I'm moving some msg filtering prequeue
/master.cf
smtp inet n - n - 1 postscreen
ps-handoff pass - - n - - smtpd
-o syslog_name=postfix/in-from-ext
-o smtpd_proxy_filter=127.0.0.1:10001
-o smtpd_client_connection_count_limit=20
-o smtpd_proxy_timeout=300s
-o smtpd_proxy_options=speed_adjust
/main.cf
...
unverified_recipient_reject_code = 550
policyd-spf_time_limit = 3600
smtpd_relay_restrictions =
permit_mynetworks
reject_unauth_destination
reject_unverified_recipient
check_policy_service unix:private/policyd-spf
...
In this stage, I send msgs to a prequeue amavis policy bank
-o smtpd_proxy_filter=127.0.0.1:10001
to
verify DKIM
a/v scan
extension ban
and to a pypolicyd-spf milter
check_policy_service unix:private/policyd-spf
to check SPF
Looking at the flow diagrams
The Postfix before-queue content filter feature
http://www.postfix.org/SMTPD_PROXY_README.html
Configuring the Postfix SMTP pass-through proxy feature
http://www.postfix.org/SMTPD_PROXY_README.html#config
IIUC, the policyd-spf is prequeue here as well.
I understand from
http://www.postfix.org/MILTER_README.html#smtp-only-milters
that I can control _milter_ execution order, if, for example, I were to add a
dmarc policy, with the milter app applied in order specified in 'smtpd_milters='
Qs:
Can I similarly control the relative order of execution of the spf policy
milters and the prequeue amavis proxy filter?
Can the relative order be toggled _within_ this single "postfix/in-from-ext"
service? Or would one need to stage through separate services to control that
order?
