Hi, tl;dr I am looking for a way to return from a custom restriction class back to the initial (built-in) restriction class from where I jumped into the custom restriction to proceed with the remaining checks.
In general, each incoming mail has to pass greylisting and policyd-weight checks in my setup. I don't want to slowdown _every_ incoming mail so I only want to apply greylisting to senders not listed in a DNSWL or based on a lookup table. Same goes for policyd-weight: There's no way to whitelist senders in policyd-weight [1] in case that I want to override blacklisting. I thought I could solve this using multiple smtpd_restriction_classes like the following example: > smtpd_client_restrictions = > ... > permit_mynetworks, > permit_sasl_authenticated, > check_client_access pcre:$config_directory/poldw_client_access_pcre, > check_client_access pcre:$config_directory/greylist_client_access_pcre > check_policy_service inet:127.0.0.1:10000 # Quota-Check > ... > > smtpd_restriction_classes = greylisting, poldwcheck > > greylisting = > permit_sasl_authenticated, > permit_mynetworks, > permit_dnswl_client list.dnswl.org, > check_policy_service unix:private/postgrey > > poldwcheck = > permit_sasl_authenticated, > permit_mynetworks, > check_client_access > btree:$config_directory/policyd_weight_client_whitelist > check_policy_service unix:private/postgrey Because I want to skip in my own restriction classes, "poldw_client_access_pcre" and "greylist_client_access_pcre" would contain a catch all like > /.*/ poldwcheck or > /.*/ greylisting My problem is that any PERMIT/OK in my custom restriction classes would also immediately end smtpd_client_restrictions causing quota check for example to be skipped. So senders I'd whitelisted for policyd-weight to override blacklisting would also skip greylisting and both senders would skip quota check for the recipient. My current workaround is to use built-in restriction classes to split tests, because a permit in smtpd_client_restrictions won't skip smtpd_recipient_restrictions, too but this does only allow one whitelist (i.e. currently I added a whitelist for policyd-weight because I have to accept mails from a sender listed in a blacklist I'd like to keep using but this will also bypass greylisting I want to keep). PS: Yes, that's not the best example because postgrey implements its own whitelisting so I wouldn't have to care... just changing check order and I am done. But it my setup I have more policy daemons I'd like to check based on various lookup tables. So please ignore that ;) [1] http://www.policyd-weight.org/faq.html#whitelisting Thanks! -- Regards, Igor
