On 8/14/2014 1:53 PM, [email protected] wrote: > > > Am 08.08.2014 um 18:16 schrieb Noel Jones: >> On 8/8/2014 11:06 AM, [email protected] wrote: >>> Am 08.08.2014 um 16:19 schrieb Noel Jones: >>>> On 8/8/2014 8:56 AM, [email protected] wrote: >>>>> Am 08.08.2014 um 13:18 schrieb Noel Jones: >>>>>> On 8/8/2014 4:58 AM, [email protected] wrote: >>>>>>> dreamed about like below but dreams don't always become true :-) >>>>>>> >>>>>>> smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket >>>>>>> permit_dnswl_client list.dnswl.org >>>>>>> check_sender_access >>>>>>> proxy:hash:/etc/postfix/disable-sender-contentfilter.cf >>>>>>> check_recipient_access >>>>>>> proxy:hash:/etc/postfix/disable-rcpt-contentfilter.cf >>>>>>> unix:/run/spamass-milter/spamass-milter.sock >>>>>> >>>>>> It is not possible for postfix to do conditional milters because >>>>>> postfix must connect to the milter at the beginning of the SMTP >>>>>> session, before any client/sender/recipient information is known. >>>>>> But some milters have their own settings per client/sender/recipient >>>>> >>>>> hmm - that would mean that even the cheap restrictions below >>>>> would not make a reject decision *before* the expensive >>>>> contentfilter and clamav are called? >>>>> >>>>> reject_non_fqdn_recipient >>>>> reject_non_fqdn_sender >>>>> reject_unknown_sender_domain >>>>> reject_unknown_recipient_domain >>>>> reject_unauth_destination >>>>> reject_invalid_hostname >>>>> >>>> Of course not. Envelope restrictions will drop the connection >>>> before DATA >>> >>> well, but the same way "permit_dnswl_client list.dnswl.org" could >>> happen before the milter/session and skip it for that smtp session >> >> Sorry, that's not possible > > is there at least a way to create tables of senders/sender-domains > to bypass milters - thinking of something like "from @sender-domain > to @inbound-domain" don't call any milter and maybe the same > for full qulaified sender/rcpt pairs > > that's currently brainstorming and consider what is possible > and how web-interfaces feeding cronjobs which generates > config files could be designed > > since this becomes a inbound-only machine with > "smtpd_relay_restrictions = reject" even OK > actions would not bring the danger of a open > relay and so maybe more options are possible >
Postfix sends all SMTP mail to the smtpd_milters, no exceptions. Changing that in postfix would require a major overhaul. And that's not even considering the milter end of the pipe. So not possible. For something that is possible and already exists, use a milter that has bypassing/whitelisting built into the milter. -- Noel Jones
