On 8/14/2014 1:53 PM, [email protected] wrote:
> 
> 
> Am 08.08.2014 um 18:16 schrieb Noel Jones:
>> On 8/8/2014 11:06 AM, [email protected] wrote:
>>> Am 08.08.2014 um 16:19 schrieb Noel Jones:
>>>> On 8/8/2014 8:56 AM, [email protected] wrote:
>>>>> Am 08.08.2014 um 13:18 schrieb Noel Jones:
>>>>>> On 8/8/2014 4:58 AM, [email protected] wrote:
>>>>>>> dreamed about like below but dreams don't always become true :-)
>>>>>>>
>>>>>>> smtpd_milters = unix:/run/clamav-milter/clamav-milter.socket
>>>>>>>  permit_dnswl_client list.dnswl.org
>>>>>>>  check_sender_access 
>>>>>>> proxy:hash:/etc/postfix/disable-sender-contentfilter.cf
>>>>>>>  check_recipient_access 
>>>>>>> proxy:hash:/etc/postfix/disable-rcpt-contentfilter.cf
>>>>>>>  unix:/run/spamass-milter/spamass-milter.sock
>>>>>>
>>>>>> It is not possible for postfix to do conditional milters because
>>>>>> postfix must connect to the milter at the beginning of the SMTP
>>>>>> session, before any client/sender/recipient information is known.
>>>>>> But some milters have their own settings per client/sender/recipient
>>>>>
>>>>> hmm - that would mean that even the cheap restrictions below
>>>>> would not make a reject decision *before* the expensive
>>>>> contentfilter and clamav are called?
>>>>>
>>>>>  reject_non_fqdn_recipient
>>>>>  reject_non_fqdn_sender
>>>>>  reject_unknown_sender_domain
>>>>>  reject_unknown_recipient_domain
>>>>>  reject_unauth_destination
>>>>>  reject_invalid_hostname
>>>>>
>>>> Of course not. Envelope restrictions will drop the connection
>>>> before DATA
>>>
>>> well, but the same way "permit_dnswl_client list.dnswl.org" could
>>> happen before the milter/session and skip it for that smtp session
>>
>> Sorry, that's not possible
> 
> is there at least a way to create tables of senders/sender-domains
> to bypass milters - thinking of something like "from @sender-domain
> to @inbound-domain" don't call any milter and maybe the same
> for full qulaified sender/rcpt pairs
> 
> that's currently brainstorming and consider what is possible
> and how web-interfaces feeding cronjobs which generates
> config files could be designed
> 
> since this becomes a inbound-only machine with
> "smtpd_relay_restrictions = reject" even OK
> actions would not bring the danger of a open
> relay and so maybe more options are possible
> 


Postfix sends all SMTP mail to the smtpd_milters, no exceptions.
Changing that in postfix would require a major overhaul. And that's
not even considering the milter end of the pipe. So not possible.

For something that is possible and already exists, use a milter that
has bypassing/whitelisting built into the milter.



  -- Noel Jones

Reply via email to