Viktor Dukhovni wrote:
On Mon, Mar 09, 2015 at 03:36:53AM +0000, Mick wrote:
Darn formatting! I can't read it myself. Grrrrr! Attached as a text file.
Hope attachments are allowed.
I would not deploy this policy script. It requires a new Perl
process for each request. That's a rather bad idea. It does not
treat the sender address in a case-insensitive manner.
I hadn't thought of that. If the mail server busy, a lot of processes
could end up running. You could limit the number of processes in
master.cf though couldn't you?
policy-sg unix - n n - 5 spawn
user=nobody argv=/etc/postfix/sasluser.p -v
I agree running a service would be better. That's way beyond my limited
knowledge though.
Policy-spf uses the spawn method. Is that bad too?
Good point about case insensitive and one I missed. That could easily be
rectified with $sender=lc($value); Same for sasl_username.
With 2.11 or later, use check_sasl_access.
With 2.10 use socketmap, and with 2.9 or less the tcp table to
implement smtpd_sender_login_maps. Whichever you use, make it
a persistent service not one process per lookup.
Out of interest, have you any links showing working examples? I doubt it
be as simple as creating a file, postmapping it to a db file and adding
check_sasl_access hash:/etc/postfix/sasl_checks
Mick.
