On 12/13/2014 1:51 PM, li...@rhsoft.net wrote:
> 
> Am 12.12.2014 um 15:48 schrieb Noel Jones:
>> On 12/12/2014 8:24 AM, Isaac Grover wrote:
>>> Good morning,
>>>
>>> We have users on a domain who are convinced they are losing emails
>>> due to our spam filtering (postscreen, amavis, spamassassin). We
>>> have shown them logs of legitimate spam being filtered with no false
>>> positives, but they want to be exempt from all spam filtering.
>>>
>>> Is it possible to exempt their domain from postscreen filtering, so
>>> they receive every single email addressed to anyone in their
>>> organization, spam or not?
>>
>> Postscreen filtering happens when the client initially connects,
>> even before the hostname lookup. The only postscreen whitelisting
>> possible is by client IP. This is by design
> 
> true it is by deisgn
> 
> but not because postscreen don't know the RCPT/Sender
> 
> in enforcing mode it logs the complete envelope including HELO which
> is mandatory if you are responsible for others mailboxes because you
> need to be able answer question if a specific mail was blocked and why

Postscreen is not a proxy.  When postscreen logs the
helo/sender/recipient, it is because the decision to reject has
already been made, and a "stub" smtp server gathers that information
specifically for logging.

At the point in time when postscreen must decide to pass a client,
only the client IP is known.  Therefore, whitelisting can only be
done by client IP.

I suppose postscreen could be re-engineered to gather more
information before making a pass/fail decision, but then we would
need to call it postproxy, which seems like an awkward name.  More
importantly, that would violate the "lightweight, high volume, low
latency" design goals.



  -- Noel Jones

Reply via email to