16:19 schrieb Noel Jones: >>> On 8/8/2014 8:56 AM, li...@rhsoft.net wrote: >>>> Am 08.08.2014 um 13:18 schrieb Noel Jones: >>>>> On 8/8/2014 4:58 AM, li...@rhsoft.net wrote: >>>>>> dreamed about like below but dreams don't always become true :-) >>>>>> >>>>>> smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket >>>>>> permit_dnswl_client list.dnswl.org >>>>>> check_sender_access >>>>>> proxy:hash:/etc/postfix/disable-sender-contentfilter.cf >>>>>> check_recipient_access >>>>>> proxy:hash:/etc/postfix/disable-rcpt-contentfilter.cf >>>>>> unix:/run/spamass-milter/spamass-milter.sock >>>>> >>>>> It is not possible for postfix to do conditional milters because >>>>> postfix must connect to the milter at the beginning of the SMTP >>>>> session, before any client/sender/recipient information is known. >>>>> But some milters have their own settings per client/sender/recipient >>>> >>>> hmm - that would mean that even the cheap restrictions below >>>> would not make a reject decision *before* the expensive >>>> contentfilter and clamav are called? >>>> >>>> reject_non_fqdn_recipient >>>> reject_non_fqdn_sender >>>> reject_unknown_sender_domain >>>> reject_unknown_recipient_domain >>>> reject_unauth_destination >>>> reject_invalid_hostname >>>> >>> Of course not. Envelope restrictions will drop the connection >>> before DATA >> >> well, but the same way "permit_dnswl_client list.dnswl.org" could >> happen before the milter/session and skip it for that smtp session > > Sorry, that's not possible
is there at least a way to create tables of senders/sender-domains to bypass milters - thinking of something like "from @sender-domain to @inbound-domain" don't call any milter and maybe the same for full qulaified sender/rcpt pairs that's currently brainstorming and consider what is possible and how web-interfaces feeding cronjobs which generates config files could be designed since this becomes a inbound-only machine with "smtpd_relay_restrictions = reject" even OK actions would not bring the danger of a open relay and so maybe more options are possible
