On 12/13/2014 1:51 PM, li...@rhsoft.net wrote: > > Am 12.12.2014 um 15:48 schrieb Noel Jones: >> On 12/12/2014 8:24 AM, Isaac Grover wrote: >>> Good morning, >>> >>> We have users on a domain who are convinced they are losing emails >>> due to our spam filtering (postscreen, amavis, spamassassin). We >>> have shown them logs of legitimate spam being filtered with no false >>> positives, but they want to be exempt from all spam filtering. >>> >>> Is it possible to exempt their domain from postscreen filtering, so >>> they receive every single email addressed to anyone in their >>> organization, spam or not? >> >> Postscreen filtering happens when the client initially connects, >> even before the hostname lookup. The only postscreen whitelisting >> possible is by client IP. This is by design > > true it is by deisgn > > but not because postscreen don't know the RCPT/Sender > > in enforcing mode it logs the complete envelope including HELO which > is mandatory if you are responsible for others mailboxes because you > need to be able answer question if a specific mail was blocked and why
Postscreen is not a proxy. When postscreen logs the helo/sender/recipient, it is because the decision to reject has already been made, and a "stub" smtp server gathers that information specifically for logging. At the point in time when postscreen must decide to pass a client, only the client IP is known. Therefore, whitelisting can only be done by client IP. I suppose postscreen could be re-engineered to gather more information before making a pass/fail decision, but then we would need to call it postproxy, which seems like an awkward name. More importantly, that would violate the "lightweight, high volume, low latency" design goals. -- Noel Jones
